Implement TLS 1.2.

Patch by Adam Langley. R=agl@chromium.org BUG=90392 TEST=net_unittests Review URL: https://chromiumcodereview.appspot.com/14772023 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@203090 0039d316-1c4b-4281-b951-d872f2087c98
dednal · May 30, 2013 · 7799de1 · 7799de1
1 parent e67140e
commit 7799de1
Show file tree

Hide file tree

Showing 18 changed files with 3,467 additions and 190 deletions.
diff --git a/net/http/http_network_transaction_spdy2_unittest.cc b/net/http/http_network_transaction_spdy2_unittest.cc
@@ -10117,6 +10117,13 @@ TEST_F(HttpNetworkTransactionSpdy2Test,
   net::StaticSocketDataProvider data4(NULL, 0, NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data4);
 
+  // Need one more if TLSv1.2 is enabled.
+  SSLSocketDataProvider ssl_data5(ASYNC, net::ERR_SSL_PROTOCOL_ERROR);
+  ssl_data5.cert_request_info = cert_request.get();
+  session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data5);
+  net::StaticSocketDataProvider data5(NULL, 0, NULL, 0);
+  session_deps_.socket_factory->AddSocketDataProvider(&data5);
+
   scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   scoped_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session));
@@ -10230,6 +10237,14 @@ TEST_F(HttpNetworkTransactionSpdy2Test,
       data2_reads, arraysize(data2_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data4);
 
+  // Need one more if TLSv1.2 is enabled.
+  SSLSocketDataProvider ssl_data5(ASYNC, net::OK);
+  ssl_data5.cert_request_info = cert_request.get();
+  session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data5);
+  net::StaticSocketDataProvider data5(
+      data2_reads, arraysize(data2_reads), NULL, 0);
+  session_deps_.socket_factory->AddSocketDataProvider(&data5);
+
   scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   scoped_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session));

diff --git a/net/http/http_network_transaction_spdy3_unittest.cc b/net/http/http_network_transaction_spdy3_unittest.cc
@@ -10102,6 +10102,13 @@ TEST_F(HttpNetworkTransactionSpdy3Test,
   net::StaticSocketDataProvider data4(NULL, 0, NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data4);
 
+  // Need one more if TLSv1.2 is enabled.
+  SSLSocketDataProvider ssl_data5(ASYNC, net::ERR_SSL_PROTOCOL_ERROR);
+  ssl_data5.cert_request_info = cert_request.get();
+  session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data5);
+  net::StaticSocketDataProvider data5(NULL, 0, NULL, 0);
+  session_deps_.socket_factory->AddSocketDataProvider(&data5);
+
   scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   scoped_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session));
@@ -10215,6 +10222,14 @@ TEST_F(HttpNetworkTransactionSpdy3Test, ClientAuthCertCache_Direct_FalseStart) {
       data2_reads, arraysize(data2_reads), NULL, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data4);
 
+  // Need one more if TLSv1.2 is enabled.
+  SSLSocketDataProvider ssl_data5(ASYNC, net::OK);
+  ssl_data5.cert_request_info = cert_request.get();
+  session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data5);
+  net::StaticSocketDataProvider data5(
+      data2_reads, arraysize(data2_reads), NULL, 0);
+  session_deps_.socket_factory->AddSocketDataProvider(&data5);
+
   scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   scoped_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session));

diff --git a/net/ssl/ssl_config_service.cc b/net/ssl/ssl_config_service.cc
@@ -20,13 +20,15 @@ static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3;
 
 static uint16 g_default_version_max =
 #if defined(USE_OPENSSL)
-#if defined(SSL_OP_NO_TLSv1_1)
+#if defined(SSL_OP_NO_TLSv1_2)
+    SSL_PROTOCOL_VERSION_TLS1_2;
+#elif defined(SSL_OP_NO_TLSv1_1)
     SSL_PROTOCOL_VERSION_TLS1_1;
 #else
     SSL_PROTOCOL_VERSION_TLS1;
 #endif
 #else
-    SSL_PROTOCOL_VERSION_TLS1_1;
+    SSL_PROTOCOL_VERSION_TLS1_2;
 #endif
 
 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}

diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
@@ -100,6 +100,13 @@ Patches:
     patches/handlecertstatus.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=867795
 
+  * Implement TLS 1.2.
+    patches/tls12.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=480514
+
+  * Update Chromium-specific code for TLS 1.2.
+    patches/tls12chromium.patch
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 

diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
@@ -47,3 +47,7 @@ patch -p4 < $patches_dir/secitemarray.patch
 patch -p4 < $patches_dir/unusedvariables.patch
 
 patch -p4 < $patches_dir/handlecertstatus.patch
+
+patch -p4 < $patches_dir/tls12.patch
+
+patch -p4 < $patches_dir/tls12chromium.patch