| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 955 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 966 DCHECK(OnNetworkTaskRunner()); | 966 DCHECK(OnNetworkTaskRunner()); |
| 967 DCHECK(!nss_fd_); | 967 DCHECK(!nss_fd_); |
| 968 DCHECK(!nss_bufs_); | 968 DCHECK(!nss_bufs_); |
| 969 | 969 |
| 970 nss_fd_ = socket; | 970 nss_fd_ = socket; |
| 971 nss_bufs_ = buffers; | 971 nss_bufs_ = buffers; |
| 972 | 972 |
| 973 SECStatus rv = SECSuccess; | 973 SECStatus rv = SECSuccess; |
| 974 | 974 |
| 975 if (!ssl_config_.next_protos.empty()) { | 975 if (!ssl_config_.next_protos.empty()) { |
| 976 std::vector<uint8_t> wire_protos = | 976 DCHECK(NSS_IsInitialized()); |
| 977 SerializeNextProtos(ssl_config_.next_protos); | 977 const std::vector<uint16> cipher_suites = |
| 978 GetNSSDefaultEnabledCipherSuites(); |
| 979 std::vector<uint16> implemented_enabled_cipher_suites; |
| 980 for (uint16 cipher : cipher_suites) { |
| 981 PRBool enabled = PR_FALSE; |
| 982 if (PK11_TokenExists(cipher) && |
| 983 SSL_CipherPrefGet(nss_fd_, cipher, &enabled) == SECSuccess && |
| 984 enabled) { |
| 985 implemented_enabled_cipher_suites.push_back(cipher); |
| 986 } |
| 987 } |
| 988 std::vector<uint8_t> wire_protos = SerializeNextProtos( |
| 989 ssl_config_.next_protos, |
| 990 IsSecurityAdequateForHTTP2(ssl_config_, |
| 991 implemented_enabled_cipher_suites)); |
| 978 rv = SSL_SetNextProtoNego( | 992 rv = SSL_SetNextProtoNego( |
| 979 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], | 993 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], |
| 980 wire_protos.size()); | 994 wire_protos.size()); |
| 981 if (rv != SECSuccess) | 995 if (rv != SECSuccess) |
| 982 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); | 996 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); |
| 983 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); | 997 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); |
| 984 if (rv != SECSuccess) | 998 if (rv != SECSuccess) |
| 985 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); | 999 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); |
| 986 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); | 1000 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); |
| 987 if (rv != SECSuccess) | 1001 if (rv != SECSuccess) |
| (...skipping 2630 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3618 scoped_refptr<X509Certificate> | 3632 scoped_refptr<X509Certificate> |
| 3619 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3633 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
| 3620 return core_->state().server_cert.get(); | 3634 return core_->state().server_cert.get(); |
| 3621 } | 3635 } |
| 3622 | 3636 |
| 3623 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3637 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
| 3624 return channel_id_service_; | 3638 return channel_id_service_; |
| 3625 } | 3639 } |
| 3626 | 3640 |
| 3627 } // namespace net | 3641 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 757033004:
Do not use HTTP/2 without adequate security. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master