net/socket/ssl_client_socket_nss.h - Issue 6804032: Add TLS-SRP (RFC 5054) support

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_nss.h

Issue 6804032: Add TLS-SRP (RFC 5054) support Base URL: http://git.chromium.org/git/chromium.git@trunk

Patch Set: remove "httpsv" scheme, minor NSS/OpenSSL changes Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_nss.h

diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h

index 836c2791876cded6cb91c6151d4cc2d189fca5d1..0a7f368a1f362b2ea85a7a908bed458affaa3917 100644

--- a/net/socket/ssl_client_socket_nss.h

+++ b/net/socket/ssl_client_socket_nss.h

@@ -97,6 +97,10 @@ class SSLClientSocketNSS : public SSLClientSocket {

// Initializes NSS SSL options. Returns a net error code.

int InitializeSSLOptions();

+ // Enables SRP ciphers. If |disable_non_srp_ciphers| is true, then non-SRP

+ // ciphers will be disabled. Returns a net error code.

+ int SetCiphersForTLSAuth(bool set_srp_ciphers, bool disable_non_srp_ciphers);

// Initializes the socket peer name in SSL. Returns a net error code.

int InitializeSSLPeerName();

@@ -106,6 +110,7 @@ class SSLClientSocketNSS : public SSLClientSocket {

#endif

X509Certificate* UpdateServerCert();

void UpdateConnectionStatus();

+ void UpdateAuth();

void DoReadCallback(int result);

void DoWriteCallback(int result);

void DoConnectCallback(int result);

@@ -161,6 +166,10 @@ class SSLClientSocketNSS : public SSLClientSocket {

CERTCertificate** result_certificate,

SECKEYPrivateKey** result_private_key);

#endif

+ // NSS calls this when password authentication is requested (for TLS-SRP).

+ static SECStatus TLSAuthCallback(PRFileDesc *socket, SECItem *pw, void *arg);

// NSS calls this when handshake is completed. We pass 'this' as the second

// argument.

static void HandshakeCallback(PRFileDesc* socket, void* arg);

@@ -214,6 +223,11 @@ class SSLClientSocketNSS : public SSLClientSocket {

CertVerifier* const cert_verifier_;

scoped_ptr<SingleRequestCertVerifier> verifier_;

+ // The mutually authenticated TLS username for the connection. This is only

+ // set after the handshake has succeeded with this username.

+ // If none, this is the empty string.

+ std::string authenticated_tls_username_;

// True if NSS has called HandshakeCallback.

bool handshake_callback_called_;

@@ -228,6 +242,10 @@ class SSLClientSocketNSS : public SSLClientSocket {

// HTTPS connections.

bool eset_mitm_detected_;

+ // False iff we are using an SRP cipher suite that doesn't use server certs.

+ // Default is true.

+ bool server_cert_needed_;

// True iff |ssl_host_info_| contained a predicted certificate chain and

// that we found the prediction to be correct.

bool predicted_cert_chain_correct_;

« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »