diff options
Diffstat (limited to 'net/socket')
-rw-r--r-- | net/socket/ssl_server_socket_nss.cc | 8 | ||||
-rw-r--r-- | net/socket/ssl_server_socket_unittest.cc | 14 |
2 files changed, 11 insertions, 11 deletions
diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc index 2e47fb8..270aff0 100644 --- a/net/socket/ssl_server_socket_nss.cc +++ b/net/socket/ssl_server_socket_nss.cc @@ -349,9 +349,15 @@ int SSLServerSocketNSS::InitializeSSLOptions() { der_private_key_info.data = const_cast<unsigned char*>(&key_vector.front()); der_private_key_info.len = key_vector.size(); + // The server's RSA private key must be imported into NSS with the + // following key usage bits: + // - KU_KEY_ENCIPHERMENT, required for the RSA key exchange algorithm. + // - KU_DIGITAL_SIGNATURE, required for the DHE_RSA and ECDHE_RSA key + // exchange algorithms. + const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE; rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( slot, &der_private_key_info, NULL, NULL, PR_FALSE, PR_FALSE, - KU_DIGITAL_SIGNATURE, &private_key, NULL); + key_usage, &private_key, NULL); PK11_FreeSlot(slot); if (rv != SECSuccess) { CERT_DestroyCertificate(cert); diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc index 781a3f4..ca2c884 100644 --- a/net/socket/ssl_server_socket_unittest.cc +++ b/net/socket/ssl_server_socket_unittest.cc @@ -283,9 +283,6 @@ TEST_F(SSLServerSocketTest, Initialize) { TEST_F(SSLServerSocketTest, Handshake) { Initialize(); - if (!base::CheckNSSVersion("3.12.8")) - return; - TestCompletionCallback connect_callback; TestCompletionCallback accept_callback; @@ -306,24 +303,21 @@ TEST_F(SSLServerSocketTest, Handshake) { TEST_F(SSLServerSocketTest, DataTransfer) { Initialize(); - if (!base::CheckNSSVersion("3.12.8")) - return; - TestCompletionCallback connect_callback; TestCompletionCallback accept_callback; // Establish connection. int client_ret = client_socket_->Connect(&connect_callback); - EXPECT_TRUE(client_ret == net::OK || client_ret == net::ERR_IO_PENDING); + ASSERT_TRUE(client_ret == net::OK || client_ret == net::ERR_IO_PENDING); int server_ret = server_socket_->Accept(&accept_callback); - EXPECT_TRUE(server_ret == net::OK || server_ret == net::ERR_IO_PENDING); + ASSERT_TRUE(server_ret == net::OK || server_ret == net::ERR_IO_PENDING); if (client_ret == net::ERR_IO_PENDING) { - EXPECT_EQ(net::OK, connect_callback.WaitForResult()); + ASSERT_EQ(net::OK, connect_callback.WaitForResult()); } if (server_ret == net::ERR_IO_PENDING) { - EXPECT_EQ(net::OK, accept_callback.WaitForResult()); + ASSERT_EQ(net::OK, accept_callback.WaitForResult()); } const int kReadBufSize = 1024; |