OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 3119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3130 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | 3130 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); |
3131 } | 3131 } |
3132 | 3132 |
3133 // Support RFC 5077 | 3133 // Support RFC 5077 |
3134 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); | 3134 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); |
3135 if (rv != SECSuccess) { | 3135 if (rv != SECSuccess) { |
3136 LogFailedNSSFunction( | 3136 LogFailedNSSFunction( |
3137 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); | 3137 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); |
3138 } | 3138 } |
3139 | 3139 |
3140 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, PR_FALSE); | 3140 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, |
| 3141 ssl_config_.false_start_enabled); |
3141 if (rv != SECSuccess) | 3142 if (rv != SECSuccess) |
3142 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); | 3143 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); |
3143 | 3144 |
3144 // We allow servers to request renegotiation. Since we're a client, | 3145 // We allow servers to request renegotiation. Since we're a client, |
3145 // prohibiting this is rather a waste of time. Only servers are in a | 3146 // prohibiting this is rather a waste of time. Only servers are in a |
3146 // position to prevent renegotiation attacks. | 3147 // position to prevent renegotiation attacks. |
3147 // http://extendedsubset.com/?p=8 | 3148 // http://extendedsubset.com/?p=8 |
3148 | 3149 |
3149 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, | 3150 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, |
3150 SSL_RENEGOTIATE_TRANSITIONAL); | 3151 SSL_RENEGOTIATE_TRANSITIONAL); |
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3490 EnsureThreadIdAssigned(); | 3491 EnsureThreadIdAssigned(); |
3491 base::AutoLock auto_lock(lock_); | 3492 base::AutoLock auto_lock(lock_); |
3492 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3493 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
3493 } | 3494 } |
3494 | 3495 |
3495 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3496 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
3496 return server_bound_cert_service_; | 3497 return server_bound_cert_service_; |
3497 } | 3498 } |
3498 | 3499 |
3499 } // namespace net | 3500 } // namespace net |
OLD | NEW |