| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds RetainedRef uses where they are required. These
changes will be required when we remove automatic unwrapping of
scoped_refptrs in Bind.
Please see the bug for more context.
R=tzik@chromium.org, thakis@chromium.org, danakj@chromium.org
TBR=boliu@chromium.org, droger@chromium.org, agl@chromium.org
BUG=589048
Review URL: https://codereview.chromium.org/1822943002
Cr-Commit-Position: refs/heads/master@{#382639}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit c4699f6 ("net: add IsUsingTCPFastOpen() method to SequencedSocketData
test class") removed the usage of UsingTCPFastOpen(), so now it can be
removed safely.
BUG=488598
TEST=net_unittests
R=mmenke@chromium.org
TBR=dgozman@chromium.org,sergeyu@chromium.org
Review URL: https://codereview.chromium.org/1821633003
Cr-Commit-Position: refs/heads/master@{#382604}
|
| |
|
|
|
|
|
|
|
|
|
| |
This changes the macro used to be USE_NSS_VERIFIER and modifies build
files to no longer assume iOS is using NSS.
BUG=591545
Review URL: https://codereview.chromium.org/1808963004
Cr-Commit-Position: refs/heads/master@{#382077}
|
| |
|
|
|
|
|
|
|
|
|
| |
This was never implemented outside NSS sockets and things aren't using it
anywhere. Token Binding is now using key exporters, so we can remove this.
BUG=none
Review URL: https://codereview.chromium.org/1807063002
Cr-Commit-Position: refs/heads/master@{#381626}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL introduces an Expect CT policy in the form of a
CTPolicyEnforcer::DoesConformToCertPolicy() method. This policy is
checked on all certs, and the results are stored in SSLInfo. In a future CL,
this SSLInfo field will be used to determine whether or not to send a
report for a site that expected valid CT to info to be present on its
connections.
BUG=568806
Review URL: https://codereview.chromium.org/1578993003
Cr-Commit-Position: refs/heads/master@{#377662}
|
| |
|
|
|
|
|
|
| |
BUG=548423
Review URL: https://codereview.chromium.org/1679413002
Cr-Commit-Position: refs/heads/master@{#376845}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds a field to SSLInfo to record whether CT policies were
enforced on the connection and details about the connection's compliance
with the CT EV policy.
This will eventually allow UI to explain to domain owners why their
site's EV status might be getting stripped.
This also lays the groundwork for introducing an Expect-CT policy, which
will be applied on all certificates. //net will apply the expect CT
policy and export the result via the new field in SSLInfo, so that code
outside net can send a report if desired.
BUG=568806
Review URL: https://codereview.chromium.org/1652603002
Cr-Commit-Position: refs/heads/master@{#376256}
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adds a new method to SSLClientSocket to get the Token Binding from an SSL
connection where Token Binding was negotiated, and uses that to add the
Set-Token-Binding HTTP header (only when Token Binding was negotiated).
BUG=467312
Review URL: https://codereview.chromium.org/1378613004
Cr-Commit-Position: refs/heads/master@{#371347}
|
| |
|
|
|
|
|
|
|
|
| |
BUG=557422
R=rickyz@chromium.org
TBR=jam@chromium.org
Review URL: https://codereview.chromium.org/1586833002
Cr-Commit-Position: refs/heads/master@{#369328}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves SockaddrStorage type into its own header file,
as it seems more appropriate than in the generic net_util.h. This
should help breakout net_util.h even further. We are almost there.
BUG=488531
TEST=net_unittests
R=eroman@chromium.org
TBR=vitalybuka@chromium.org
Review URL: https://codereview.chromium.org/1584503002
Cr-Commit-Position: refs/heads/master@{#369081}
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a cleanup in preparation for implementing some CT changes
including Expect-CT.
BUG=568806
Review URL: https://codereview.chromium.org/1579233002
Cr-Commit-Position: refs/heads/master@{#368993}
|
| |
|
|
|
|
|
|
|
| |
BUG=488550
TBR=mmenke@chromium.org
Review URL: https://codereview.chromium.org/1535363003 .
Cr-Commit-Position: refs/heads/master@{#366297}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
While the option to manually enable RC4 exists (via SSLConfig's
|rc4_enabled|, which can be controlled via admin policy or field trial), it
should only be enabled in fallback handshakes, where no other
ciphersuite could be negotiated.
BUG=568694
Review URL: https://codereview.chromium.org/1512753007
Cr-Commit-Position: refs/heads/master@{#364534}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Start gathering metrics on how feasible it would be to remove DHE. Only servers
which require it will now negotiate it. This is expected to come with a drop in
DHE_RSA ciphers and ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY errors, and an
increase in plain RSA ciphers. It is not expected to break any sites.
BUG=538690
TEST=Loading https://dh2048.badssl.com/ does NOT fail.
Review URL: https://codereview.chromium.org/1454223003
Cr-Commit-Position: refs/heads/master@{#360844}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This method has the common code to update SignedCertificateTimestamps
This code was duplicated in openssl and nss.
QUIC will be calling the following method soon.
R=rch@chromium.org
Review URL: https://codereview.chromium.org/1452053005
Cr-Commit-Position: refs/heads/master@{#360602}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RC4 may still be re-enabled via the RC4Enabled administrative policy, until
sometime around September. Also control it via a field trial so we still have
an escape hatch should something catastrophic happen.
Keep the deprecated cipher suite fallback around (rename the parameter since I
got the naming convention wrong) since it's still got the IIS AES-GCM
workaround in it, and it will be used in not too long for DHE_RSA instead.
BUG=375342
TEST=Loading https://rc4.badssl.com/ fails with ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Relaunching Chrome with --force-fieldtrials=RC4Ciphers/Enabled/ makes that page succeed.
Relaunching Chrome after setting the RC4Enabled polcy to true makes that page succeed.
(Note: press refresh when loading the site to make sure it's not cached.)
Review URL: https://codereview.chromium.org/1422293002
Cr-Commit-Position: refs/heads/master@{#357114}
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes mmenke's TODO for it.
BUG=None
R=mmenke@chromium.org,eroman@chromium.org
Review URL: https://codereview.chromium.org/1424733004
Cr-Commit-Position: refs/heads/master@{#356279}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the requirements for 'modern' ECDHE + AEAD, rather than PFS + AEAD.
Given that we'd been hoping to ditch DHE for a while, we should at least get it
out of the modern bucket.
The HTTP/2 requirements stay the same since those are snapshotted into the spec
already. Though early data says that no one uses HTTP/2 with DHE_RSA, which is
good for removal prospects.
BUG=538690
Review URL: https://codereview.chromium.org/1405383003
Cr-Commit-Position: refs/heads/master@{#356000}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Split SSLConfig.next_proto into two members: one for ALPN, one for NPN.
* Remove HTTP/2 from NPN.
* In OpenSSL, use alpn_protos for |ALPN|, and npn_protos for |NPN|.
* In NSS, use |alpn_protos| for both.
* In NSS, disable NPN if |npn_protos| is empty.
BUG=527066
Review URL: https://codereview.chromium.org/1387363004
Cr-Commit-Position: refs/heads/master@{#355427}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Channel ID, although asserted anew per for each connection, requires that both
ends track the original connection's handshake hash on a session. Servers may
only do this when Channel ID is enabled, so we need to shard the cache.
In writing the tests, do away with ConnectToTestServer which far too stateful
of a helper function. Instead fold it into CreateAndConnectSSLClientSocket. A
follow-up will update tests to use these helpers.
BUG=none
Review URL: https://codereview.chromium.org/1407303002
Cr-Commit-Position: refs/heads/master@{#354571}
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We no longer need to worry about the system NSS on decrepit Linux
distributions. The only platform where ECPrivateKey is backed by NSS is iOS and
we control that one.
