| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 1158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1169 | 1169 |
| 1170 int SSLClientSocketImpl::DoHandshakeComplete(int result) { | 1170 int SSLClientSocketImpl::DoHandshakeComplete(int result) { |
| 1171 if (result < 0) | 1171 if (result < 0) |
| 1172 return result; | 1172 return result; |
| 1173 | 1173 |
| 1174 if (ssl_config_.version_fallback && | 1174 if (ssl_config_.version_fallback && |
| 1175 ssl_config_.version_max < ssl_config_.version_fallback_min) { | 1175 ssl_config_.version_max < ssl_config_.version_fallback_min) { |
| 1176 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; | 1176 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; |
| 1177 } | 1177 } |
| 1178 | 1178 |
| 1179 // DHE is offered on the deprecated cipher fallback and then rejected |
| 1180 // afterwards. This is to aid in diagnosing connection failures because a |
| 1181 // server requires DHE ciphers. |
| 1182 // |
| 1183 // TODO(davidben): A few releases after DHE's removal, remove this logic. |
| 1184 if (!ssl_config_.dhe_enabled && |
| 1185 SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_))) { |
| 1186 return ERR_SSL_OBSOLETE_CIPHER; |
| 1187 } |
| 1188 |
| 1179 // Check that if token binding was negotiated, then extended master secret | 1189 // Check that if token binding was negotiated, then extended master secret |
| 1180 // must also be negotiated. | 1190 // must also be negotiated. |
| 1181 if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_)) | 1191 if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_)) |
| 1182 return ERR_SSL_PROTOCOL_ERROR; | 1192 return ERR_SSL_PROTOCOL_ERROR; |
| 1183 | 1193 |
| 1184 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. | 1194 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. |
| 1185 if (npn_status_ == kNextProtoUnsupported) { | 1195 if (npn_status_ == kNextProtoUnsupported) { |
| 1186 const uint8_t* alpn_proto = NULL; | 1196 const uint8_t* alpn_proto = NULL; |
| 1187 unsigned alpn_len = 0; | 1197 unsigned alpn_len = 0; |
| 1188 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); | 1198 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); |
| (...skipping 1124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2313 if (rv != OK) { | 2323 if (rv != OK) { |
| 2314 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2324 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 2315 return; | 2325 return; |
| 2316 } | 2326 } |
| 2317 | 2327 |
| 2318 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2328 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
| 2319 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2329 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
| 2320 } | 2330 } |
| 2321 | 2331 |
| 2322 } // namespace net | 2332 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2056343006:
Remove DHE. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master