Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(249)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslsock.c

Issue 10387222: nss: revert encrypted and origin bound certificates support. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * vtables (and methods that call through them) for the 4 types of 2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported. 3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions. 4 * Various other functions.
5 * 5 *
6 * ***** BEGIN LICENSE BLOCK ***** 6 * ***** BEGIN LICENSE BLOCK *****
7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
8 * 8 *
9 * The contents of this file are subject to the Mozilla Public License Version 9 * The contents of this file are subject to the Mozilla Public License Version
10 * 1.1 (the "License"); you may not use this file except in compliance with 10 * 1.1 (the "License"); you may not use this file except in compliance with
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after
180 PR_FALSE, /* noStepDown */ 180 PR_FALSE, /* noStepDown */
181 PR_FALSE, /* bypassPKCS11 */ 181 PR_FALSE, /* bypassPKCS11 */
182 PR_FALSE, /* noLocks */ 182 PR_FALSE, /* noLocks */
183 PR_FALSE, /* enableSessionTickets */ 183 PR_FALSE, /* enableSessionTickets */
184 PR_FALSE, /* enableDeflate */ 184 PR_FALSE, /* enableDeflate */
185 2, /* enableRenegotiation (default: requires extension) */ 185 2, /* enableRenegotiation (default: requires extension) */
186 PR_FALSE, /* requireSafeNegotiation */ 186 PR_FALSE, /* requireSafeNegotiation */
187 PR_FALSE, /* enableFalseStart */ 187 PR_FALSE, /* enableFalseStart */
188 PR_TRUE, /* cbcRandomIV */ 188 PR_TRUE, /* cbcRandomIV */
189 PR_FALSE, /* enableOCSPStapling */ 189 PR_FALSE, /* enableOCSPStapling */
190 PR_FALSE, /* enableOBCerts */
191 PR_FALSE, /* encryptClientCerts */
192 }; 190 };
193 191
194 /* 192 /*
195 * default range of enabled SSL/TLS protocols 193 * default range of enabled SSL/TLS protocols
196 */ 194 */
197 static SSLVersionRange versions_defaults_stream = { 195 static SSLVersionRange versions_defaults_stream = {
198 SSL_LIBRARY_VERSION_3_0, 196 SSL_LIBRARY_VERSION_3_0,
199 SSL_LIBRARY_VERSION_TLS_1_0 197 SSL_LIBRARY_VERSION_TLS_1_0
200 }; 198 };
201 199
(...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after
859 break; 857 break;
860 858
861 case SSL_CBC_RANDOM_IV: 859 case SSL_CBC_RANDOM_IV:
862 ss->opt.cbcRandomIV = on; 860 ss->opt.cbcRandomIV = on;
863 break; 861 break;
864 862
865 case SSL_ENABLE_OCSP_STAPLING: 863 case SSL_ENABLE_OCSP_STAPLING:
866 ss->opt.enableOCSPStapling = on; 864 ss->opt.enableOCSPStapling = on;
867 break; 865 break;
868 866
869 case SSL_ENABLE_OB_CERTS:
870 ss->opt.enableOBCerts = on;
871 break;
872
873 case SSL_ENCRYPT_CLIENT_CERTS:
874 ss->opt.encryptClientCerts = on;
875 break;
876
877 default: 867 default:
878 PORT_SetError(SEC_ERROR_INVALID_ARGS); 868 PORT_SetError(SEC_ERROR_INVALID_ARGS);
879 rv = SECFailure; 869 rv = SECFailure;
880 } 870 }
881 871
882 /* We can't use the macros for releasing the locks here, 872 /* We can't use the macros for releasing the locks here,
883 * because ss->opt.noLocks might have changed just above. 873 * because ss->opt.noLocks might have changed just above.
884 * We must release these locks (monitors) here, if we aquired them above, 874 * We must release these locks (monitors) here, if we aquired them above,
885 * regardless of the current value of ss->opt.noLocks. 875 * regardless of the current value of ss->opt.noLocks.
