diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-02 03:25:44 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-02 03:25:44 +0000 |
| commit | 289097611b67e397ca2242667a1745d3c1fd20e8 (patch) | |
| tree | 1ca46e47b5264a7d4510059f0ff71beeb51af8aa /net/socket | |
| parent | 9f1b3c0ee0cd6d899c380d68ff9aec32e87471a9 (diff) | |
| download | chromium_src-289097611b67e397ca2242667a1745d3c1fd20e8.zip chromium_src-289097611b67e397ca2242667a1745d3c1fd20e8.tar.gz chromium_src-289097611b67e397ca2242667a1745d3c1fd20e8.tar.bz2 | |
Only call SSL_OptionSet in an initial handshake.
This works around the locking problem with SSL_OptionSet in
a renegotiation.
The previous fix r134584 is reverted.
R=agl@chromium.org,rsleevi@chromium.org
BUG=125299
TEST=Run a Chrome debug build on Windows. Visit a site that
does SSL renegotiation. There should be no assertion failure.
For example, visit http://foaf.me, click the
"Login to your account" link at the upperright corner of the
page. Then press the "sign in" button.
Review URL: http://codereview.chromium.org/10290002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@134866 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 7c3440f..54152e9 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -2056,6 +2056,25 @@ SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, PRFileDesc* socket, PRBool checksig, PRBool is_server) { +#ifdef SSL_ENABLE_FALSE_START + SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); + if (!that->server_cert_nss_) { + // Only need to turn off False Start in the initial handshake. Also, it is + // unsafe to call SSL_OptionSet in a renegotiation because the "first + // handshake" lock isn't already held, which will result in an assertion + // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet. + PRBool npn; + SECStatus rv = SSL_HandshakeNegotiatedExtension(socket, + ssl_next_proto_nego_xtn, + &npn); + if (rv != SECSuccess || !npn) { + // If the server doesn't support NPN, then we don't do False Start with + // it. + SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); + } + } +#endif + // Tell NSS to not verify the certificate. return SECSuccess; } |