Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(174)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 757033004: Do not use HTTP/2 without adequate security. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Revert SerializeNextProtos first argument type change. Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 955 matching lines...) Expand 10 before | Expand all | Expand 10 after
966 DCHECK(OnNetworkTaskRunner()); 966 DCHECK(OnNetworkTaskRunner());
967 DCHECK(!nss_fd_); 967 DCHECK(!nss_fd_);
968 DCHECK(!nss_bufs_); 968 DCHECK(!nss_bufs_);
969 969
970 nss_fd_ = socket; 970 nss_fd_ = socket;
971 nss_bufs_ = buffers; 971 nss_bufs_ = buffers;
972 972
973 SECStatus rv = SECSuccess; 973 SECStatus rv = SECSuccess;
974 974
975 if (!ssl_config_.next_protos.empty()) { 975 if (!ssl_config_.next_protos.empty()) {
976 std::vector<uint8_t> wire_protos = 976 //EnsureNSSSSLInit();
Bence 2014/12/10 18:05:21 davidben: do I need EnsureNSSSSLInit() here, or is
davidben 2014/12/10 21:29:57 NSS is initialized at this point.
977 SerializeNextProtos(ssl_config_.next_protos); 977 DCHECK(NSS_IsInitialized());
978 const std::vector<uint16> cipher_suites = GetNSSEnabledCipherSuites();
979 // We still have to apply the disabled_cipher_suites list to these cipher
980 // suites, because NSS does not know about them quite yet.
981 std::vector<uint16> enabled_cipher_suites;
982 for (std::vector<uint16>::const_iterator it = cipher_suites.begin();
983 it != cipher_suites.end(); ++it) {
984 if (std::find(ssl_config_.disabled_cipher_suites.begin(),
985 ssl_config_.disabled_cipher_suites.end(),
986 *it) == ssl_config_.disabled_cipher_suites.end()) {
987 enabled_cipher_suites.push_back(*it);
988 }
989 }
990 std::vector<uint8_t> wire_protos = SerializeNextProtos(
991 ssl_config_.next_protos,
992 IsSecurityAdequateForHTTP2(ssl_config_, enabled_cipher_suites));
978 rv = SSL_SetNextProtoNego( 993 rv = SSL_SetNextProtoNego(
979 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], 994 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0],
980 wire_protos.size()); 995 wire_protos.size());
981 if (rv != SECSuccess) 996 if (rv != SECSuccess)
982 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); 997 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", "");
983 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); 998 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE);
984 if (rv != SECSuccess) 999 if (rv != SECSuccess)
985 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); 1000 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN");
986 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); 1001 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE);
987 if (rv != SECSuccess) 1002 if (rv != SECSuccess)
(...skipping 2630 matching lines...) Expand 10 before | Expand all | Expand 10 after
3618 scoped_refptr<X509Certificate> 3633 scoped_refptr<X509Certificate>
3619 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { 3634 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
3620 return core_->state().server_cert.get(); 3635 return core_->state().server_cert.get();
3621 } 3636 }
3622 3637
3623 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { 3638 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
3624 return channel_id_service_; 3639 return channel_id_service_;
3625 } 3640 }
3626 3641
3627 } // namespace net 3642 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698