886 */ 876 */
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
937 on = ss->opt.enableSessionTickets; 927 on = ss->opt.enableSessionTickets;
938 break; 928 break;
939 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; 929 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break;
940 case SSL_ENABLE_RENEGOTIATION: 930 case SSL_ENABLE_RENEGOTIATION:
941 on = ss->opt.enableRenegotiation; break; 931 on = ss->opt.enableRenegotiation; break;
942 case SSL_REQUIRE_SAFE_NEGOTIATION: 932 case SSL_REQUIRE_SAFE_NEGOTIATION:
943 on = ss->opt.requireSafeNegotiation; break; 933 on = ss->opt.requireSafeNegotiation; break;
944 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; 934 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
945 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; 935 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
946 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; 936 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
947 case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break;
948 case SSL_ENCRYPT_CLIENT_CERTS:
949 on = ss->opt.encryptClientCerts; break;
950 937
951 default: 938 default:
952 PORT_SetError(SEC_ERROR_INVALID_ARGS); 939 PORT_SetError(SEC_ERROR_INVALID_ARGS);
953 rv = SECFailure; 940 rv = SECFailure;
954 } 941 }
955 942
956 ssl_ReleaseSSL3HandshakeLock(ss); 943 ssl_ReleaseSSL3HandshakeLock(ss);
957 ssl_Release1stHandshakeLock(ss); 944 ssl_Release1stHandshakeLock(ss);
958 945
959 *pOn = on; 946 *pOn = on;
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
1001 case SSL_ENABLE_RENEGOTIATION: 988 case SSL_ENABLE_RENEGOTIATION:
1002 on = ssl_defaults.enableRenegotiation; break; 989 on = ssl_defaults.enableRenegotiation; break;
1003 case SSL_REQUIRE_SAFE_NEGOTIATION: 990 case SSL_REQUIRE_SAFE_NEGOTIATION:
1004 on = ssl_defaults.requireSafeNegotiation; 991 on = ssl_defaults.requireSafeNegotiation;
1005 break; 992 break;
1006 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; 993 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
1007 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; 994 case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
1008 case SSL_ENABLE_OCSP_STAPLING: 995 case SSL_ENABLE_OCSP_STAPLING:
1009 on = ssl_defaults.enableOCSPStapling; 996 on = ssl_defaults.enableOCSPStapling;
1010 break; 997 break;
1011 case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break;
1012 case SSL_ENCRYPT_CLIENT_CERTS:
1013 on = ssl_defaults.encryptClientCerts; break;
1014 998
1015 default: 999 default:
1016 PORT_SetError(SEC_ERROR_INVALID_ARGS); 1000 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1017 rv = SECFailure; 1001 rv = SECFailure;
1018 } 1002 }
1019 1003
1020 *pOn = on; 1004 *pOn = on;
1021 return rv; 1005 return rv;
1022 } 1006 }
1023 1007
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
1167 break; 1151 break;
1168 1152
1169 case SSL_CBC_RANDOM_IV: 1153 case SSL_CBC_RANDOM_IV:
1170 ssl_defaults.cbcRandomIV = on; 1154 ssl_defaults.cbcRandomIV = on;
1171 break; 1155 break;
1172 1156
1173 case SSL_ENABLE_OCSP_STAPLING: 1157 case SSL_ENABLE_OCSP_STAPLING:
1174 ssl_defaults.enableOCSPStapling = on; 1158 ssl_defaults.enableOCSPStapling = on;
1175 break; 1159 break;
1176 1160
1177 case SSL_ENABLE_OB_CERTS:
1178 ssl_defaults.enableOBCerts = on;
1179 break;
1180
1181 case SSL_ENCRYPT_CLIENT_CERTS:
1182 ssl_defaults.encryptClientCerts = on;
1183 break;
1184
1185 default: 1161 default:
1186 PORT_SetError(SEC_ERROR_INVALID_ARGS); 1162 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1187 return SECFailure; 1163 return SECFailure;
1188 } 1164 }
1189 return SECSuccess; 1165 return SECSuccess;
1190 } 1166 }
1191 1167
1192 /* function tells us if the cipher suite is one that we no longer support. */ 1168 /* function tells us if the cipher suite is one that we no longer support. */
1193 static PRBool 1169 static PRBool
1194 ssl_IsRemovedCipherSuite(PRInt32 suite) 1170 ssl_IsRemovedCipherSuite(PRInt32 suite)
(...skipping 1786 matching lines...) Expand 10 before | Expand all | Expand 10 after
2981 ssl_DestroySocketContents(ss); 2957 ssl_DestroySocketContents(ss);
2982 ssl_DestroyLocks(ss); 2958 ssl_DestroyLocks(ss);
2983 PORT_Free(ss); 2959 PORT_Free(ss);
2984 ss = NULL; 2960 ss = NULL;
2985 } 2961 }
2986 ss->protocolVariant = protocolVariant; 2962 ss->protocolVariant = protocolVariant;
2987 } 2963 }
2988 return ss; 2964 return ss;
2989 } 2965 }
2990 2966
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698