| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 1160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1171 | 1171 |
| 1172 int SSLClientSocketImpl::DoHandshakeComplete(int result) { | 1172 int SSLClientSocketImpl::DoHandshakeComplete(int result) { |
| 1173 if (result < 0) | 1173 if (result < 0) |
| 1174 return result; | 1174 return result; |
| 1175 | 1175 |
| 1176 if (ssl_config_.version_fallback && | 1176 if (ssl_config_.version_fallback && |
| 1177 ssl_config_.version_max < ssl_config_.version_fallback_min) { | 1177 ssl_config_.version_max < ssl_config_.version_fallback_min) { |
| 1178 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; | 1178 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; |
| 1179 } | 1179 } |
| 1180 | 1180 |
| 1181 // DHE is offered on the deprecated cipher fallback and then rejected |
| 1182 // afterwards. This is to aid in diagnosing connection failures because a |
| 1183 // server requires DHE ciphers. |
| 1184 // |
| 1185 // TODO(davidben): A few releases after DHE's removal, remove this logic. |
| 1186 if (!ssl_config_.dhe_enabled && |
| 1187 SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_))) { |
| 1188 return ERR_SSL_OBSOLETE_CIPHER; |
| 1189 } |
| 1190 |
| 1181 // Check that if token binding was negotiated, then extended master secret | 1191 // Check that if token binding was negotiated, then extended master secret |
| 1182 // must also be negotiated. | 1192 // must also be negotiated. |
| 1183 if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_)) | 1193 if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_)) |
| 1184 return ERR_SSL_PROTOCOL_ERROR; | 1194 return ERR_SSL_PROTOCOL_ERROR; |
| 1185 | 1195 |
| 1186 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. | 1196 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. |
| 1187 if (npn_status_ == kNextProtoUnsupported) { | 1197 if (npn_status_ == kNextProtoUnsupported) { |
| 1188 const uint8_t* alpn_proto = NULL; | 1198 const uint8_t* alpn_proto = NULL; |
| 1189 unsigned alpn_len = 0; | 1199 unsigned alpn_len = 0; |
| 1190 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); | 1200 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); |
| (...skipping 1119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2310 if (rv != OK) { | 2320 if (rv != OK) { |
| 2311 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2321 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 2312 return; | 2322 return; |
| 2313 } | 2323 } |
| 2314 | 2324 |
| 2315 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2325 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
| 2316 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2326 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
| 2317 } | 2327 } |
| 2318 | 2328 |
| 2319 } // namespace net | 2329 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2056343006:
Remove DHE. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master