diff options
| author | dank@chromium.org <dank@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-26 22:47:26 +0000 |
|---|---|---|
| committer | dank@chromium.org <dank@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-26 22:47:26 +0000 |
| commit | e03b3477198cc99ab43e501b782710749ba2478e (patch) | |
| tree | a065af6f26a6ea653bea8fbc6126c73ec98479e6 /base/nss_init.cc | |
| parent | cbc636789f8cbfa17cd28abe0dee0e5fba75a112 (diff) | |
| download | chromium_src-e03b3477198cc99ab43e501b782710749ba2478e.zip chromium_src-e03b3477198cc99ab43e501b782710749ba2478e.tar.gz chromium_src-e03b3477198cc99ab43e501b782710749ba2478e.tar.bz2 | |
Roll back r6063. TBR.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6067 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/nss_init.cc')
| -rw-r--r-- | base/nss_init.cc | 61 |
1 files changed, 2 insertions, 59 deletions
diff --git a/base/nss_init.cc b/base/nss_init.cc index f43bf3f..c8ba44b 100644 --- a/base/nss_init.cc +++ b/base/nss_init.cc @@ -9,88 +9,31 @@ // Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424 // until NSS 3.12.2 comes out and we update to it. #define Lock FOO_NSS_Lock -#include <secmod.h> #include <ssl.h> #undef Lock -#include "base/file_util.h" #include "base/logging.h" #include "base/singleton.h" namespace { -// Load nss's built-in root certs. -// TODO(port): figure out a less hacky way to do this -const char *possible_locations[] = { - "libnssckbi.so", - "/usr/lib32/nss/libnssckbi.so", - "/usr/lib/nss/libnssckbi.so", - "/usr/lib32/libnssckbi.so", - "/usr/lib/libnssckbi.so", - NULL -}; -SECMODModule *InitDefaultRootCerts() { - int i; - for (i=0; possible_locations[i]; i++) { - if (possible_locations[i][0] == '/' && access(possible_locations[i], R_OK)) - continue; - char modparams[1024]; - snprintf(modparams, sizeof(modparams), - "name=\"Root Certs\" library=\"%s\"\n", possible_locations[i]); - SECMODModule *root = SECMOD_LoadUserModule(modparams, NULL, PR_FALSE); - if (root) - return root; - } - // Aw, snap. Can't find/load root cert shared library. - // This will make it hard to talk to anybody via https. - NOTREACHED(); - return NULL; -} - class NSSInitSingleton { public: NSSInitSingleton() { - - // Initialize without using a persistant database (e.g. ~/.netscape) CHECK(NSS_NoDB_Init(".") == SECSuccess); - - root_ = InitDefaultRootCerts(); - + // Enable ciphers NSS_SetDomesticPolicy(); - - // Explicitly enable exactly those ciphers with keys of at least 80 bits - for (int i = 0; i < SSL_NumImplementedCiphers; i++) { - SSLCipherSuiteInfo info; - if (SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &info, - sizeof(info)) == SECSuccess) { - SSL_CipherPrefSetDefault(SSL_ImplementedCiphers[i], - (info.effectiveKeyBits >= 80)); - } - } - // Enable SSL SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); - - // All other SSL options are set per-session by SSLClientSocket } ~NSSInitSingleton() { - if (root_) { - SECMOD_UnloadUserModule(root_); - SECMOD_DestroyModule(root_); - root_ = NULL; - } - // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY SSL_ClearSessionCache(); SECStatus status = NSS_Shutdown(); - if (status != SECSuccess) - LOG(ERROR) << "NSS_Shutdown failed, leak? See " - "http://code.google.com/p/chromium/issues/detail?id=4609"; + DCHECK(status == SECSuccess); } - private: - SECMODModule *root_; }; } // namespace |