| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 1272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1283 &negotiated_extension); | 1283 &negotiated_extension); |
| 1284 } | 1284 } |
| 1285 if (rv != SECSuccess || !negotiated_extension) { | 1285 if (rv != SECSuccess || !negotiated_extension) { |
| 1286 // If the server doesn't support NPN or ALPN, then we don't do False | 1286 // If the server doesn't support NPN or ALPN, then we don't do False |
| 1287 // Start with it. | 1287 // Start with it. |
| 1288 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); | 1288 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); |
| 1289 } | 1289 } |
| 1290 } else { | 1290 } else { |
| 1291 // Disallow the server certificate to change in a renegotiation. | 1291 // Disallow the server certificate to change in a renegotiation. |
| 1292 CERTCertificate* old_cert = core->nss_handshake_state_.server_cert_chain[0]; | 1292 CERTCertificate* old_cert = core->nss_handshake_state_.server_cert_chain[0]; |
| 1293 CERTCertificate* new_cert = SSL_PeerCertificate(socket); | 1293 ScopedCERTCertificate new_cert(SSL_PeerCertificate(socket)); |
| 1294 if (new_cert->derCert.len != old_cert->derCert.len || | 1294 if (new_cert->derCert.len != old_cert->derCert.len || |
| 1295 memcmp(new_cert->derCert.data, old_cert->derCert.data, | 1295 memcmp(new_cert->derCert.data, old_cert->derCert.data, |
| 1296 new_cert->derCert.len) != 0) { | 1296 new_cert->derCert.len) != 0) { |
| 1297 // NSS doesn't have an error code that indicates the server certificate | 1297 // NSS doesn't have an error code that indicates the server certificate |
| 1298 // changed. Borrow SSL_ERROR_WRONG_CERTIFICATE (which NSS isn't using) | 1298 // changed. Borrow SSL_ERROR_WRONG_CERTIFICATE (which NSS isn't using) |
| 1299 // for this purpose. | 1299 // for this purpose. |
| 1300 PORT_SetError(SSL_ERROR_WRONG_CERTIFICATE); | 1300 PORT_SetError(SSL_ERROR_WRONG_CERTIFICATE); |
| 1301 return SECFailure; | 1301 return SECFailure; |
| 1302 } | 1302 } |
| 1303 } | 1303 } |
| (...skipping 2200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3504 EnsureThreadIdAssigned(); | 3504 EnsureThreadIdAssigned(); |
| 3505 base::AutoLock auto_lock(lock_); | 3505 base::AutoLock auto_lock(lock_); |
| 3506 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3506 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3507 } | 3507 } |
| 3508 | 3508 |
| 3509 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3509 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3510 return server_bound_cert_service_; | 3510 return server_bound_cert_service_; |
| 3511 } | 3511 } |
| 3512 | 3512 |
| 3513 } // namespace net | 3513 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 61743019:
Merge 233879 "Stop leaking a CERTCertificate* during SSL renegot..." (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/1650/src/