diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-10 20:32:50 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-10 20:32:50 +0000 |
| commit | 815cdf2a322599b013051acf4fd890e9bc3e709a (patch) | |
| tree | d8f58f713c124491bbda4894d0261fef64f3aed0 /net/socket | |
| parent | 6377a003e5948a14cf79bf6433e4c89dbc9354e0 (diff) | |
| download | chromium_src-815cdf2a322599b013051acf4fd890e9bc3e709a.zip chromium_src-815cdf2a322599b013051acf4fd890e9bc3e709a.tar.gz chromium_src-815cdf2a322599b013051acf4fd890e9bc3e709a.tar.bz2 | |
Add the encrypted client certificates TLS extension and enable it if
origin-bound certificates are enabled.
The patch was originally written by Adam Langley.
R=agl@chromium.org
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/8495003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@109493 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 0c948a4..2595350 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -971,6 +971,15 @@ int SSLClientSocketNSS::InitializeSSLOptions() { LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS"); #endif +#ifdef SSL_ENCRYPT_CLIENT_CERTS + // For now, enable the encrypted client certificates extension only if + // origin-bound certificates are enabled. + rv = SSL_OptionSet(nss_fd_, SSL_ENCRYPT_CLIENT_CERTS, + ssl_config_.origin_bound_certs_enabled); + if (rv != SECSuccess) + LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENCRYPT_CLIENT_CERTS"); +#endif + rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); if (rv != SECSuccess) { LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); |