diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-08 04:50:51 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-08 04:50:51 +0000 |
| commit | 463d474661abf3f3ed431eb73457efa7a6946201 (patch) | |
| tree | ae68db331391c7ee1e31e37c85d3d4fa109cd29d /media/media.gyp | |
| parent | eef1877c0252e116b2b90290061febc9e4022e33 (diff) | |
| download | chromium_src-463d474661abf3f3ed431eb73457efa7a6946201.zip chromium_src-463d474661abf3f3ed431eb73457efa7a6946201.tar.gz chromium_src-463d474661abf3f3ed431eb73457efa7a6946201.tar.bz2 | |
Fix server initiated SSL renegotiation for SSLClientSocketMac
The use of kSSLSessionOptionBreakOnServerAuth/kSSLSessionoptionbreakOnCertRequested is bugged on OS X 10.5.8+, and will prevent server-initiated renegotiation (eg: to request a certificate) from working.
Further, the implementation of SSLClientSocketMac, when used on 10.6+, cause it to abort the connection if, after the initial handshake, a certificate is requested (eg: during a re-handshake).
Finally, if a renegotiation happens after the initial certificate has been validated, we do not update the server certificate with the new value, nor is it revalidated, which is different than what happens on Windows/NSS.
This removes the use of both options, and changes the state machine to detect when a renegotiation/rehandshake is underway, and re-verify the server certificate before continuing with application data.
R=wtc
BUG=45576
TEST=Visit any site that requests SSL client auth over renegotiation.
Review URL: http://codereview.chromium.org/3120036
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61917 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'media/media.gyp')
0 files changed, 0 insertions, 0 deletions