Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(165)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_impl.cc

Issue 2800853008: Add a dedicated error code for TLS 1.3 interference. (Closed)
Patch Set: mpearson comment Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/log/net_log_event_type_list.h ('k') | net/socket/ssl_client_socket_pool.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_impl.h" 5 #include "net/socket/ssl_client_socket_impl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
(...skipping 1040 matching lines...) Expand 10 before | Expand all | Expand 10 after
1051 } 1051 }
1052 1052
1053 next_handshake_state_ = STATE_HANDSHAKE_COMPLETE; 1053 next_handshake_state_ = STATE_HANDSHAKE_COMPLETE;
1054 return net_error; 1054 return net_error;
1055 } 1055 }
1056 1056
1057 int SSLClientSocketImpl::DoHandshakeComplete(int result) { 1057 int SSLClientSocketImpl::DoHandshakeComplete(int result) {
1058 if (result < 0) 1058 if (result < 0)
1059 return result; 1059 return result;
1060 1060
1061 if (ssl_config_.version_interference_probe) {
1062 DCHECK_LT(ssl_config_.version_max, TLS1_3_VERSION);
1063 return ERR_SSL_VERSION_INTERFERENCE;
1064 }
1065
1061 SSLContext::GetInstance()->session_cache()->ResetLookupCount( 1066 SSLContext::GetInstance()->session_cache()->ResetLookupCount(
1062 GetSessionCacheKey()); 1067 GetSessionCacheKey());
1063 // Check that if token binding was negotiated, then extended master secret 1068 // Check that if token binding was negotiated, then extended master secret
1064 // and renegotiation indication must also be negotiated. 1069 // and renegotiation indication must also be negotiated.
1065 if (tb_was_negotiated_ && 1070 if (tb_was_negotiated_ &&
1066 !(SSL_get_extms_support(ssl_.get()) && 1071 !(SSL_get_extms_support(ssl_.get()) &&
1067 SSL_get_secure_renegotiation_support(ssl_.get()))) { 1072 SSL_get_secure_renegotiation_support(ssl_.get()))) {
1068 return ERR_SSL_PROTOCOL_ERROR; 1073 return ERR_SSL_PROTOCOL_ERROR;
1069 } 1074 }
1070 1075
(...skipping 599 matching lines...) Expand 10 before | Expand all | Expand 10 after
1670 MaybeCacheSession(); 1675 MaybeCacheSession();
1671 return 1; 1676 return 1;
1672 } 1677 }
1673 1678
1674 void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { 1679 void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const {
1675 ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); 1680 ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_);
1676 } 1681 }
1677 1682
1678 std::string SSLClientSocketImpl::GetSessionCacheKey() const { 1683 std::string SSLClientSocketImpl::GetSessionCacheKey() const {
1679 std::string result = host_and_port_.ToString(); 1684 std::string result = host_and_port_.ToString();
1680 result.append("/"); 1685 result.push_back('/');
1681 result.append(ssl_session_cache_shard_); 1686 result.append(ssl_session_cache_shard_);
1682 1687
1683 result.append("/"); 1688 result.push_back('/');
1684 if (ssl_config_.deprecated_cipher_suites_enabled) 1689 result.push_back(ssl_config_.deprecated_cipher_suites_enabled ? '1' : '0');
1685 result.append("deprecated"); 1690 result.push_back(ssl_config_.channel_id_enabled ? '1' : '0');
1686 1691 result.push_back(ssl_config_.version_interference_probe ? '1' : '0');
1687 result.append("/");
1688 if (ssl_config_.channel_id_enabled)
1689 result.append("channelid");
1690
1691 return result; 1692 return result;
1692 } 1693 }
1693 1694
1694 bool SSLClientSocketImpl::IsRenegotiationAllowed() const { 1695 bool SSLClientSocketImpl::IsRenegotiationAllowed() const {
1695 if (tb_was_negotiated_) 1696 if (tb_was_negotiated_)
1696 return false; 1697 return false;
1697 1698
1698 if (negotiated_protocol_ == kProtoUnknown) 1699 if (negotiated_protocol_ == kProtoUnknown)
1699 return ssl_config_.renego_allowed_default; 1700 return ssl_config_.renego_allowed_default;
1700 1701
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after
1943 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && 1944 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED &&
1944 !certificate_requested_) { 1945 !certificate_requested_) {
1945 net_error = ERR_SSL_PROTOCOL_ERROR; 1946 net_error = ERR_SSL_PROTOCOL_ERROR;
1946 } 1947 }
1947 } 1948 }
1948 1949
1949 return net_error; 1950 return net_error;
1950 } 1951 }
1951 1952
1952 } // namespace net 1953 } // namespace net
OLDNEW
« no previous file with comments | « net/log/net_log_event_type_list.h ('k') | net/socket/ssl_client_socket_pool.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698