OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
(...skipping 472 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
483 options.ConfigureFlag(SSL_OP_NO_TLSv1_1, !tls1_1_enabled); | 483 options.ConfigureFlag(SSL_OP_NO_TLSv1_1, !tls1_1_enabled); |
484 #endif | 484 #endif |
485 #if defined(SSL_OP_NO_TLSv1_2) | 485 #if defined(SSL_OP_NO_TLSv1_2) |
486 bool tls1_2_enabled = | 486 bool tls1_2_enabled = |
487 (ssl_config_.version_min <= SSL_PROTOCOL_VERSION_TLS1_2 && | 487 (ssl_config_.version_min <= SSL_PROTOCOL_VERSION_TLS1_2 && |
488 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_2); | 488 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_2); |
489 options.ConfigureFlag(SSL_OP_NO_TLSv1_2, !tls1_2_enabled); | 489 options.ConfigureFlag(SSL_OP_NO_TLSv1_2, !tls1_2_enabled); |
490 #endif | 490 #endif |
491 | 491 |
492 #if defined(SSL_OP_NO_COMPRESSION) | 492 #if defined(SSL_OP_NO_COMPRESSION) |
493 // If TLS was disabled also disable compression, to provide maximum site | 493 options.ConfigureFlag(SSL_OP_NO_COMPRESSION, true); |
494 // compatibility in the case of protocol fallback. See http://crbug.com/31628 | |
495 options.ConfigureFlag(SSL_OP_NO_COMPRESSION, | |
496 ssl_config_.version_max < SSL_PROTOCOL_VERSION_TLS1); | |
497 #endif | 494 #endif |
498 | 495 |
499 // TODO(joth): Set this conditionally, see http://crbug.com/55410 | 496 // TODO(joth): Set this conditionally, see http://crbug.com/55410 |
500 options.ConfigureFlag(SSL_OP_LEGACY_SERVER_CONNECT, true); | 497 options.ConfigureFlag(SSL_OP_LEGACY_SERVER_CONNECT, true); |
501 | 498 |
502 SSL_set_options(ssl_, options.set_mask); | 499 SSL_set_options(ssl_, options.set_mask); |
503 SSL_clear_options(ssl_, options.clear_mask); | 500 SSL_clear_options(ssl_, options.clear_mask); |
504 | 501 |
505 // Same as above, this time for the SSL mode. | 502 // Same as above, this time for the SSL mode. |
506 SslSetClearMask mode; | 503 SslSetClearMask mode; |
(...skipping 814 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1321 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 1318 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
1322 user_write_buf_->data()); | 1319 user_write_buf_->data()); |
1323 return rv; | 1320 return rv; |
1324 } | 1321 } |
1325 | 1322 |
1326 int err = SSL_get_error(ssl_, rv); | 1323 int err = SSL_get_error(ssl_, rv); |
1327 return MapOpenSSLError(err, err_tracer); | 1324 return MapOpenSSLError(err, err_tracer); |
1328 } | 1325 } |
1329 | 1326 |
1330 } // namespace net | 1327 } // namespace net |
OLD | NEW |