| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 820 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 831 | 831 |
| 832 if (ssl_config_.version_fallback) | 832 if (ssl_config_.version_fallback) |
| 833 SSL_enable_fallback_scsv(ssl_); | 833 SSL_enable_fallback_scsv(ssl_); |
| 834 | 834 |
| 835 // TLS channel ids. | 835 // TLS channel ids. |
| 836 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) { | 836 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) { |
| 837 SSL_enable_tls_channel_id(ssl_); | 837 SSL_enable_tls_channel_id(ssl_); |
| 838 } | 838 } |
| 839 | 839 |
| 840 if (!ssl_config_.next_protos.empty()) { | 840 if (!ssl_config_.next_protos.empty()) { |
| 841 std::vector<uint8_t> wire_protos = | 841 // Get list of ciphers that are enabled. |
| 842 SerializeNextProtos(ssl_config_.next_protos); | 842 STACK_OF(SSL_CIPHER)* enabled_ciphers = SSL_get_ciphers(ssl_); |
| 843 DCHECK(enabled_ciphers); |
| 844 std::vector<uint16> enabled_ciphers_vector; |
| 845 for (size_t i = 0; i < sk_SSL_CIPHER_num(enabled_ciphers); ++i) { |
| 846 const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(enabled_ciphers, i); |
| 847 const uint16 id = static_cast<uint16>(SSL_CIPHER_get_id(cipher)); |
| 848 enabled_ciphers_vector.push_back(id); |
| 849 } |
| 850 |
| 851 std::vector<uint8_t> wire_protos = SerializeNextProtos( |
| 852 ssl_config_.next_protos, |
| 853 IsSecurityAdequateForHTTP2(ssl_config_, enabled_ciphers_vector)); |
| 843 SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0], | 854 SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0], |
| 844 wire_protos.size()); | 855 wire_protos.size()); |
| 845 } | 856 } |
| 846 | 857 |
| 847 if (ssl_config_.signed_cert_timestamps_enabled) { | 858 if (ssl_config_.signed_cert_timestamps_enabled) { |
| 848 SSL_enable_signed_cert_timestamps(ssl_); | 859 SSL_enable_signed_cert_timestamps(ssl_); |
| 849 SSL_enable_ocsp_stapling(ssl_); | 860 SSL_enable_ocsp_stapling(ssl_); |
| 850 } | 861 } |
| 851 | 862 |
| 852 if (IsOCSPStaplingSupported()) | 863 if (IsOCSPStaplingSupported()) |
| (...skipping 1049 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1902 ct::SCT_STATUS_LOG_UNKNOWN)); | 1913 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 1903 } | 1914 } |
| 1904 } | 1915 } |
| 1905 | 1916 |
| 1906 scoped_refptr<X509Certificate> | 1917 scoped_refptr<X509Certificate> |
| 1907 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1918 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1908 return server_cert_; | 1919 return server_cert_; |
| 1909 } | 1920 } |
| 1910 | 1921 |
| 1911 } // namespace net | 1922 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 757033004:
Do not use HTTP/2 without adequate security. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master