OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 889 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
900 int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session); | 900 int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session); |
901 LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session; | 901 LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session; |
902 } | 902 } |
903 } | 903 } |
904 } else if (rv == 1) { | 904 } else if (rv == 1) { |
905 if (trying_cached_session_ && logging::DEBUG_MODE) { | 905 if (trying_cached_session_ && logging::DEBUG_MODE) { |
906 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString() | 906 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString() |
907 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail"); | 907 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail"); |
908 } | 908 } |
909 | 909 |
910 if (ssl_config_.version_fallback && | |
911 ssl_config_.version_max < ssl_config_.version_fallback_min) { | |
912 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; | |
davidben
2014/10/07 22:06:30
Ditto for the NSS comment. We should avoid resumin
| |
913 } | |
914 | |
910 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. | 915 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. |
911 if (npn_status_ == kNextProtoUnsupported) { | 916 if (npn_status_ == kNextProtoUnsupported) { |
912 const uint8_t* alpn_proto = NULL; | 917 const uint8_t* alpn_proto = NULL; |
913 unsigned alpn_len = 0; | 918 unsigned alpn_len = 0; |
914 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); | 919 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); |
915 if (alpn_len > 0) { | 920 if (alpn_len > 0) { |
916 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len); | 921 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len); |
917 npn_status_ = kNextProtoNegotiated; | 922 npn_status_ = kNextProtoNegotiated; |
918 } | 923 } |
919 } | 924 } |
(...skipping 844 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1764 ct::SCT_STATUS_LOG_UNKNOWN)); | 1769 ct::SCT_STATUS_LOG_UNKNOWN)); |
1765 } | 1770 } |
1766 } | 1771 } |
1767 | 1772 |
1768 scoped_refptr<X509Certificate> | 1773 scoped_refptr<X509Certificate> |
1769 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1774 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
1770 return server_cert_; | 1775 return server_cert_; |
1771 } | 1776 } |
1772 | 1777 |
1773 } // namespace net | 1778 } // namespace net |
OLD | NEW |