diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-27 01:31:19 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-27 01:31:19 +0000 |
| commit | 1e7cd2c7c0e52296e9c25a71d652bc6a53413eb7 (patch) | |
| tree | c71f4f06a1c6d1c5f7b969014b7d8da108735e01 /net/socket/ssl_client_socket_nss.cc | |
| parent | 3b1f2877c5374e28f745e7b2e7e8bdec520683ed (diff) | |
| download | chromium_src-1e7cd2c7c0e52296e9c25a71d652bc6a53413eb7.zip chromium_src-1e7cd2c7c0e52296e9c25a71d652bc6a53413eb7.tar.gz chromium_src-1e7cd2c7c0e52296e9c25a71d652bc6a53413eb7.tar.bz2 | |
Log an informational message if an SSL server does not support
SSL secure renegotiation.
R=abarth
BUG=none
TEST=Run Chrome witl logging enabled. Visit https://www.google.com/.
An informational message like
[1812:8012:351987676:INFO:ssl_client_socket_nss.cc(651)]
The server www.google.com does not support SSL secure renegotiation.
should be logged. Then visit https://ssltls.de/. No such informational
message should be logged.
Review URL: http://codereview.chromium.org/660144
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40192 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket_nss.cc')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index da7f90a..60af134 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -643,6 +643,23 @@ X509Certificate *SSLClientSocketNSS::UpdateServerCert() { return server_cert_; } +// Log an informational message if the server does not support secure +// renegotiation (RFC 5746). +void SSLClientSocketNSS::CheckSecureRenegotiation() const { + // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6. + // Since SSL_MAX_EXTENSIONS was added at the same time, we can test + // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension. +#if defined(SSL_MAX_EXTENSIONS) + PRBool received_renego_info; + if (SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn, + &received_renego_info) == SECSuccess && + !received_renego_info) { + LOG(INFO) << "The server " << hostname_ + << " does not support SSL secure renegotiation."; + } +#endif +} + void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { EnterFunction(""); ssl_info->Reset(); @@ -1146,6 +1163,8 @@ void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); that->UpdateServerCert(); + + that->CheckSecureRenegotiation(); } int SSLClientSocketNSS::DoHandshake() { |