net/base/net_error_list.h - Issue 619463002: net: disable SSLv3 fallback.

Side by Side Diff: net/base/net_error_list.h

Issue 619463002: net: disable SSLv3 fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: ... Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // This file intentionally does not have header guards, it's included	5 // This file intentionally does not have header guards, it's included

6 // inside a macro to generate enum values.	6 // inside a macro to generate enum values.

7	7

8 // This file contains the list of network errors.	8 // This file contains the list of network errors.

9	9

10 //	10 //

(...skipping 318 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
329 NET_ERROR(SOCKET_RECEIVE_BUFFER_SIZE_UNCHANGEABLE, -162)	329 NET_ERROR(SOCKET_RECEIVE_BUFFER_SIZE_UNCHANGEABLE, -162)

330	330

331 // Failed to set the socket's send buffer size as requested, despite success	331 // Failed to set the socket's send buffer size as requested, despite success

332 // return code from setsockopt.	332 // return code from setsockopt.

333 NET_ERROR(SOCKET_SEND_BUFFER_SIZE_UNCHANGEABLE, -163)	333 NET_ERROR(SOCKET_SEND_BUFFER_SIZE_UNCHANGEABLE, -163)

334	334

335 // Failed to import a client certificate from the platform store into the SSL	335 // Failed to import a client certificate from the platform store into the SSL

336 // library.	336 // library.

337 NET_ERROR(SSL_CLIENT_AUTH_CERT_BAD_FORMAT, -164)	337 NET_ERROR(SSL_CLIENT_AUTH_CERT_BAD_FORMAT, -164)

338	338

	339 // The SSL connection needed a fallback version less than the configured

	340 // minimum fallback version.
	Ryan Sleevi 2014/09/30 19:34:19 This reads a little weird. Perhaps something like This reads a little weird. Perhaps something like // The SSL server requires falling back to a version weaker than the configured minimum fallback version, and thus fallback failed. (s/weaker/older/ or /less than/ for taste) agl 2014/10/01 21:10:53 Done. Show quoted text On 2014/09/30 19:34:19, Ryan Sleevi wrote: > This reads a little weird. Perhaps something like > > // The SSL server requires falling back to a version weaker than the configured > minimum fallback version, and thus fallback failed. > > (s/weaker/older/ or /less than/ for taste) Done.
	341 NET_ERROR(SSL_NEEDS_MORE_FALLBACK, -165)
	Ryan Sleevi 2014/09/30 19:34:19 NEEDS_MORE_FALLBACK is... a little less descriptiv NEEDS_MORE_FALLBACK is... a little less descriptive than I'd hope. SSL_CANT_FALLBACK_BEYOND_MINIMUM_VERSION ? That is, I'd hope that the error code tries to describe what's going on without the error message. I'm pretty flexible on this if you have alternatives, the concrete concern I have with "needs more fallback" is that it feels like it combines two comparators (more = greater than, fallback = less than). That is, you need more of less security. Which is weird. Something that can avoid words like "more" is ideal. agl 2014/10/01 21:10:53 Went with SSL_FALLBACK_BEYOND_MINIMUM_VERSION. Show quoted text On 2014/09/30 19:34:19, Ryan Sleevi wrote: > NEEDS_MORE_FALLBACK is... a little less descriptive than I'd hope. > > SSL_CANT_FALLBACK_BEYOND_MINIMUM_VERSION ? > > That is, I'd hope that the error code tries to describe what's going on without > the error message. > > I'm pretty flexible on this if you have alternatives, the concrete concern I > have with "needs more fallback" is that it feels like it combines two > comparators (more = greater than, fallback = less than). That is, you need more > of less security. Which is weird. > > Something that can avoid words like "more" is ideal. Went with SSL_FALLBACK_BEYOND_MINIMUM_VERSION.
	342

339 // Certificate error codes	343 // Certificate error codes

340 //	344 //

341 // The values of certificate error codes must be consecutive.	345 // The values of certificate error codes must be consecutive.

342	346

343 // The server responded with a certificate whose common name did not match	347 // The server responded with a certificate whose common name did not match

344 // the host name. This could mean:	348 // the host name. This could mean:

345 //	349 //

346 // 1. An attacker has redirected our traffic to his server and is	350 // 1. An attacker has redirected our traffic to his server and is

347 // presenting a certificate for which he knows the private key.	351 // presenting a certificate for which he knows the private key.

348 //	352 //

(...skipping 416 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
765 NET_ERROR(DNS_TIMED_OUT, -803)	769 NET_ERROR(DNS_TIMED_OUT, -803)

766	770

767 // The entry was not found in cache, for cache-only lookups.	771 // The entry was not found in cache, for cache-only lookups.

768 NET_ERROR(DNS_CACHE_MISS, -804)	772 NET_ERROR(DNS_CACHE_MISS, -804)

769	773

770 // Suffix search list rules prevent resolution of the given host name.	774 // Suffix search list rules prevent resolution of the given host name.

771 NET_ERROR(DNS_SEARCH_EMPTY, -805)	775 NET_ERROR(DNS_SEARCH_EMPTY, -805)

772	776

773 // Failed to sort addresses according to RFC3484.	777 // Failed to sort addresses according to RFC3484.

774 NET_ERROR(DNS_SORT_ERROR, -806)	778 NET_ERROR(DNS_SORT_ERROR, -806)

OLD	NEW

« chrome/common/localized_error.cc ('K') | « chrome/common/pref_names.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »