diff options
author | davidben <davidben@chromium.org> | 2015-11-04 11:24:04 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-11-04 19:25:14 +0000 |
commit | 0635886abf74572f24863c81d776cf6c681a3d7c (patch) | |
tree | 11c69ae0abcd40993aa80a7646c4da2d0c822cbf /net | |
parent | 1603e71e1a5d66d4037a89c44e6338a55e0ef571 (diff) | |
download | chromium_src-0635886abf74572f24863c81d776cf6c681a3d7c.zip chromium_src-0635886abf74572f24863c81d776cf6c681a3d7c.tar.gz chromium_src-0635886abf74572f24863c81d776cf6c681a3d7c.tar.bz2 |
Switch SSLClientSocketOpenSSL to the new BoringSSL renego API.
The current double-negative API was confusing. Fortunately, we needed to make
it an enum in BoringSSL for some other consumer, so that was an excuse to fix
it and deprecate the old one. Also we default to rejecting renego now, so
there's no need to explicitly configure it that way.
BUG=none
Review URL: https://codereview.chromium.org/1410163004
Cr-Commit-Position: refs/heads/master@{#357869}
Diffstat (limited to 'net')
-rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 29c59f7..0d39f64 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -960,10 +960,6 @@ int SSLClientSocketOpenSSL::Init() { if (cert_verifier_->SupportsOCSPStapling()) SSL_enable_ocsp_stapling(ssl_); - // By default, renegotiations are rejected. After the initial handshake - // completes, some application protocols may re-enable it. - SSL_set_reject_peer_renegotiations(ssl_, 1); - return OK; } @@ -1136,7 +1132,7 @@ int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) { set_signed_cert_timestamps_received(sct_list_len != 0); if (IsRenegotiationAllowed()) - SSL_set_reject_peer_renegotiations(ssl_, 0); + SSL_set_renegotiate_mode(ssl_, ssl_renegotiate_freely); // Verify the certificate. UpdateServerCert(); |