Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_impl.cc

Issue 2734373002: Roll src/third_party/boringssl/src d6c22ee93..d04ca9535 (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « DEPS ('k') | testing/variations/fieldtrial_testing_config.json » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_impl.h" 5 #include "net/socket/ssl_client_socket_impl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
(...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after
227 // TODO(davidben): Remove this after the ECDSA CBC removal sticks. 227 // TODO(davidben): Remove this after the ECDSA CBC removal sticks.
228 // https:/crbug.com/666191. 228 // https:/crbug.com/666191.
229 const base::Feature kLegacyECDSACiphersFeature{ 229 const base::Feature kLegacyECDSACiphersFeature{
230 "SSLLegacyECDSACiphers", base::FEATURE_DISABLED_BY_DEFAULT}; 230 "SSLLegacyECDSACiphers", base::FEATURE_DISABLED_BY_DEFAULT};
231 231
232 bool AreLegacyECDSACiphersEnabled() { 232 bool AreLegacyECDSACiphersEnabled() {
233 return base::FeatureList::IsEnabled(kLegacyECDSACiphersFeature); 233 return base::FeatureList::IsEnabled(kLegacyECDSACiphersFeature);
234 } 234 }
235 #endif 235 #endif
236 236
237 const base::Feature kShortRecordHeaderFeature{
238 "SSLShortRecordHeader", base::FEATURE_DISABLED_BY_DEFAULT};
239
240 scoped_refptr<X509Certificate> OSChainFromOpenSSL(STACK_OF(X509) * 237 scoped_refptr<X509Certificate> OSChainFromOpenSSL(STACK_OF(X509) *
241 openssl_chain) { 238 openssl_chain) {
242 if (sk_X509_num(openssl_chain) == 0) { 239 if (sk_X509_num(openssl_chain) == 0) {
243 NOTREACHED(); 240 NOTREACHED();
244 return nullptr; 241 return nullptr;
245 } 242 }
246 243
247 #if defined(USE_OPENSSL_CERTS) 244 #if defined(USE_OPENSSL_CERTS)
248 // When OSCertHandle is typedef'ed to X509, this implementation does a short 245 // When OSCertHandle is typedef'ed to X509, this implementation does a short
249 // cut to avoid converting back and forth between DER and the X509 struct. 246 // cut to avoid converting back and forth between DER and the X509 struct.
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
325 SSL_CTX_set_session_cache_mode( 322 SSL_CTX_set_session_cache_mode(
326 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); 323 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
327 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); 324 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback);
328 SSL_CTX_set_timeout(ssl_ctx_.get(), 1 * 60 * 60 /* one hour */); 325 SSL_CTX_set_timeout(ssl_ctx_.get(), 1 * 60 * 60 /* one hour */);
329 326
330 SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1); 327 SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1);
331 328
332 // Deduplicate all certificates minted from the SSL_CTX in memory. 329 // Deduplicate all certificates minted from the SSL_CTX in memory.
333 SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool()); 330 SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool());
334 331
335 if (base::FeatureList::IsEnabled(kShortRecordHeaderFeature)) {
336 SSL_CTX_set_short_header_enabled(ssl_ctx_.get(), 1);
337 }
338
339 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, 332 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum,
340 &TokenBindingAddCallback, 333 &TokenBindingAddCallback,
341 &TokenBindingFreeCallback, nullptr, 334 &TokenBindingFreeCallback, nullptr,
342 &TokenBindingParseCallback, nullptr)) { 335 &TokenBindingParseCallback, nullptr)) {
343 NOTREACHED(); 336 NOTREACHED();
344 } 337 }
345 } 338 }
346 339
347 static int TokenBindingAddCallback(SSL* ssl, 340 static int TokenBindingAddCallback(SSL* ssl,
348 unsigned int extension_value, 341 unsigned int extension_value,
(...skipping 1639 matching lines...) Expand 10 before | Expand all | Expand 10 after
1988 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && 1981 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED &&
1989 !certificate_requested_) { 1982 !certificate_requested_) {
1990 net_error = ERR_SSL_PROTOCOL_ERROR; 1983 net_error = ERR_SSL_PROTOCOL_ERROR;
1991 } 1984 }
1992 } 1985 }
1993 1986
1994 return net_error; 1987 return net_error;
1995 } 1988 }
1996 1989
1997 } // namespace net 1990 } // namespace net
OLDNEW
« no previous file with comments | « DEPS ('k') | testing/variations/fieldtrial_testing_config.json » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698