BUG=519504
Review URL: https://codereview.chromium.org/1408813002
Cr-Commit-Position: refs/heads/master@{#354379}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GetTotalReceivedBytes() returns the number of bytes
read from the network. Currently, only TCPClientSocket
implements GetTotalReceivedBytes().
Tests are in ssl_client_socket_unittest.cc.
Right now GetTotalReceivedBytes() is not plumbed to the
higher layers. Once that's done, this will help us in
precisely computing the network bytes used by a request.
BUG=537754
Review URL: https://codereview.chromium.org/1343563002
Cr-Commit-Position: refs/heads/master@{#354092}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is DNS specific so it makes more sense to have it in net/dns rather
than in the generic net/base directory.
BUG=None
R=eroman@chromium.org,mmenke@chromium.org
TBR=gene@chromium.org,bauerb@chromium.org
NOPRESUBMIT=true
Review URL: https://codereview.chromium.org/1394233003
Cr-Commit-Position: refs/heads/master@{#353475}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Reorder protocols to decreasing preference order in IOThread.
* Reorder protocols to decreasing preference order in next_proto.cc.
* Reorder protocols in SSLClientSocketNSS to counteract NSS's internal
reordering.
* Use last one as fallback instead of first one
in SSLClientSocketOpenSSL::SelectNextProtoCallback.
Net effect:
* HTTP/2 now preceeds SPDY/3.1.
* NSS: otherwise unchanged for both ALPN and NPN, because changes cancel out.
* BoringSSL NPN: otherwise unchanged, because changes cancel out.
* BoringSSL ALPN: protocols are advertised in decreasing order of preference
as prescribed by the specification. (Beforehand the first one advertised was
HTTP/1.1).
BUG=267858
Review URL: https://codereview.chromium.org/1374373006
Cr-Commit-Position: refs/heads/master@{#352553}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is no longer used. This doesn't attempt to unwind
the threading logic from SSLClientSocketNSS as that will
be a much more involved endeavor. (And possibly not worth
it since the code is, ultimately, doomed.)
BUG=519504
Review URL: https://codereview.chromium.org/1379683003
Cr-Commit-Position: refs/heads/master@{#351562}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We no longer care about this. The only platform with a potentially decrepit
system NSS (desktop Linux on stagnant distros) is now using BoringSSL for the
majority of crypto. We may freely assume TLS 1.2 and AES-GCM support in our TLS
and crypto libraries. iOS is still on NSS for the bulk of crypto, but that NSS
is bundled, so we may assume AES-GCM is available and call PK11_Encrypt or
PK11_Decrypt freely.
BUG=519504
Review URL: https://codereview.chromium.org/1374073002
Cr-Commit-Position: refs/heads/master@{#351414}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Break out HTTP/2 protocol removal from SSLClientSocket::SerializeNextProtos() to
SSLClientSocket::DisableHTTP2() method. DisableHTTP2() will be used for NPN to
create a NextProtoVector that can be used by the callback function (no
serialization is necessary for this.)
BUG=527066
Review URL: https://codereview.chromium.org/1371263002
Cr-Commit-Position: refs/heads/master@{#351210}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usually it is only needed in source files because net_util.h is a collection
of free functions.
BUG=None
TEST=net_unittests
R=mmenke@chromium.org
TBR=brettw@chromium.org
Review URL: https://codereview.chromium.org/1311353009
Cr-Commit-Position: refs/heads/master@{#347764}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Although StreamSocket does allow calling Connect after Disconnect,
this has never worked for layered sockets. For SSLClientSocket, we
call Read after Disconnect on the transport and crash. To better
diagnose such problems, CHECK on the offending Connect.
