Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(422)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/spdy_session.cc

Issue 291093002: Fail the SPDY transaction if it does not meet TLS base requirements. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address forgotten comment. Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/spdy/spdy_session.h ('k') | net/ssl/ssl_cipher_suite_names.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_session.h" 5 #include "net/spdy/spdy_session.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <map> 8 #include <map>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 22 matching lines...) Expand all
33 #include "net/http/http_network_session.h" 33 #include "net/http/http_network_session.h"
34 #include "net/http/http_server_properties.h" 34 #include "net/http/http_server_properties.h"
35 #include "net/http/http_util.h" 35 #include "net/http/http_util.h"
36 #include "net/spdy/spdy_buffer_producer.h" 36 #include "net/spdy/spdy_buffer_producer.h"
37 #include "net/spdy/spdy_frame_builder.h" 37 #include "net/spdy/spdy_frame_builder.h"
38 #include "net/spdy/spdy_http_utils.h" 38 #include "net/spdy/spdy_http_utils.h"
39 #include "net/spdy/spdy_protocol.h" 39 #include "net/spdy/spdy_protocol.h"
40 #include "net/spdy/spdy_session_pool.h" 40 #include "net/spdy/spdy_session_pool.h"
41 #include "net/spdy/spdy_stream.h" 41 #include "net/spdy/spdy_stream.h"
42 #include "net/ssl/server_bound_cert_service.h" 42 #include "net/ssl/server_bound_cert_service.h"
43 #include "net/ssl/ssl_cipher_suite_names.h"
44 #include "net/ssl/ssl_connection_status_flags.h"
43 45
44 namespace net { 46 namespace net {
45 47
46 namespace { 48 namespace {
47 49
48 const int kReadBufferSize = 8 * 1024; 50 const int kReadBufferSize = 8 * 1024;
49 const int kDefaultConnectionAtRiskOfLossSeconds = 10; 51 const int kDefaultConnectionAtRiskOfLossSeconds = 10;
50 const int kHungIntervalSeconds = 10; 52 const int kHungIntervalSeconds = 10;
51 53
52 // As we always act as the client, start at 1 for the first stream id. 54 // As we always act as the client, start at 1 for the first stream id.
(...skipping 786 matching lines...) Expand 10 before | Expand all | Expand 10 after
839 841
840 void SpdySession::AddPooledAlias(const SpdySessionKey& alias_key) { 842 void SpdySession::AddPooledAlias(const SpdySessionKey& alias_key) {
841 pooled_aliases_.insert(alias_key); 843 pooled_aliases_.insert(alias_key);
842 } 844 }
843 845
844 SpdyMajorVersion SpdySession::GetProtocolVersion() const { 846 SpdyMajorVersion SpdySession::GetProtocolVersion() const {
845 DCHECK(buffered_spdy_framer_.get()); 847 DCHECK(buffered_spdy_framer_.get());
846 return buffered_spdy_framer_->protocol_version(); 848 return buffered_spdy_framer_->protocol_version();
847 } 849 }
848 850
851 bool SpdySession::HasAcceptableTransportSecurity() const {
852 // If we're not even using TLS, we have no standards to meet.
853 if (!is_secure_) {
854 return true;
855 }
856
857 // We don't enforce transport security standards for older SPDY versions.
858 if (GetProtocolVersion() < SPDY4) {
859 return true;
860 }
861
862 SSLInfo ssl_info;
863 CHECK(connection_->socket()->GetSSLInfo(&ssl_info));
864
865 // HTTP/2 requires TLS 1.2+
866 if (SSLConnectionStatusToVersion(ssl_info.connection_status) <
867 SSL_CONNECTION_VERSION_TLS1_2) {
868 return false;
869 }
870
871 if (!IsSecureTLSCipherSuite(
872 SSLConnectionStatusToCipherSuite(ssl_info.connection_status))) {
873 return false;
874 }
875
876 return true;
877 }
878
849 base::WeakPtr<SpdySession> SpdySession::GetWeakPtr() { 879 base::WeakPtr<SpdySession> SpdySession::GetWeakPtr() {
850 return weak_factory_.GetWeakPtr(); 880 return weak_factory_.GetWeakPtr();
851 } 881 }
852 882
853 bool SpdySession::CloseOneIdleConnection() { 883 bool SpdySession::CloseOneIdleConnection() {
854 CHECK(!in_io_loop_); 884 CHECK(!in_io_loop_);
855 DCHECK_NE(availability_state_, STATE_CLOSED); 885 DCHECK_NE(availability_state_, STATE_CLOSED);
856 DCHECK(pool_); 886 DCHECK(pool_);
857 if (!active_streams_.empty()) 887 if (!active_streams_.empty())
858 return false; 888 return false;
(...skipping 2216 matching lines...) Expand 10 before | Expand all | Expand 10 after
3075 if (!queue->empty()) { 3105 if (!queue->empty()) {
3076 SpdyStreamId stream_id = queue->front(); 3106 SpdyStreamId stream_id = queue->front();
3077 queue->pop_front(); 3107 queue->pop_front();
3078 return stream_id; 3108 return stream_id;
3079 } 3109 }
3080 } 3110 }
3081 return 0; 3111 return 0;
3082 } 3112 }
3083 3113
3084 } // namespace net 3114 } // namespace net
OLDNEW
« no previous file with comments | « net/spdy/spdy_session.h ('k') | net/ssl/ssl_cipher_suite_names.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698