diff options
| author | dkegel@google.com <dkegel@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-12-02 20:42:04 +0000 |
|---|---|---|
| committer | dkegel@google.com <dkegel@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-12-02 20:42:04 +0000 |
| commit | 39a0a3b65ef2f0851b185d5bade5681e440970fd (patch) | |
| tree | aa40ec6c8ec21401162e2b02c6e17706e96dac76 /base | |
| parent | 469008cf9387bd1e5ef802deb09efa2ba4d8b738 (diff) | |
| download | chromium_src-39a0a3b65ef2f0851b185d5bade5681e440970fd.zip chromium_src-39a0a3b65ef2f0851b185d5bade5681e440970fd.tar.gz chromium_src-39a0a3b65ef2f0851b185d5bade5681e440970fd.tar.bz2 | |
Revert r6233, need to move the cert, there is a policy against
net depending on chrome
Review URL: http://codereview.chromium.org/13059
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6237 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base')
| -rw-r--r-- | base/nss_init.cc | 49 |
1 files changed, 2 insertions, 47 deletions
diff --git a/base/nss_init.cc b/base/nss_init.cc index df2beea..c8ba44b 100644 --- a/base/nss_init.cc +++ b/base/nss_init.cc @@ -9,76 +9,31 @@ // Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424 // until NSS 3.12.2 comes out and we update to it. #define Lock FOO_NSS_Lock -#include <secmod.h> #include <ssl.h> #undef Lock -#include "base/file_util.h" #include "base/logging.h" #include "base/singleton.h" namespace { -// Load nss's built-in root certs. -SECMODModule *InitDefaultRootCerts() { - const char* kModulePath = "libnssckbi.so"; - char modparams[1024]; - snprintf(modparams, sizeof(modparams), - "name=\"Root Certs\" library=\"%s\"", kModulePath); - SECMODModule *root = SECMOD_LoadUserModule(modparams, NULL, PR_FALSE); - if (root) - return root; - - // Aw, snap. Can't find/load root cert shared library. - // This will make it hard to talk to anybody via https. - NOTREACHED(); - return NULL; -} - class NSSInitSingleton { public: NSSInitSingleton() { - - // Initialize without using a persistant database (e.g. ~/.netscape) CHECK(NSS_NoDB_Init(".") == SECSuccess); - - root_ = InitDefaultRootCerts(); - + // Enable ciphers NSS_SetDomesticPolicy(); - - // Explicitly enable exactly those ciphers with keys of at least 80 bits - for (int i = 0; i < SSL_NumImplementedCiphers; i++) { - SSLCipherSuiteInfo info; - if (SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &info, - sizeof(info)) == SECSuccess) { - SSL_CipherPrefSetDefault(SSL_ImplementedCiphers[i], - (info.effectiveKeyBits >= 80)); - } - } - // Enable SSL SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); - - // All other SSL options are set per-session by SSLClientSocket } ~NSSInitSingleton() { - if (root_) { - SECMOD_UnloadUserModule(root_); - SECMOD_DestroyModule(root_); - root_ = NULL; - } - // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY SSL_ClearSessionCache(); SECStatus status = NSS_Shutdown(); - if (status != SECSuccess) - LOG(ERROR) << "NSS_Shutdown failed, leak? See " - "http://code.google.com/p/chromium/issues/detail?id=4609"; + DCHECK(status == SECSuccess); } - private: - SECMODModule *root_; }; } // namespace |