summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authordavidben <davidben@chromium.org>2015-11-04 11:24:04 -0800
committerCommit bot <commit-bot@chromium.org>2015-11-04 19:25:14 +0000
commit0635886abf74572f24863c81d776cf6c681a3d7c (patch)
tree11c69ae0abcd40993aa80a7646c4da2d0c822cbf /net
parent1603e71e1a5d66d4037a89c44e6338a55e0ef571 (diff)
downloadchromium_src-0635886abf74572f24863c81d776cf6c681a3d7c.zip
chromium_src-0635886abf74572f24863c81d776cf6c681a3d7c.tar.gz
chromium_src-0635886abf74572f24863c81d776cf6c681a3d7c.tar.bz2
Switch SSLClientSocketOpenSSL to the new BoringSSL renego API.
The current double-negative API was confusing. Fortunately, we needed to make it an enum in BoringSSL for some other consumer, so that was an excuse to fix it and deprecate the old one. Also we default to rejecting renego now, so there's no need to explicitly configure it that way. BUG=none Review URL: https://codereview.chromium.org/1410163004 Cr-Commit-Position: refs/heads/master@{#357869}
Diffstat (limited to 'net')
-rw-r--r--net/socket/ssl_client_socket_openssl.cc6
1 files changed, 1 insertions, 5 deletions
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 29c59f7..0d39f64 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -960,10 +960,6 @@ int SSLClientSocketOpenSSL::Init() {
if (cert_verifier_->SupportsOCSPStapling())
SSL_enable_ocsp_stapling(ssl_);
- // By default, renegotiations are rejected. After the initial handshake
- // completes, some application protocols may re-enable it.
- SSL_set_reject_peer_renegotiations(ssl_, 1);
-
return OK;
}
@@ -1136,7 +1132,7 @@ int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) {
set_signed_cert_timestamps_received(sct_list_len != 0);
if (IsRenegotiationAllowed())
- SSL_set_reject_peer_renegotiations(ssl_, 0);
+ SSL_set_renegotiate_mode(ssl_, ssl_renegotiate_freely);
// Verify the certificate.
UpdateServerCert();