| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 1894 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1905 // TLS 1.0. | 1905 // TLS 1.0. |
| 1906 // | 1906 // |
| 1907 // ERR_CONNECTION_RESET is a common network error, so we don't want it | 1907 // ERR_CONNECTION_RESET is a common network error, so we don't want it |
| 1908 // to trigger a version fallback in general, especially the TLS 1.0 -> | 1908 // to trigger a version fallback in general, especially the TLS 1.0 -> |
| 1909 // SSL 3.0 fallback, which would drop TLS extensions. | 1909 // SSL 3.0 fallback, which would drop TLS extensions. |
| 1910 if (prerr == PR_CONNECT_RESET_ERROR && | 1910 if (prerr == PR_CONNECT_RESET_ERROR && |
| 1911 ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1_1) { | 1911 ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1_1) { |
| 1912 net_error = ERR_SSL_PROTOCOL_ERROR; | 1912 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 1913 } | 1913 } |
| 1914 | 1914 |
| 1915 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or 1.2 |
| 1916 // ClientHello, but then return a bad-record-MAC alert. See |
| 1917 // crbug.com/260358. In order to make the fallback as minimal as possible, |
| 1918 // this fallback is only triggered for >= TLS 1.1. |
| 1919 if (net_error == ERR_SSL_BAD_RECORD_MAC_ALERT && |
| 1920 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_1) { |
| 1921 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 1922 } |
| 1923 |
| 1915 // If not done, stay in this state | 1924 // If not done, stay in this state |
| 1916 if (net_error == ERR_IO_PENDING) { | 1925 if (net_error == ERR_IO_PENDING) { |
| 1917 GotoState(STATE_HANDSHAKE); | 1926 GotoState(STATE_HANDSHAKE); |
| 1918 } else { | 1927 } else { |
| 1919 PostOrRunCallback( | 1928 PostOrRunCallback( |
| 1920 FROM_HERE, | 1929 FROM_HERE, |
| 1921 base::Bind(&AddLogEventWithCallback, weak_net_log_, | 1930 base::Bind(&AddLogEventWithCallback, weak_net_log_, |
| 1922 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1931 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 1923 CreateNetLogSSLErrorCallback(net_error, prerr))); | 1932 CreateNetLogSSLErrorCallback(net_error, prerr))); |
| 1924 } | 1933 } |
| (...skipping 1621 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3546 EnsureThreadIdAssigned(); | 3555 EnsureThreadIdAssigned(); |
| 3547 base::AutoLock auto_lock(lock_); | 3556 base::AutoLock auto_lock(lock_); |
| 3548 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3557 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3549 } | 3558 } |
| 3550 | 3559 |
| 3551 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3560 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3552 return server_bound_cert_service_; | 3561 return server_bound_cert_service_; |
| 3553 } | 3562 } |
| 3554 | 3563 |
| 3555 } // namespace net | 3564 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19666007:
Merge 212122 "net: allow fallback down to TLS 1.0 in the event o..." (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/1500_68/src/