Chromium Code Reviews Chromium Code Reviews
Issue 6792032:
net: remove forced renegotiation checks (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/socket/ssl_client_socket_nss.cc |
| diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc |
| index 9923025f1cec592a1601689f1f77608da8246977..173fe3699142fbaa0f4b2d1727d913198416b353 100644 |
| --- a/net/socket/ssl_client_socket_nss.cc |
| +++ b/net/socket/ssl_client_socket_nss.cc |
| @@ -983,26 +983,13 @@ int SSLClientSocketNSS::InitializeSSLOptions() { |
| #endif |
| #ifdef SSL_ENABLE_RENEGOTIATION |
| - // Deliberately disable this check for now: http://crbug.com/55410 |
| - if (false && |
| - SSLConfigService::IsKnownStrictTLSServer(host_and_port_.host()) && |
| - !ssl_config_.mitm_proxies_allowed) { |
|
wtc
2011/04/05 17:20:03
Hmm... so this code has been disabled (by the 'fal
|
| - rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE); |
| - if (rv != SECSuccess) { |
| - LogFailedNSSFunction( |
| - net_log_, "SSL_OptionSet", "SSL_REQUIRE_SAFE_NEGOTIATION"); |
| - } |
| - rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, |
| - SSL_RENEGOTIATE_REQUIRES_XTN); |
| - } else { |
| - // We allow servers to request renegotiation. Since we're a client, |
| - // prohibiting this is rather a waste of time. Only servers are in a |
| - // position to prevent renegotiation attacks. |
| - // http://extendedsubset.com/?p=8 |
| + // We allow servers to request renegotiation. Since we're a client, |
| + // prohibiting this is rather a waste of time. Only servers are in a |
| + // position to prevent renegotiation attacks. |
| + // http://extendedsubset.com/?p=8 |
| - rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, |
| - SSL_RENEGOTIATE_TRANSITIONAL); |
| - } |
| + rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, |
| + SSL_RENEGOTIATE_TRANSITIONAL); |
| if (rv != SECSuccess) { |
| LogFailedNSSFunction( |
| net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION"); |
