OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 1040 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1051 } | 1051 } |
1052 | 1052 |
1053 next_handshake_state_ = STATE_HANDSHAKE_COMPLETE; | 1053 next_handshake_state_ = STATE_HANDSHAKE_COMPLETE; |
1054 return net_error; | 1054 return net_error; |
1055 } | 1055 } |
1056 | 1056 |
1057 int SSLClientSocketImpl::DoHandshakeComplete(int result) { | 1057 int SSLClientSocketImpl::DoHandshakeComplete(int result) { |
1058 if (result < 0) | 1058 if (result < 0) |
1059 return result; | 1059 return result; |
1060 | 1060 |
| 1061 if (ssl_config_.version_interference_probe) { |
| 1062 DCHECK_LT(ssl_config_.version_max, TLS1_3_VERSION); |
| 1063 return ERR_SSL_VERSION_INTERFERENCE; |
| 1064 } |
| 1065 |
1061 SSLContext::GetInstance()->session_cache()->ResetLookupCount( | 1066 SSLContext::GetInstance()->session_cache()->ResetLookupCount( |
1062 GetSessionCacheKey()); | 1067 GetSessionCacheKey()); |
1063 // Check that if token binding was negotiated, then extended master secret | 1068 // Check that if token binding was negotiated, then extended master secret |
1064 // and renegotiation indication must also be negotiated. | 1069 // and renegotiation indication must also be negotiated. |
1065 if (tb_was_negotiated_ && | 1070 if (tb_was_negotiated_ && |
1066 !(SSL_get_extms_support(ssl_.get()) && | 1071 !(SSL_get_extms_support(ssl_.get()) && |
1067 SSL_get_secure_renegotiation_support(ssl_.get()))) { | 1072 SSL_get_secure_renegotiation_support(ssl_.get()))) { |
1068 return ERR_SSL_PROTOCOL_ERROR; | 1073 return ERR_SSL_PROTOCOL_ERROR; |
1069 } | 1074 } |
1070 | 1075 |
(...skipping 599 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1670 MaybeCacheSession(); | 1675 MaybeCacheSession(); |
1671 return 1; | 1676 return 1; |
1672 } | 1677 } |
1673 | 1678 |
1674 void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { | 1679 void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { |
1675 ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); | 1680 ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); |
1676 } | 1681 } |
1677 | 1682 |
1678 std::string SSLClientSocketImpl::GetSessionCacheKey() const { | 1683 std::string SSLClientSocketImpl::GetSessionCacheKey() const { |
1679 std::string result = host_and_port_.ToString(); | 1684 std::string result = host_and_port_.ToString(); |
1680 result.append("/"); | 1685 result.push_back('/'); |
1681 result.append(ssl_session_cache_shard_); | 1686 result.append(ssl_session_cache_shard_); |
1682 | 1687 |
1683 result.append("/"); | 1688 result.push_back('/'); |
1684 if (ssl_config_.deprecated_cipher_suites_enabled) | 1689 result.push_back(ssl_config_.deprecated_cipher_suites_enabled ? '1' : '0'); |
1685 result.append("deprecated"); | 1690 result.push_back(ssl_config_.channel_id_enabled ? '1' : '0'); |
1686 | 1691 result.push_back(ssl_config_.version_interference_probe ? '1' : '0'); |
1687 result.append("/"); | |
1688 if (ssl_config_.channel_id_enabled) | |
1689 result.append("channelid"); | |
1690 | |
1691 return result; | 1692 return result; |
1692 } | 1693 } |
1693 | 1694 |
1694 bool SSLClientSocketImpl::IsRenegotiationAllowed() const { | 1695 bool SSLClientSocketImpl::IsRenegotiationAllowed() const { |
1695 if (tb_was_negotiated_) | 1696 if (tb_was_negotiated_) |
1696 return false; | 1697 return false; |
1697 | 1698 |
1698 if (negotiated_protocol_ == kProtoUnknown) | 1699 if (negotiated_protocol_ == kProtoUnknown) |
1699 return ssl_config_.renego_allowed_default; | 1700 return ssl_config_.renego_allowed_default; |
1700 | 1701 |
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1943 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 1944 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
1944 !certificate_requested_) { | 1945 !certificate_requested_) { |
1945 net_error = ERR_SSL_PROTOCOL_ERROR; | 1946 net_error = ERR_SSL_PROTOCOL_ERROR; |
1946 } | 1947 } |
1947 } | 1948 } |
1948 | 1949 |
1949 return net_error; | 1950 return net_error; |
1950 } | 1951 } |
1951 | 1952 |
1952 } // namespace net | 1953 } // namespace net |
OLD | NEW |