| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 1265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1276 &negotiated_extension); | 1276 &negotiated_extension); |
| 1277 } | 1277 } |
| 1278 if (rv != SECSuccess || !negotiated_extension) { | 1278 if (rv != SECSuccess || !negotiated_extension) { |
| 1279 // If the server doesn't support NPN or ALPN, then we don't do False | 1279 // If the server doesn't support NPN or ALPN, then we don't do False |
| 1280 // Start with it. | 1280 // Start with it. |
| 1281 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); | 1281 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); |
| 1282 } | 1282 } |
| 1283 } else { | 1283 } else { |
| 1284 // Disallow the server certificate to change in a renegotiation. | 1284 // Disallow the server certificate to change in a renegotiation. |
| 1285 CERTCertificate* old_cert = core->nss_handshake_state_.server_cert_chain[0]; | 1285 CERTCertificate* old_cert = core->nss_handshake_state_.server_cert_chain[0]; |
| 1286 CERTCertificate* new_cert = SSL_PeerCertificate(socket); | 1286 ScopedCERTCertificate new_cert(SSL_PeerCertificate(socket)); |
| 1287 if (new_cert->derCert.len != old_cert->derCert.len || | 1287 if (new_cert->derCert.len != old_cert->derCert.len || |
| 1288 memcmp(new_cert->derCert.data, old_cert->derCert.data, | 1288 memcmp(new_cert->derCert.data, old_cert->derCert.data, |
| 1289 new_cert->derCert.len) != 0) { | 1289 new_cert->derCert.len) != 0) { |
| 1290 // NSS doesn't have an error code that indicates the server certificate | 1290 // NSS doesn't have an error code that indicates the server certificate |
| 1291 // changed. Borrow SSL_ERROR_WRONG_CERTIFICATE (which NSS isn't using) | 1291 // changed. Borrow SSL_ERROR_WRONG_CERTIFICATE (which NSS isn't using) |
| 1292 // for this purpose. | 1292 // for this purpose. |
| 1293 PORT_SetError(SSL_ERROR_WRONG_CERTIFICATE); | 1293 PORT_SetError(SSL_ERROR_WRONG_CERTIFICATE); |
| 1294 return SECFailure; | 1294 return SECFailure; |
| 1295 } | 1295 } |
| 1296 } | 1296 } |
| (...skipping 2180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3477 EnsureThreadIdAssigned(); | 3477 EnsureThreadIdAssigned(); |
| 3478 base::AutoLock auto_lock(lock_); | 3478 base::AutoLock auto_lock(lock_); |
| 3479 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3479 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3480 } | 3480 } |
| 3481 | 3481 |
| 3482 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3482 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3483 return server_bound_cert_service_; | 3483 return server_bound_cert_service_; |
| 3484 } | 3484 } |
| 3485 | 3485 |
| 3486 } // namespace net | 3486 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 65853002:
Stop leaking a CERTCertificate* during SSL renegotiation (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src