diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-27 02:58:03 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-27 02:58:03 +0000 |
| commit | 829296f90376786ffe556cd83540d404e988c36d (patch) | |
| tree | 62d3d04a5e215129afa21eea78dcb179b07ca9db /base/nss_util.cc | |
| parent | 7eb2110136de4cb6b31c76f489e6290b1ce8b6fd (diff) | |
| download | chromium_src-829296f90376786ffe556cd83540d404e988c36d.zip chromium_src-829296f90376786ffe556cd83540d404e988c36d.tar.gz chromium_src-829296f90376786ffe556cd83540d404e988c36d.tar.bz2 | |
Refactor EnsureNSSInit. Move the NSS SSL library
initialization to SSLClientSocketNSS in src/net so that
src/base does not depend on the NSS SSL library. Call
PL_ArenaFinish in the NSPRInitSingleton destructor instead
of the NSSInitSingleton destructor because PLArena is part
of NSPR.
R=agl,ukai
BUG=28744
TEST=covered by existing tests.
Review URL: http://codereview.chromium.org/554096
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37223 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/nss_util.cc')
| -rw-r--r-- | base/nss_util.cc | 41 |
1 files changed, 2 insertions, 39 deletions
diff --git a/base/nss_util.cc b/base/nss_util.cc index 2f7ff7f..f440f70 100644 --- a/base/nss_util.cc +++ b/base/nss_util.cc @@ -4,7 +4,6 @@ #include "base/nss_util.h" -#include <dlfcn.h> #include <nss.h> #include <plarena.h> #include <prerror.h> @@ -12,7 +11,6 @@ #include <prtime.h> #include <pk11pub.h> #include <secmod.h> -#include <ssl.h> #include "base/file_util.h" #include "base/logging.h" @@ -41,7 +39,7 @@ SECMODModule *InitDefaultRootCerts() { const char* kModulePath = "libnssckbi.so"; char modparams[1024]; snprintf(modparams, sizeof(modparams), - "name=\"Root Certs\" library=\"%s\"", kModulePath); + "name=\"Root Certs\" library=\"%s\"", kModulePath); SECMODModule *root = SECMOD_LoadUserModule(modparams, NULL, PR_FALSE); if (root) return root; @@ -61,6 +59,7 @@ class NSPRInitSingleton { } ~NSPRInitSingleton() { + PL_ArenaFinish(); PRStatus prstatus = PR_Cleanup(); if (prstatus != PR_SUCCESS) { LOG(ERROR) << "PR_Cleanup failed; was NSPR initialized on wrong thread?"; @@ -118,37 +117,6 @@ class NSSInitSingleton { } root_ = InitDefaultRootCerts(); - - NSS_SetDomesticPolicy(); - -#if defined(USE_SYSTEM_SSL) - // Use late binding to avoid scary but benign warning - // "Symbol `SSL_ImplementedCiphers' has different size in shared object, - // consider re-linking" - const PRUint16* pSSL_ImplementedCiphers = static_cast<const PRUint16*>( - dlsym(RTLD_DEFAULT, "SSL_ImplementedCiphers")); - if (pSSL_ImplementedCiphers == NULL) { - NOTREACHED() << "Can't get list of supported ciphers"; - return; - } -#else -#define pSSL_ImplementedCiphers SSL_ImplementedCiphers -#endif - - // Explicitly enable exactly those ciphers with keys of at least 80 bits - for (int i = 0; i < SSL_NumImplementedCiphers; i++) { - SSLCipherSuiteInfo info; - if (SSL_GetCipherSuiteInfo(pSSL_ImplementedCiphers[i], &info, - sizeof(info)) == SECSuccess) { - SSL_CipherPrefSetDefault(pSSL_ImplementedCiphers[i], - (info.effectiveKeyBits >= 80)); - } - } - - // Enable SSL - SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); - - // All other SSL options are set per-session by SSLClientSocket. } ~NSSInitSingleton() { @@ -158,9 +126,6 @@ class NSSInitSingleton { root_ = NULL; } - // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY - SSL_ClearSessionCache(); - SECStatus status = NSS_Shutdown(); if (status != SECSuccess) { // We LOG(INFO) because this failure is relatively harmless @@ -168,8 +133,6 @@ class NSSInitSingleton { LOG(INFO) << "NSS_Shutdown failed; see " "http://code.google.com/p/chromium/issues/detail?id=4609"; } - - PL_ArenaFinish(); } private: |