Select the first protocol from the next protocol list of SSLConfig if If we didn't find a protocol.

It's possible that there is no overlap between the server advertised protocols and SSL client advertised protocols. And Server even can give a empty protocol list in NPN extension in a ServerHello message. In this case, the SSL client should pick up the first protocol from the next protocol list of SSLConfig. BUG=131769 TEST=None Review URL: https://chromiumcodereview.appspot.com/10532061 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142098 0039d316-1c4b-4281-b951-d872f2087c98
author: jnd@chromium.org <jnd@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-06-14 05:05:49 +0000
committer: jnd@chromium.org <jnd@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-06-14 05:05:49 +0000
commit: 168a841c741eaa8438abecfb6677c8de454b38eb (patch)
tree: 937fcb68994240fe1493f0812668bbd36c7e8c0e /net/socket
parent: 2d9d2cf4a072438addb2c1d0fffa79d010b86d30 (diff)
download: chromium_src-168a841c741eaa8438abecfb6677c8de454b38eb.zip
chromium_src-168a841c741eaa8438abecfb6677c8de454b38eb.tar.gz
chromium_src-168a841c741eaa8438abecfb6677c8de454b38eb.tar.bz2
1 files changed, 19 insertions, 20 deletions
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 8f83ef3..1d379ec 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -42,6 +42,10 @@ const size_t kMaxRecvBufferSize = 4096;
 const int kSessionCacheTimeoutSeconds = 60 * 60;
 const size_t kSessionCacheMaxEntires = 1024;
 
+// If a client doesn't have a list of protocols that it supports, but
+// the server supports NPN, choosing "http/1.1" is the best answer.
+const char kDefaultSupportedNPNProtocol[] = "http/1.1";
+
 // This method doesn't seemed to have made it into the OpenSSL headers.
 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER* cipher) { return cipher->id; }
 
@@ -854,16 +858,15 @@ int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
                                                     unsigned int inlen) {
 #if defined(OPENSSL_NPN_NEGOTIATED)
   if (ssl_config_.next_protos.empty()) {
-    *out = reinterpret_cast<uint8*>(const_cast<char*>("http/1.1"));
-    *outlen = 8;
-    npn_status_ = SSLClientSocket::kNextProtoUnsupported;
+    *out = reinterpret_cast<uint8*>(
+        const_cast<char*>(kDefaultSupportedNPNProtocol));
+    *outlen = arraysize(kDefaultSupportedNPNProtocol) - 1;
+    npn_status_ = kNextProtoUnsupported;
     return SSL_TLSEXT_ERR_OK;
   }
 
   // Assume there's no overlap between our protocols and the server's list.
-  int status = OPENSSL_NPN_NO_OVERLAP;
-  *out = const_cast<unsigned char*>(in) + 1;
-  *outlen = in[0];
+  npn_status_ = kNextProtoNoOverlap;
 
   // For each protocol in server preference order, see if we support it.
   for (unsigned int i = 0; i < inlen; i += in[i] + 1) {
@@ -872,30 +875,26 @@ int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
          j != ssl_config_.next_protos.end(); ++j) {
       if (in[i] == j->size() &&
           memcmp(&in[i + 1], j->data(), in[i]) == 0) {
-        // We find a match.
+        // We found a match.
         *out = const_cast<unsigned char*>(in) + i + 1;
         *outlen = in[i];
-        status = OPENSSL_NPN_NEGOTIATED;
+        npn_status_ = kNextProtoNegotiated;
         break;
       }
     }
-    if (status == OPENSSL_NPN_NEGOTIATED)
+    if (npn_status_ == kNextProtoNegotiated)
       break;
   }
 
+  // If we didn't find a protocol, we select the first one from our list.
+  if (npn_status_ == kNextProtoNoOverlap) {
+    *out = reinterpret_cast<uint8*>(const_cast<char*>(
+        ssl_config_.next_protos[0].data()));
+    *outlen = ssl_config_.next_protos[0].size();
+  }
+
   npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen);
   server_protos_.assign(reinterpret_cast<const char*>(in), inlen);
-  switch (status) {
-    case OPENSSL_NPN_NEGOTIATED:
-      npn_status_ = SSLClientSocket::kNextProtoNegotiated;
-      break;
-    case OPENSSL_NPN_NO_OVERLAP:
-      npn_status_ = SSLClientSocket::kNextProtoNoOverlap;
-      break;
-    default:
-      NOTREACHED() << status;
-      break;
-  }
   DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
 #endif
   return SSL_TLSEXT_ERR_OK;
author	jnd@chromium.org <jnd@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-06-14 05:05:49 +0000
committer	jnd@chromium.org <jnd@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-06-14 05:05:49 +0000
commit	168a841c741eaa8438abecfb6677c8de454b38eb (patch)
tree	937fcb68994240fe1493f0812668bbd36c7e8c0e /net/socket
parent	2d9d2cf4a072438addb2c1d0fffa79d010b86d30 (diff)
download	chromium_src-168a841c741eaa8438abecfb6677c8de454b38eb.zip chromium_src-168a841c741eaa8438abecfb6677c8de454b38eb.tar.gz chromium_src-168a841c741eaa8438abecfb6677c8de454b38eb.tar.bz2