Update Token Binding code to draft 06

net/socket/ssl_client_socket_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_impl.h"
 
 #include <errno.h>
 #include <openssl/bio.h>
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
@@ skipping 62 matching lines @@
 const char kDefaultSupportedNPNProtocol[] = "http/1.1";
 
 // Default size of the internal BoringSSL buffers.
 const int KDefaultOpenSSLBufferSize = 17 * 1024;
 
 // TLS extension number use for Token Binding.
 const unsigned int kTbExtNum = 24;
 
 // Token Binding ProtocolVersions supported.
 const uint8_t kTbProtocolVersionMajor = 0;
-const uint8_t kTbProtocolVersionMinor = 5;
+const uint8_t kTbProtocolVersionMinor = 6;
 const uint8_t kTbMinProtocolVersionMajor = 0;
-const uint8_t kTbMinProtocolVersionMinor = 3;
+const uint8_t kTbMinProtocolVersionMinor = 6;

[davidben, 2016/06/27 23:39:14]

[I am assuming the signature format is the only change.]

[nharper, 2016/06/27 23:58:30]

None of the technical details changed, but the signature format was clarified
and what we had was wrong.

 
 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {
   switch (EVP_MD_type(md)) {
     case NID_md5_sha1:
       *hash = SSLPrivateKey::Hash::MD5_SHA1;
       return true;
     case NID_sha1:
       *hash = SSLPrivateKey::Hash::SHA1;
       return true;
     case NID_sha256:
@@ skipping 2194 matching lines @@
   if (rv != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     return;
   }
 
   net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT,
                     base::Bind(&NetLogSSLInfoCallback, base::Unretained(this)));
 }
 
 }  // namespace net