OLD | NEW |
1 // Copyright (c) 2008-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2008-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_mac.h" | 5 #include "net/socket/ssl_client_socket_mac.h" |
6 | 6 |
7 #include <CoreServices/CoreServices.h> | 7 #include <CoreServices/CoreServices.h> |
8 | 8 |
9 #include "base/scoped_cftyperef.h" | 9 #include "base/scoped_cftyperef.h" |
10 #include "base/singleton.h" | 10 #include "base/singleton.h" |
(...skipping 708 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
719 // the server certificate and then re-enter that handshake (assuming the | 719 // the server certificate and then re-enter that handshake (assuming the |
720 // certificate successfully validated). | 720 // certificate successfully validated). |
721 // | 721 // |
722 // If SSLSetSessionOption() is not present, we do not enable session | 722 // If SSLSetSessionOption() is not present, we do not enable session |
723 // resumption, because in that case we are verifying the server's certificate | 723 // resumption, because in that case we are verifying the server's certificate |
724 // after the handshake completes (but before any application data is | 724 // after the handshake completes (but before any application data is |
725 // exchanged). If we were to enable session resumption in this situation, | 725 // exchanged). If we were to enable session resumption in this situation, |
726 // the session would be cached before we verified the certificate, leaving | 726 // the session would be cached before we verified the certificate, leaving |
727 // the potential for a session in which the certificate failed to validate | 727 // the potential for a session in which the certificate failed to validate |
728 // to still be able to be resumed. | 728 // to still be able to be resumed. |
729 SSLSetSessionOptionFuncPtr ssl_set_session_options = | 729 static SSLSetSessionOptionFuncPtr ssl_set_session_options = |
730 LookupFunction<SSLSetSessionOptionFuncPtr>(CFSTR("com.apple.security"), | 730 LookupFunction<SSLSetSessionOptionFuncPtr>(CFSTR("com.apple.security"), |
731 CFSTR("SSLSetSessionOption")); | 731 CFSTR("SSLSetSessionOption")); |
732 if (ssl_set_session_options) { | 732 if (ssl_set_session_options) { |
733 status = ssl_set_session_options(ssl_context_, | 733 status = ssl_set_session_options(ssl_context_, |
734 kSSLSessionOptionBreakOnServerAuth, | 734 kSSLSessionOptionBreakOnServerAuth, |
735 true); | 735 true); |
736 if (!status) | 736 if (!status) |
737 status = ssl_set_session_options(ssl_context_, | 737 status = ssl_set_session_options(ssl_context_, |
738 kSSLSessionOptionBreakOnCertRequested, | 738 kSSLSessionOptionBreakOnCertRequested, |
739 true); | 739 true); |
(...skipping 424 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1164 if (rv < 0 && rv != ERR_IO_PENDING) { | 1164 if (rv < 0 && rv != ERR_IO_PENDING) { |
1165 us->write_io_buf_ = NULL; | 1165 us->write_io_buf_ = NULL; |
1166 return OSStatusFromNetError(rv); | 1166 return OSStatusFromNetError(rv); |
1167 } | 1167 } |
1168 | 1168 |
1169 // always lie to our caller | 1169 // always lie to our caller |
1170 return noErr; | 1170 return noErr; |
1171 } | 1171 } |
1172 | 1172 |
1173 } // namespace net | 1173 } // namespace net |
OLD | NEW |