Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(146)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 23621040: Make SSL False Start work with asynchronous certificate validation (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Update the patch file Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/ssl/ssl_config_service.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 3119 matching lines...) Expand 10 before | Expand all | Expand 10 after
3130 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); 3130 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
3131 } 3131 }
3132 3132
3133 // Support RFC 5077 3133 // Support RFC 5077
3134 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); 3134 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
3135 if (rv != SECSuccess) { 3135 if (rv != SECSuccess) {
3136 LogFailedNSSFunction( 3136 LogFailedNSSFunction(
3137 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); 3137 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
3138 } 3138 }
3139 3139
3140 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, PR_FALSE); 3140 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
3141 ssl_config_.false_start_enabled);
3141 if (rv != SECSuccess) 3142 if (rv != SECSuccess)
3142 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); 3143 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
3143 3144
3144 // We allow servers to request renegotiation. Since we're a client, 3145 // We allow servers to request renegotiation. Since we're a client,
3145 // prohibiting this is rather a waste of time. Only servers are in a 3146 // prohibiting this is rather a waste of time. Only servers are in a
3146 // position to prevent renegotiation attacks. 3147 // position to prevent renegotiation attacks.
3147 // http://extendedsubset.com/?p=8 3148 // http://extendedsubset.com/?p=8
3148 3149
3149 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, 3150 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION,
3150 SSL_RENEGOTIATE_TRANSITIONAL); 3151 SSL_RENEGOTIATE_TRANSITIONAL);
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after
3490 EnsureThreadIdAssigned(); 3491 EnsureThreadIdAssigned();
3491 base::AutoLock auto_lock(lock_); 3492 base::AutoLock auto_lock(lock_);
3492 return valid_thread_id_ == base::PlatformThread::CurrentId(); 3493 return valid_thread_id_ == base::PlatformThread::CurrentId();
3493 } 3494 }
3494 3495
3495 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { 3496 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
3496 return server_bound_cert_service_; 3497 return server_bound_cert_service_;
3497 } 3498 }
3498 3499
3499 } // namespace net 3500 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/ssl/ssl_config_service.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698