net/socket/ssl_client_socket.cc - Issue 757033004: Do not use HTTP/2 without adequate security.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket.cc

Issue 757033004: Do not use HTTP/2 without adequate security. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Revert SerializeNextProtos first argument type change. Created 6 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket.cc

diff --git a/net/socket/ssl_client_socket.cc b/net/socket/ssl_client_socket.cc

index a52e6a3c052c70eba239aa57594c8a390816fc56..994ec3fb620ab29d318806e553e058085430f15e 100644

--- a/net/socket/ssl_client_socket.cc

+++ b/net/socket/ssl_client_socket.cc

@@ -11,6 +11,7 @@

#include "net/base/connection_type_histograms.h"

#include "net/base/host_port_pair.h"

#include "net/ssl/channel_id_service.h"

+#include "net/ssl/ssl_cipher_suite_names.h"

#include "net/ssl/ssl_config_service.h"

#include "net/ssl/ssl_connection_status_flags.h"

@@ -234,8 +235,24 @@ bool SSLClientSocket::IsChannelIDEnabled(

}

// static

+bool IsSecurityAdequateForHTTP2(const SSLConfig& ssl_config,

+ const std::vector<uint16>& cipher_suites) {

+ if (ssl_config.version_max < SSL_PROTOCOL_VERSION_TLS1_2) {

+ return false;

+ }

+ for (std::vector<uint16>::const_iterator it = cipher_suites.begin();

+ it != cipher_suites.end(); ++it) {

+ if (IsSecureTLSCipherSuite(*it)) {

+ return true;

+ }

+ return false;

+// static

std::vector<uint8_t> SSLClientSocket::SerializeNextProtos(

- const std::vector<std::string>& next_protos) {

+ const std::vector<std::string>& next_protos,

+ bool advertise_http2) {

// Do a first pass to determine the total length.

size_t wire_length = 0;

for (std::vector<std::string>::const_iterator i = next_protos.begin();

@@ -248,6 +265,13 @@ std::vector<uint8_t> SSLClientSocket::SerializeNextProtos(

LOG(WARNING) << "Ignoring empty NPN/ALPN protocol";

continue;

}

+ if (!advertise_http2) {

+ const NextProto proto = NextProtoFromString(*i);

+ if (kProtoSPDY4MinimumVersion <= proto &&

+ proto <= kProtoSPDY4MaximumVersion) {

+ continue;

+ }

wire_length += i->size();

wire_length++;

}

@@ -259,6 +283,13 @@ std::vector<uint8_t> SSLClientSocket::SerializeNextProtos(

i != next_protos.end(); i++) {

if (i->size() == 0 || i->size() > 255)

continue;

+ if (!advertise_http2) {

+ const NextProto proto = NextProtoFromString(*i);

+ if (kProtoSPDY4MinimumVersion <= proto &&

+ proto <= kProtoSPDY4MaximumVersion) {

+ continue;

+ }

wire_protos.push_back(i->size());

wire_protos.resize(wire_protos.size() + i->size());

memcpy(&wire_protos[wire_protos.size() - i->size()],

« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')