BUG=521065
Review URL: https://codereview.chromium.org/1291723008
Cr-Commit-Position: refs/heads/master@{#344491}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now, failure to parse certificates map to ERR_SSL_PROTOCOL_ERROR
(or ERR_FAILED in NSS because our error-mapping logic isn't very good
for either case), however since we use two certificate libraries
together, it's possible for BoringSSL to accept a certificate while
the platform doesn't. (Especially so because BoringSSL is still using
OpenSSL's legacy X.509 stack which is very shoddy. Also Windows will
refuse to parse things like certificates which expire on 0001-01-01.)
Today, this results in ERR_CERT_INVALID (IsCertificateError gives true)
with a NULL X509Certificate, crashing everywhere. Instead, these errors
should be treated the same as if BoringSSL internally rejected the
certificate. Map them to a new error code (for ease of debugging),
ERR_SSL_SERVER_CERT_BAD_FORMAT. IsCertificateError will return false
for this error.
We should now actually maintain the invariant that IsCertificateError
implies there is a certificate available.
The user-visible error page just inherits ERR_SSL_PROTOCOL_ERROR's
strings, as there is no meaningful difference between "BoringSSL
rejected the cert" and "BoringSSL rejected the cert but Windows didn't".
Likewise, this error is unrecoverable, matching ERR_SSL_PROTOCOL_ERROR.
This removes support for using SSLClientSocket in an environment
where X509Certificates cannot be created. With remoting no longer using
the internal plugin, this is no longer necessary.
BUG=91341
Review URL: https://codereview.chromium.org/1286793002
Cr-Commit-Position: refs/heads/master@{#343720}
|
| |
|
|
|
|
|
|
|
|
|
| |
This is useful for clients that only wants to show CT
info if the certificate is not CT compliant.
BUG=None
Review URL: https://codereview.chromium.org/1287023003
Cr-Commit-Position: refs/heads/master@{#343170}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds code to TransportSecurityState to build HPKP reports, and
sends them with a CertificateReportSender constructed by
ProfileIOData. Calls to CheckPublicKeyPins() indicate whether a report
should be sent and pass necessary reporting information as arguments.
CL #1: crrev.com/1211363005 (parse report-uri)
CL #2: crrev.com/1212973002 (add net::CertificateReportSender)
This is CL #3.
BUG=445793
Review URL: https://codereview.chromium.org/1212613004
Cr-Commit-Position: refs/heads/master@{#340687}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current behavior is to remove the EV flag if the ct enforcer is not
set by the embedder. This somewhat unexpectedly removes EV for all
servers, if the embedder has not taken explicit actions to turn
on CT.
CT should either be ignored when policy enforcer is not present,
or there should be asserts warning about the missing EV-white
list. This patch chooses the first option as CT is not yet a
security requirement, and I don't think it's correct to demand
CT support quite yet.
Note that this change has no effect on Chrome's default behavior.
BUG=NONE
Review URL: https://codereview.chromium.org/1211423002
Cr-Commit-Position: refs/heads/master@{#336539}
|
| |
|
|
|
|
|
|
|
|
| |
code with HttpStreamFactoryImpl::Job and SSLClientSocket*.*.
R=rch@chromium.org, rsleevi@chromium.org
Review URL: https://codereview.chromium.org/1202313004
Cr-Commit-Position: refs/heads/master@{#335934}
|
| |
|
|
|
|
|
|
|
|
|
| |
Also removes a number of histogram.h includes that are apparently
unused.
BUG=416479
Review URL: https://codereview.chromium.org/1187813006
Cr-Commit-Position: refs/heads/master@{#334825}
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Also added support for enable_ecdhe flag in SSLClientSocketOpenSSL and
SSLClientSocketNSS. It's not really needed with NSS as the client
is only compiled with BoringSSL, but added it anyway for consistency.
BUG=481163
Review URL: https://codereview.chromium.org/1191623002
Cr-Commit-Position: refs/heads/master@{#334684}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a field to SSLInfo to contain the chain as received by the client,
which can be different than the SSLInfo::cert containing the chain that
was verified. The new |served_cert| field is not persisted to the cache
for an HttpResponseInfo and thus can be null.
BUG=498945
Review URL: https://codereview.chromium.org/1174073003
Cr-Commit-Position: refs/heads/master@{#334292}
|
| |
|
|
|
|
|
|
| |
BUG=486265
Review URL: https://codereview.chromium.org/1149083013
Cr-Commit-Position: refs/heads/master@{#333770}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When creating a new Channel ID, an X.509 certificate is created, even though
only the keypair is used. This CL removes the generation and storage of
certificates for Channel ID and updates the callsites to use the modified
API that only exposes a crypto::ECPrivateKey.
BUG=457566
Review URL: https://codereview.chromium.org/1076063002
Cr-Commit-Position: refs/heads/master@{#332260}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Once the consumers have all been updated to work with unsigned buffer lengths, I will remove the signed int versions. For now this change adds some runtime safety checks, and facilitates the ongoing conversion to size_t.
A minority of consumers were calling IOBuffer with something other than "int" or "size_t", and those were updated by this change.
BUG=488553,491315
TBR=michaeln@chromium.org,pfeldman@chromium.org,bradnelson@chromium.org, rockot@chromium.org, dimich@chromium.org
Review URL: https://codereview.chromium.org/1147333003
Cr-Commit-Position: refs/heads/master@{#331485}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL classifies the following fallback triggers in BoringSSL ports:
- ClientHello intolerance.
- Microsoft's buggy AES-GCM implementation.
- CertificateVerify was rejected (some servers broke TLS 1.2 client auth).
- Resuming a session at the wrong version.
- F5's buggy NPN implementation.
- Other.
It also records how often each error code triggers the fallback.
Initial numbers for the fixed metrics are actually rather encouraging,
but put this in place for the same release if larger populations' numbers
are worse and we'd need to carve out large swathes of intolerance with
less problematic workarounds.
BUG=459690
Review URL: https://codereview.chromium.org/1127623005
Cr-Commit-Position: refs/heads/master@{#330215}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, the TransportConnectJob simply inferred that, if the main socket
failed to connect, the address it was using was the last address in the
list. With this change, the TCPClientSocket actually tracks all of the
connection attempts made (as it tries each address in the list), and the
TransportConnectJob copies the attempts from both the main and fallback
sockets and records all of them in the ClientSocketHandle in
GetAdditionalErrorState.
BUG=480565
TBR=jam
Review URL: https://codereview.chromium.org/1096203006
Cr-Commit-Position: refs/heads/master@{#330012}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's been off by default since Chrome 40 with a policy opt-in. The policy was
documented to stop working after Chrome 43, so remove all logic for SSL 3.0.
Chrome will no longer honor a --ssl-version-min=ssl3 flag and the option is
removed from about:flags.
This CL also removes the SSL 3.0 support from the extensions' TLS socket API.
BUG=487730
Review URL: https://codereview.chromium.org/1139013002
Cr-Commit-Position: refs/heads/master@{#329805}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only HTTP/1.1 (and below) sockets may renegotiate. This fix a
crash because SpdyHttpStream didn't account for this properly.
(And can't as the renego + client auth hack is inherently
incompatible with multiplexing.)
Tested manually against hacked up Go servers:
- HTTP/1.1 server which renegotiates with client auth before
sending a response on a fresh socket.
- Same as above but with a reused socket (the server only
requests renego when fetching /auth).
- HTTP/2 which incorrectly renegotiates with client auth upon
requesting /auth. Verified that we get ERR_SSL_PROTOCOL_ERROR
and not crash.
- HTTP/1.1 server which does two handshakes in a row with Finished
and HelloRequest in the same record. NSS and BoringSSL differ in
their behavior here, but in neither port should we miss the
renego.
BUG=484543,462283
Review URL: https://codereview.chromium.org/1131763002
Cr-Commit-Position: refs/heads/master@{#329466}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MultiThreadedCertVerifier::Verify().
* CertVerifier::Verify() fills a |scoped_pointer<Request>*| rather than a |void*|
* CertVerifier::CancelRequest(void*) has been removed. Requests are instead cancelled by resetting the scoped_ptr<Request>.
* Refactored memory ownership in MultiThreadedCertVerifier so there are no manual calls to "delete".
* Removed locking and the CertVerifierWorker in favor of using WorkerPool::PostTaskAndReply()
BUG=475153,479336
TBR=pneubeck@chromium.org,zea@chromium.org,sergeyu@chromium.org
Review URL: https://codereview.chromium.org/1115903002
Cr-Commit-Position: refs/heads/master@{#329234}
|
| |
|
|
|
|
|
|
|
|
|
| |
It's redundant with the bit in GetSSLInfo and state already maintained by the
SSLClientSocket implementations.
BUG=477847
Review URL: https://codereview.chromium.org/1103173004
Cr-Commit-Position: refs/heads/master@{#327101}
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This moves the platform-specific OCSP stapling code out of SSLClientSocket,
which enables OCSP stapling on the chimera build. It'll also make it easier to
support OCSP stapling on OS X, where a stapled OCSP response is a property of
the certificate verification (as it should be) and not the certificate.
BUG=430714,479034
Review URL: https://codereview.chromium.org/1081913003
Cr-Commit-Position: refs/heads/master@{#327070}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A follow-up will unvirtual and disentangle the other virtual functions there.
Have SSLClientSocket implement ALPN-related methods internally using
GetNextProto rather than rely on SSLConnectJob to do it.
The SPDY-related bit is removed and moved up to callers. Also clean up the
MockSSLClientSocket overrides of these functions now that the setters are never
called outside of the SSLClientSocket implementation. Instead,
SSLSocketDataProvider supplies the input to MockSSLClientSocket::GetNextProto
and then the usual logic computes everything else from there.
BUG=477847
Review URL: https://codereview.chromium.org/1097773003
Cr-Commit-Position: refs/heads/master@{#327066}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SslHmacChannelAuthenticator passes in a null one which crashes but the
IsAllowedBadCert check, as well as inconsistent ability to use X509Certificate
in the sandbox masks the issue most of the time.
This also fixes FakeStreamSocket to propogate disconnects to the peer, which is
needed to add a test for this case. (If SSLClientSocket doesn't like a
certificate, it just ceremoniously disconnects the connection right after the
handshake.) This test crashed before this CL outside the sandbox. (Inside the
sandbox, it's possible that it worked on some platforms due to the sandbox
breaking net::X509Certificate. I didn't do a survey.)
BUG=none
Review URL: https://codereview.chromium.org/1080593003
Cr-Commit-Position: refs/heads/master@{#326886}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
USE_NSS is confusing because it's not actually the analog of USE_OPENSSL; it's
the analog to USE_OPENSSL_CERTS. This is in preparation for the chimera build
which will set USE_OPENSSL and USE_NSS(_CERTS).
This CL was partially done automatically by the following command:
git grep -l USE_NSS | xargs sed -i -e 's/defined(USE_NSS)/defined(USE_NSS_CERTS)/'
The remaining were caught by the following command and fixed manually:
git grep 'USE_NSS\([^_]\|$\)'
Finally, the following command verified nothing in a separate repository was
sensitive to this change:
find . -name '*.cc' -o -name '*.h' | xargs grep 'USE_NSS\([^_]\|$\)'
For now, the old name is still defined, but not used within Chromium.
A follow-up CL will remove deprecated use_nss and USE_NSS #defines
together which will then cause downstream churn. Though from a grep
of known downstreams, the churn seems to be fairly minimal. The
removal is split from this CL so that, if we need to revert, the
CL to revert is small.
TBR=pneubeck@chromium.org
BUG=462040
Review URL: https://codereview.chromium.org/1082123003
Cr-Commit-Position: refs/heads/master@{#325710}
|
