Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(18)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service.h

Issue 165191: Implement SSL certificate error handling on the Mac. If the user gives... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Upload before checkin Created 11 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/http/http_network_transaction.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H__ 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_
6 #define NET_BASE_SSL_CONFIG_SERVICE_H__ 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_
7 7
8 #include <set> 8 #include <vector>
9 9
10 #include "base/time.h" 10 #include "base/time.h"
11 #include "net/base/x509_certificate.h" 11 #include "net/base/x509_certificate.h"
12 12
13 namespace net { 13 namespace net {
14 14
15 // A collection of SSL-related configuration settings. 15 // A collection of SSL-related configuration settings.
16 struct SSLConfig { 16 struct SSLConfig {
17 // Default to no revocation checking. 17 // Default to no revocation checking.
18 // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. 18 // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
19 SSLConfig() 19 SSLConfig()
20 : rev_checking_enabled(false), ssl2_enabled(false), ssl3_enabled(true), 20 : rev_checking_enabled(false), ssl2_enabled(false), ssl3_enabled(true),
21 tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) { 21 tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) {
22 } 22 }
23 23
24 bool rev_checking_enabled; // True if server certificate revocation 24 bool rev_checking_enabled; // True if server certificate revocation
25 // checking is enabled. 25 // checking is enabled.
26 bool ssl2_enabled; // True if SSL 2.0 is enabled. 26 bool ssl2_enabled; // True if SSL 2.0 is enabled.
27 bool ssl3_enabled; // True if SSL 3.0 is enabled. 27 bool ssl3_enabled; // True if SSL 3.0 is enabled.
28 bool tls1_enabled; // True if TLS 1.0 is enabled. 28 bool tls1_enabled; // True if TLS 1.0 is enabled.
29 29
30 // TODO(wtc): move the following members to a new SSLParams structure. They 30 // TODO(wtc): move the following members to a new SSLParams structure. They
31 // are not SSL configuration settings. 31 // are not SSL configuration settings.
32 32
33 // Add any known-bad SSL certificates to allowed_bad_certs_ that should not 33 struct CertAndStatus {
34 // trigger an ERR_CERT_*_INVALID error when calling SSLClientSocket::Connect. 34 scoped_refptr<X509Certificate> cert;
35 // This would normally be done in response to the user explicitly accepting 35 int cert_status;
36 // the bad certificate. 36 };
37 std::set<scoped_refptr<X509Certificate> > allowed_bad_certs_; 37
38 // Returns true if |cert| is one of the certs in |allowed_bad_certs|.
39 // TODO(wtc): Move this to a .cc file. ssl_config_service.cc is Windows
40 // only right now, so I can't move it there.
41 bool IsAllowedBadCert(X509Certificate* cert) const {
42 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {
43 if (cert == allowed_bad_certs[i].cert)
44 return true;
45 }
46 return false;
47 }
48
49 // Add any known-bad SSL certificate (with its cert status) to
50 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when
51 // calling SSLClientSocket::Connect. This would normally be done in
52 // response to the user explicitly accepting the bad certificate.
53 std::vector<CertAndStatus> allowed_bad_certs;
38 54
39 // True if we should send client_cert to the server. 55 // True if we should send client_cert to the server.
40 bool send_client_cert; 56 bool send_client_cert;
41 57
42 bool verify_ev_cert; // True if we should verify the certificate for EV. 58 bool verify_ev_cert; // True if we should verify the certificate for EV.
43 59
44 scoped_refptr<X509Certificate> client_cert; 60 scoped_refptr<X509Certificate> client_cert;
45 }; 61 };
46 62
47 // This class is responsible for getting and setting the SSL configuration. 63 // This class is responsible for getting and setting the SSL configuration.
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
80 96
81 // We store the IE SSL config and the time that we fetched it. 97 // We store the IE SSL config and the time that we fetched it.
82 SSLConfig config_info_; 98 SSLConfig config_info_;
83 base::TimeTicks config_time_; 99 base::TimeTicks config_time_;
84 100
85 DISALLOW_EVIL_CONSTRUCTORS(SSLConfigService); 101 DISALLOW_EVIL_CONSTRUCTORS(SSLConfigService);
86 }; 102 };
87 103
88 } // namespace net 104 } // namespace net
89 105
90 #endif // NET_BASE_SSL_CONFIG_SERVICE_H__ 106 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_
OLDNEW
« no previous file with comments | « no previous file | net/http/http_network_transaction.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698