summaryrefslogtreecommitdiffstats
path: root/net/socket
diff options
context:
space:
mode:
Diffstat (limited to 'net/socket')
-rw-r--r--net/socket/ssl_server_socket_nss.cc8
-rw-r--r--net/socket/ssl_server_socket_unittest.cc14
2 files changed, 11 insertions, 11 deletions
diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc
index 2e47fb8..270aff0 100644
--- a/net/socket/ssl_server_socket_nss.cc
+++ b/net/socket/ssl_server_socket_nss.cc
@@ -349,9 +349,15 @@ int SSLServerSocketNSS::InitializeSSLOptions() {
der_private_key_info.data =
const_cast<unsigned char*>(&key_vector.front());
der_private_key_info.len = key_vector.size();
+ // The server's RSA private key must be imported into NSS with the
+ // following key usage bits:
+ // - KU_KEY_ENCIPHERMENT, required for the RSA key exchange algorithm.
+ // - KU_DIGITAL_SIGNATURE, required for the DHE_RSA and ECDHE_RSA key
+ // exchange algorithms.
+ const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE;
rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
slot, &der_private_key_info, NULL, NULL, PR_FALSE, PR_FALSE,
- KU_DIGITAL_SIGNATURE, &private_key, NULL);
+ key_usage, &private_key, NULL);
PK11_FreeSlot(slot);
if (rv != SECSuccess) {
CERT_DestroyCertificate(cert);
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index 781a3f4..ca2c884 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -283,9 +283,6 @@ TEST_F(SSLServerSocketTest, Initialize) {
TEST_F(SSLServerSocketTest, Handshake) {
Initialize();
- if (!base::CheckNSSVersion("3.12.8"))
- return;
-
TestCompletionCallback connect_callback;
TestCompletionCallback accept_callback;
@@ -306,24 +303,21 @@ TEST_F(SSLServerSocketTest, Handshake) {
TEST_F(SSLServerSocketTest, DataTransfer) {
Initialize();
- if (!base::CheckNSSVersion("3.12.8"))
- return;
-
TestCompletionCallback connect_callback;
TestCompletionCallback accept_callback;
// Establish connection.
int client_ret = client_socket_->Connect(&connect_callback);
- EXPECT_TRUE(client_ret == net::OK || client_ret == net::ERR_IO_PENDING);
+ ASSERT_TRUE(client_ret == net::OK || client_ret == net::ERR_IO_PENDING);
int server_ret = server_socket_->Accept(&accept_callback);
- EXPECT_TRUE(server_ret == net::OK || server_ret == net::ERR_IO_PENDING);
+ ASSERT_TRUE(server_ret == net::OK || server_ret == net::ERR_IO_PENDING);
if (client_ret == net::ERR_IO_PENDING) {
- EXPECT_EQ(net::OK, connect_callback.WaitForResult());
+ ASSERT_EQ(net::OK, connect_callback.WaitForResult());
}
if (server_ret == net::ERR_IO_PENDING) {
- EXPECT_EQ(net::OK, accept_callback.WaitForResult());
+ ASSERT_EQ(net::OK, accept_callback.WaitForResult());
}
const int kReadBufSize = 1024;
generated by cgit v1.1 at 2024-09-06 23:53:04 +0000