Linux: add next-protocol-negotiation to libssl.

net/base/ssl_config_service.h

 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_
 #define NET_BASE_SSL_CONFIG_SERVICE_H_
 
 #include <vector>
 
 #include "base/ref_counted.h"
 #include "net/base/x509_certificate.h"
 
 namespace net {
 
 // A collection of SSL-related configuration settings.
 struct SSLConfig {
   // Default to revocation checking.
   // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
   SSLConfig()

[willchan no longer on Chromium, 2009/11/25 19:48:13]

I think might be getting to the point where making a .cc file and putting the
constructor and destructor definition there make sense, since the inline
constructor and destructor is starting to get large with the inline constructors
and destructors for the std::vector<> and std::string members.  Perhaps this is
premature optimization.  I leave the choice up to you.

       : rev_checking_enabled(true),  ssl2_enabled(false), ssl3_enabled(true),
-        tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) {
+        tls1_enabled(true), send_client_cert(false), verify_ev_cert(false),
+        next_protos("\007http1.1") {
   }
 
   bool rev_checking_enabled;  // True if server certificate revocation
                               // checking is enabled.
   bool ssl2_enabled;  // True if SSL 2.0 is enabled.
   bool ssl3_enabled;  // True if SSL 3.0 is enabled.
   bool tls1_enabled;  // True if TLS 1.0 is enabled.
 
   // TODO(wtc): move the following members to a new SSLParams structure.  They
   // are not SSL configuration settings.
@@ skipping 18 matching lines @@
   // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when
   // calling SSLClientSocket::Connect.  This would normally be done in
   // response to the user explicitly accepting the bad certificate.
   std::vector<CertAndStatus> allowed_bad_certs;
 
   // True if we should send client_cert to the server.
   bool send_client_cert;
 
   bool verify_ev_cert;  // True if we should verify the certificate for EV.
 
+  // The list of application level protocols supported. If set, this will
+  // enable Next Protocol Negotiation (if supported). This is a list of 8-bit
+  // length prefixed strings. The order of the protocols doesn't matter expect
+  // for one case: if the server supports Next Protocol Negotiation, but there
+  // is no overlap between the server's and client's protocol sets, then the
+  // first protocol in this list will be requested by the client.
+  std::string next_protos;
+
   scoped_refptr<X509Certificate> client_cert;
 };
 
 // The interface for retrieving the SSL configuration.  This interface
 // does not cover setting the SSL configuration, as on some systems, the
 // SSLConfigService objects may not have direct access to the configuration, or
 // live longer than the configuration preferences.
 class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> {
  public:
   // Create an instance of SSLConfigService which retrieves the configuration
   // from the system SSL configuration, or an instance of
   // SSLConfigServiceDefaults if the current system does not have a system SSL
   // configuration.  Note: this does not handle SSLConfigService implementations
   // that are not native to their platform, such as preference-backed ones.
   static SSLConfigService* CreateSystemSSLConfigService();
 
   // May not be thread-safe, should only be called on the IO thread.
   virtual void GetSSLConfig(SSLConfig* config) = 0;
 
  protected:
   friend class base::RefCountedThreadSafe<SSLConfigService>;
 
   virtual ~SSLConfigService() {}
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_SSL_CONFIG_SERVICE_H_