Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(350)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 662543005: net: allow False Start only for >= TLS 1.2 && AEAD && forward-secure && ALPN/NPN. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git/+/master
Patch Set: Drop False Start tests in Chrome. Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
100 #include "net/cert/scoped_nss_types.h" 100 #include "net/cert/scoped_nss_types.h"
101 #include "net/cert/sct_status_flags.h" 101 #include "net/cert/sct_status_flags.h"
102 #include "net/cert/single_request_cert_verifier.h" 102 #include "net/cert/single_request_cert_verifier.h"
103 #include "net/cert/x509_certificate_net_log_param.h" 103 #include "net/cert/x509_certificate_net_log_param.h"
104 #include "net/cert/x509_util.h" 104 #include "net/cert/x509_util.h"
105 #include "net/http/transport_security_state.h" 105 #include "net/http/transport_security_state.h"
106 #include "net/ocsp/nss_ocsp.h" 106 #include "net/ocsp/nss_ocsp.h"
107 #include "net/socket/client_socket_handle.h" 107 #include "net/socket/client_socket_handle.h"
108 #include "net/socket/nss_ssl_util.h" 108 #include "net/socket/nss_ssl_util.h"
109 #include "net/ssl/ssl_cert_request_info.h" 109 #include "net/ssl/ssl_cert_request_info.h"
110 #include "net/ssl/ssl_cipher_suite_names.h"
110 #include "net/ssl/ssl_connection_status_flags.h" 111 #include "net/ssl/ssl_connection_status_flags.h"
111 #include "net/ssl/ssl_info.h" 112 #include "net/ssl/ssl_info.h"
112 113
113 #if defined(OS_WIN) 114 #if defined(OS_WIN)
114 #include <windows.h> 115 #include <windows.h>
115 #include <wincrypt.h> 116 #include <wincrypt.h>
116 117
117 #include "base/win/windows_version.h" 118 #include "base/win/windows_version.h"
118 #elif defined(OS_MACOSX) 119 #elif defined(OS_MACOSX)
119 #include <Security/SecBase.h> 120 #include <Security/SecBase.h>
(...skipping 1474 matching lines...) Expand 10 before | Expand all | Expand 10 after
1594 if (rv != SECSuccess || !negotiated_extension) { 1595 if (rv != SECSuccess || !negotiated_extension) {
1595 rv = SSL_HandshakeNegotiatedExtension(socket, 1596 rv = SSL_HandshakeNegotiatedExtension(socket,
1596 ssl_next_proto_nego_xtn, 1597 ssl_next_proto_nego_xtn,
1597 &negotiated_extension); 1598 &negotiated_extension);
1598 } 1599 }
1599 if (rv != SECSuccess || !negotiated_extension) { 1600 if (rv != SECSuccess || !negotiated_extension) {
1600 *can_false_start = PR_FALSE; 1601 *can_false_start = PR_FALSE;
1601 return SECSuccess; 1602 return SECSuccess;
1602 } 1603 }
1603 1604
1605 SSLChannelInfo channel_info;
1606 SECStatus ok = SSL_GetChannelInfo(socket,
1607 &channel_info, sizeof(channel_info));
1608 if (ok != SECSuccess ||
1609 channel_info.length != sizeof(channel_info) ||
1610 channel_info.protocolVersion < SSL_LIBRARY_VERSION_TLS_1_2 ||
1611 !IsSecureTLSCipherSuite(channel_info.cipherSuite)) {
1612 *can_false_start = PR_FALSE;
1613 return SECSuccess;
1614 }
1615
1604 return SSL_RecommendedCanFalseStart(socket, can_false_start); 1616 return SSL_RecommendedCanFalseStart(socket, can_false_start);
1605 } 1617 }
1606 1618
1607 // static 1619 // static
1608 void SSLClientSocketNSS::Core::HandshakeCallback( 1620 void SSLClientSocketNSS::Core::HandshakeCallback(
1609 PRFileDesc* socket, 1621 PRFileDesc* socket,
1610 void* arg) { 1622 void* arg) {
1611 Core* core = reinterpret_cast<Core*>(arg); 1623 Core* core = reinterpret_cast<Core*>(arg);
1612 DCHECK(core->OnNSSTaskRunner()); 1624 DCHECK(core->OnNSSTaskRunner());
1613 1625
(...skipping 1993 matching lines...) Expand 10 before | Expand all | Expand 10 after
3607 scoped_refptr<X509Certificate> 3619 scoped_refptr<X509Certificate>
3608 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { 3620 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
3609 return core_->state().server_cert.get(); 3621 return core_->state().server_cert.get();
3610 } 3622 }
3611 3623
3612 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { 3624 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
3613 return channel_id_service_; 3625 return channel_id_service_;
3614 } 3626 }
3615 3627
3616 } // namespace net 3628 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698