| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 #include "cert.h" | 4 #include "cert.h" |
| 5 #include "secitem.h" | 5 #include "secitem.h" |
| 6 #include "ssl.h" | 6 #include "ssl.h" |
| 7 #include "sslimpl.h" | 7 #include "sslimpl.h" |
| 8 #include "sslproto.h" | 8 #include "sslproto.h" |
| 9 #include "pk11func.h" | 9 #include "pk11func.h" |
| 10 #include "ocsp.h" | 10 #include "ocsp.h" |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 93 | 93 |
| 94 | 94 |
| 95 /* NEED LOCKS IN HERE. */ | 95 /* NEED LOCKS IN HERE. */ |
| 96 SECStatus | 96 SECStatus |
| 97 SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, | 97 SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, |
| 98 char **ip, char **sp) | 98 char **ip, char **sp) |
| 99 { | 99 { |
| 100 sslSocket *ss; | 100 sslSocket *ss; |
| 101 const char *cipherName; | 101 const char *cipherName; |
| 102 PRBool isDes = PR_FALSE; | 102 PRBool isDes = PR_FALSE; |
| 103 PRBool enoughFirstHsDone = PR_FALSE; | |
| 104 | 103 |
| 105 ss = ssl_FindSocket(fd); | 104 ss = ssl_FindSocket(fd); |
| 106 if (!ss) { | 105 if (!ss) { |
| 107 SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus", | 106 SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus", |
| 108 SSL_GETPID(), fd)); | 107 SSL_GETPID(), fd)); |
| 109 return SECFailure; | 108 return SECFailure; |
| 110 } | 109 } |
| 111 | 110 |
| 112 if (cp) *cp = 0; | 111 if (cp) *cp = 0; |
| 113 if (kp0) *kp0 = 0; | 112 if (kp0) *kp0 = 0; |
| 114 if (kp1) *kp1 = 0; | 113 if (kp1) *kp1 = 0; |
| 115 if (ip) *ip = 0; | 114 if (ip) *ip = 0; |
| 116 if (sp) *sp = 0; | 115 if (sp) *sp = 0; |
| 117 if (op) { | 116 if (op) { |
| 118 *op = SSL_SECURITY_STATUS_OFF; | 117 *op = SSL_SECURITY_STATUS_OFF; |
| 119 } | 118 } |
| 120 | 119 |
| 121 if (ss->firstHsDone) { | 120 if (ss->opt.useSecurity && ss->enoughFirstHsDone) { |
| 122 » enoughFirstHsDone = PR_TRUE; | |
| 123 } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 && | |
| 124 » ssl3_CanFalseStart(ss)) { | |
| 125 » enoughFirstHsDone = PR_TRUE; | |
| 126 } | |
| 127 | |
| 128 if (ss->opt.useSecurity && enoughFirstHsDone) { | |
| 129 if (ss->version < SSL_LIBRARY_VERSION_3_0) { | 121 if (ss->version < SSL_LIBRARY_VERSION_3_0) { |
| 130 cipherName = ssl_cipherName[ss->sec.cipherType]; | 122 cipherName = ssl_cipherName[ss->sec.cipherType]; |
| 131 } else { | 123 } else { |
| 132 cipherName = ssl3_cipherName[ss->sec.cipherType]; | 124 cipherName = ssl3_cipherName[ss->sec.cipherType]; |
| 133 } | 125 } |
| 134 PORT_Assert(cipherName); | 126 PORT_Assert(cipherName); |
| 135 if (cipherName) { | 127 if (cipherName) { |
| 136 if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE; | 128 if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE; |
| 137 | 129 |
| 138 if (cp) { | 130 if (cp) { |
| (...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 328 hostname = ss->url; | 320 hostname = ss->url; |
| 329 if (hostname && hostname[0]) | 321 if (hostname && hostname[0]) |
| 330 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname); | 322 rv = CERT_VerifyCertName(ss->sec.peerCert, hostname); |
| 331 else | 323 else |
| 332 rv = SECFailure; | 324 rv = SECFailure; |
| 333 if (rv != SECSuccess) | 325 if (rv != SECSuccess) |
| 334 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); | 326 PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); |
| 335 | 327 |
| 336 return rv; | 328 return rv; |
| 337 } | 329 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23621040:
Make SSL False Start work with asynchronous certificate validation (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/