OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 3118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3129 } | 3129 } |
3130 | 3130 |
3131 for (std::vector<uint16>::const_iterator it = | 3131 for (std::vector<uint16>::const_iterator it = |
3132 ssl_config_.disabled_cipher_suites.begin(); | 3132 ssl_config_.disabled_cipher_suites.begin(); |
3133 it != ssl_config_.disabled_cipher_suites.end(); ++it) { | 3133 it != ssl_config_.disabled_cipher_suites.end(); ++it) { |
3134 // This will fail if the specified cipher is not implemented by NSS, but | 3134 // This will fail if the specified cipher is not implemented by NSS, but |
3135 // the failure is harmless. | 3135 // the failure is harmless. |
3136 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | 3136 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); |
3137 } | 3137 } |
3138 | 3138 |
| 3139 size_t cipher_order_len; |
| 3140 const uint16* cipher_order = GetNSSCipherOrder(&cipher_order_len); |
| 3141 if (cipher_order) { |
| 3142 rv = SSL_CipherOrderSet(nss_fd_, cipher_order, cipher_order_len); |
| 3143 if (rv != SECSuccess) |
| 3144 LogFailedNSSFunction(net_log_, "SSL_CipherOrderSet", ""); |
| 3145 } |
| 3146 |
3139 // Support RFC 5077 | 3147 // Support RFC 5077 |
3140 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); | 3148 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); |
3141 if (rv != SECSuccess) { | 3149 if (rv != SECSuccess) { |
3142 LogFailedNSSFunction( | 3150 LogFailedNSSFunction( |
3143 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); | 3151 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); |
3144 } | 3152 } |
3145 | 3153 |
3146 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, | 3154 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, |
3147 ssl_config_.false_start_enabled); | 3155 ssl_config_.false_start_enabled); |
3148 if (rv != SECSuccess) | 3156 if (rv != SECSuccess) |
(...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3497 EnsureThreadIdAssigned(); | 3505 EnsureThreadIdAssigned(); |
3498 base::AutoLock auto_lock(lock_); | 3506 base::AutoLock auto_lock(lock_); |
3499 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3507 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
3500 } | 3508 } |
3501 | 3509 |
3502 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3510 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
3503 return server_bound_cert_service_; | 3511 return server_bound_cert_service_; |
3504 } | 3512 } |
3505 | 3513 |
3506 } // namespace net | 3514 } // namespace net |
OLD | NEW |