Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3940)

Unified Diff: net/socket/ssl_server_socket_impl.cc

Issue 2728823002: Remove redundant 3-SHAKE mitigation. (Closed)
Patch Set: typo Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/socket/ssl_server_socket_impl.cc
diff --git a/net/socket/ssl_server_socket_impl.cc b/net/socket/ssl_server_socket_impl.cc
index 4337aa10531f4f5c93703af693f7810b47f1283c..9b3cfd303d1a48e407e7ba8565d706b7f87189bc 100644
--- a/net/socket/ssl_server_socket_impl.cc
+++ b/net/socket/ssl_server_socket_impl.cc
@@ -504,12 +504,13 @@ int SSLServerSocketImpl::DoHandshake() {
OpenSSLErrorInfo error_info;
net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info);
- // This hack is necessary because the mapping of SSL error codes to
- // net_errors assumes (correctly for client sockets, but erroneously for
- // server sockets) that peer cert verification failure can only occur if
- // the cert changed during a renego. crbug.com/570351
- if (net_error == ERR_SSL_SERVER_CERT_CHANGED)
+ // SSL_R_CERTIFICATE_VERIFY_FAILED's mapping is different between client and
+ // server.
+ if (ERR_GET_LIB(error_info.error_code) == ERR_LIB_SSL &&
+ ERR_GET_REASON(error_info.error_code) ==
+ SSL_R_CERTIFICATE_VERIFY_FAILED) {
net_error = ERR_BAD_SSL_CLIENT_AUTH_CERT;
+ }
// If not done, stay in this state
if (net_error == ERR_IO_PENDING) {

Powered by Google App Engine
This is Rietveld 408576698