net/socket/ssl_client_socket_openssl.cc - Issue 619463002: net: disable SSLv3 fallback.

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 619463002: net: disable SSLv3 fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix debug crash in tests. Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // OpenSSL binding for SSLClientSocket. The class layout and general principle	5 // OpenSSL binding for SSLClientSocket. The class layout and general principle

6 // of operation is derived from SSLClientSocketNSS.	6 // of operation is derived from SSLClientSocketNSS.

7	7

8 #include "net/socket/ssl_client_socket_openssl.h"	8 #include "net/socket/ssl_client_socket_openssl.h"

9	9

10 #include <errno.h>	10 #include <errno.h>

(...skipping 889 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
900 int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session);	900 int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session);

901 LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session;	901 LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session;

902 }	902 }

903 }	903 }

904 } else if (rv == 1) {	904 } else if (rv == 1) {

905 if (trying_cached_session_ && logging::DEBUG_MODE) {	905 if (trying_cached_session_ && logging::DEBUG_MODE) {

906 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString()	906 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString()

907 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail");	907 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail");

908 }	908 }

909	909

	910 if (ssl_config_.version_fallback &&

	911 ssl_config_.version_max < ssl_config_.version_fallback_min) {

	912 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;

	913 }

	914

910 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was.	915 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was.

911 if (npn_status_ == kNextProtoUnsupported) {	916 if (npn_status_ == kNextProtoUnsupported) {

912 const uint8_t* alpn_proto = NULL;	917 const uint8_t* alpn_proto = NULL;

913 unsigned alpn_len = 0;	918 unsigned alpn_len = 0;

914 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len);	919 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len);

915 if (alpn_len > 0) {	920 if (alpn_len > 0) {

916 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len);	921 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len);

917 npn_status_ = kNextProtoNegotiated;	922 npn_status_ = kNextProtoNegotiated;

918 set_negotiation_extension(kExtensionALPN);	923 set_negotiation_extension(kExtensionALPN);

919 }	924 }

(...skipping 846 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1766 ct::SCT_STATUS_LOG_UNKNOWN));	1771 ct::SCT_STATUS_LOG_UNKNOWN));

1767 }	1772 }

1768 }	1773 }

1769	1774

1770 scoped_refptr<X509Certificate>	1775 scoped_refptr<X509Certificate>

1771 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {	1776 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {

1772 return server_cert_;	1777 return server_cert_;

1773 }	1778 }

1774	1779

1775 } // namespace net	1780 } // namespace net

OLD	NEW

« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »