diff options
| author | Brian Carlstrom <bdc@google.com> | 2010-05-21 15:45:11 -0700 |
|---|---|---|
| committer | Brian Carlstrom <bdc@google.com> | 2010-05-21 15:45:11 -0700 |
| commit | f7b8b35bcc93523ef224039b009608b1ea3b81f3 (patch) | |
| tree | 5098cdd5705e5fc60640b008b2bd15fbfcfb0e08 | |
| parent | c941a854631c4bf2369adc84887bb6dd386a1bcc (diff) | |
| download | libcore-f7b8b35bcc93523ef224039b009608b1ea3b81f3.zip libcore-f7b8b35bcc93523ef224039b009608b1ea3b81f3.tar.gz libcore-f7b8b35bcc93523ef224039b009608b1ea3b81f3.tar.bz2 | |
Manual recreation of dalvik change 720d1e962e248a30f81c1493081ff4c01e35c839 in libcore
Disable SSL Session Ticket extension for OpenSSLSocket
Due to compatability issues with some sites, disable this SSL extension which wasn't present in Eclair. See also:
b/2682876 Some ssl sites cause "A secure connection could not be established" error
Change-Id: Ife94f65a063011f09553877a9fb71f42ecc76f5e
| -rw-r--r-- | luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp b/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp index 7f52470..21489a2 100644 --- a/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp +++ b/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp @@ -1575,9 +1575,14 @@ static int NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) { jniThrowRuntimeException(env, "SSL_CTX_new"); return NULL; } - // Note: We explicitly do not allow SSLv2 to be used. SSL_CTX_set_options(sslCtx.get(), - SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE); + SSL_OP_ALL + // Note: We explicitly do not allow SSLv2 to be used. + | SSL_OP_NO_SSLv2 + // We also disable session tickets for better compatability b/2682876 + | SSL_OP_NO_TICKET + // Because dhGenerateParameters uses DSA_generate_parameters_ex + | SSL_OP_SINGLE_DH_USE); int mode = SSL_CTX_get_mode(sslCtx.get()); /* @@ -2361,7 +2366,8 @@ static jint NativeCrypto_SSL_read(JNIEnv* env, jclass, jint int returnCode = 0; int sslErrorCode = SSL_ERROR_NONE;; - int ret = sslRead(env, ssl, (char*) (bytes.get() + offset), len, &returnCode, &sslErrorCode, timeout); + int ret = sslRead(env, ssl, (char*) (bytes.get() + offset), len, + &returnCode, &sslErrorCode, timeout); int result; if (ret == THROW_EXCEPTION) { |