Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(330)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 20799005: Also allow ALPN to enable TLS False Start. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 1263 matching lines...) Expand 10 before | Expand all | Expand 10 after
1274 PRFileDesc* socket, 1274 PRFileDesc* socket,
1275 PRBool checksig, 1275 PRBool checksig,
1276 PRBool is_server) { 1276 PRBool is_server) {
1277 #ifdef SSL_ENABLE_FALSE_START 1277 #ifdef SSL_ENABLE_FALSE_START
1278 Core* core = reinterpret_cast<Core*>(arg); 1278 Core* core = reinterpret_cast<Core*>(arg);
1279 if (!core->handshake_callback_called_) { 1279 if (!core->handshake_callback_called_) {
1280 // Only need to turn off False Start in the initial handshake. Also, it is 1280 // Only need to turn off False Start in the initial handshake. Also, it is
1281 // unsafe to call SSL_OptionSet in a renegotiation because the "first 1281 // unsafe to call SSL_OptionSet in a renegotiation because the "first
1282 // handshake" lock isn't already held, which will result in an assertion 1282 // handshake" lock isn't already held, which will result in an assertion
1283 // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet. 1283 // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet.
1284 PRBool npn; 1284 PRBool negotiated_extension;
1285 SECStatus rv = SSL_HandshakeNegotiatedExtension(socket, 1285 SECStatus rv = SSL_HandshakeNegotiatedExtension(socket,
1286 ssl_next_proto_nego_xtn, 1286 ssl_next_proto_nego_xtn,
1287 &npn); 1287 &negotiated_extension);
1288 if (rv != SECSuccess || !npn) { 1288 if (rv != SECSuccess || !negotiated_extension) {
1289 // If the server doesn't support NPN, then we don't do False Start with 1289 rv = SSL_HandshakeNegotiatedExtension(socket,
1290 // it. 1290 ssl_application_layer_protocol,
1291 &negotiated_extension);
1292 }
1293 if (rv != SECSuccess || !negotiated_extension) {
1294 // If the server doesn't support NPN or ALPN, then we don't do False
1295 // Start with it.
1291 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); 1296 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE);
1292 } 1297 }
1293 } 1298 }
1294 #endif 1299 #endif
1295 1300
1296 // Tell NSS to not verify the certificate. 1301 // Tell NSS to not verify the certificate.
1297 return SECSuccess; 1302 return SECSuccess;
1298 } 1303 }
1299 1304
1300 #if defined(NSS_PLATFORM_CLIENT_AUTH) 1305 #if defined(NSS_PLATFORM_CLIENT_AUTH)
(...skipping 2231 matching lines...) Expand 10 before | Expand all | Expand 10 after
3532 EnsureThreadIdAssigned(); 3537 EnsureThreadIdAssigned();
3533 base::AutoLock auto_lock(lock_); 3538 base::AutoLock auto_lock(lock_);
3534 return valid_thread_id_ == base::PlatformThread::CurrentId(); 3539 return valid_thread_id_ == base::PlatformThread::CurrentId();
3535 } 3540 }
3536 3541
3537 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { 3542 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
3538 return server_bound_cert_service_; 3543 return server_bound_cert_service_;
3539 } 3544 }
3540 3545
3541 } // namespace net 3546 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698