OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 889 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
900 int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session); | 900 int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session); |
901 LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session; | 901 LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session; |
902 } | 902 } |
903 } | 903 } |
904 } else if (rv == 1) { | 904 } else if (rv == 1) { |
905 if (trying_cached_session_ && logging::DEBUG_MODE) { | 905 if (trying_cached_session_ && logging::DEBUG_MODE) { |
906 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString() | 906 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString() |
907 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail"); | 907 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail"); |
908 } | 908 } |
909 | 909 |
| 910 if (ssl_config_.version_fallback && |
| 911 ssl_config_.version_max < ssl_config_.version_fallback_min) { |
| 912 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; |
| 913 } |
| 914 |
910 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. | 915 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. |
911 if (npn_status_ == kNextProtoUnsupported) { | 916 if (npn_status_ == kNextProtoUnsupported) { |
912 const uint8_t* alpn_proto = NULL; | 917 const uint8_t* alpn_proto = NULL; |
913 unsigned alpn_len = 0; | 918 unsigned alpn_len = 0; |
914 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); | 919 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); |
915 if (alpn_len > 0) { | 920 if (alpn_len > 0) { |
916 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len); | 921 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len); |
917 npn_status_ = kNextProtoNegotiated; | 922 npn_status_ = kNextProtoNegotiated; |
918 set_negotiation_extension(kExtensionALPN); | 923 set_negotiation_extension(kExtensionALPN); |
919 } | 924 } |
(...skipping 846 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1766 ct::SCT_STATUS_LOG_UNKNOWN)); | 1771 ct::SCT_STATUS_LOG_UNKNOWN)); |
1767 } | 1772 } |
1768 } | 1773 } |
1769 | 1774 |
1770 scoped_refptr<X509Certificate> | 1775 scoped_refptr<X509Certificate> |
1771 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1776 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
1772 return server_cert_; | 1777 return server_cert_; |
1773 } | 1778 } |
1774 | 1779 |
1775 } // namespace net | 1780 } // namespace net |
OLD | NEW |