OLD | NEW |
---|---|
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ |
6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ | 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/ref_counted.h" | 10 #include "base/ref_counted.h" |
11 #include "net/base/x509_certificate.h" | 11 #include "net/base/x509_certificate.h" |
12 | 12 |
13 namespace net { | 13 namespace net { |
14 | 14 |
15 // A collection of SSL-related configuration settings. | 15 // A collection of SSL-related configuration settings. |
16 struct SSLConfig { | 16 struct SSLConfig { |
17 // Default to revocation checking. | 17 // Default to revocation checking. |
18 // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. | 18 // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. |
19 SSLConfig() | 19 SSLConfig() |
willchan no longer on Chromium
2009/11/25 19:48:13
I think might be getting to the point where making
| |
20 : rev_checking_enabled(true), ssl2_enabled(false), ssl3_enabled(true), | 20 : rev_checking_enabled(true), ssl2_enabled(false), ssl3_enabled(true), |
21 tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) { | 21 tls1_enabled(true), send_client_cert(false), verify_ev_cert(false), |
22 next_protos("\007http1.1") { | |
22 } | 23 } |
23 | 24 |
24 bool rev_checking_enabled; // True if server certificate revocation | 25 bool rev_checking_enabled; // True if server certificate revocation |
25 // checking is enabled. | 26 // checking is enabled. |
26 bool ssl2_enabled; // True if SSL 2.0 is enabled. | 27 bool ssl2_enabled; // True if SSL 2.0 is enabled. |
27 bool ssl3_enabled; // True if SSL 3.0 is enabled. | 28 bool ssl3_enabled; // True if SSL 3.0 is enabled. |
28 bool tls1_enabled; // True if TLS 1.0 is enabled. | 29 bool tls1_enabled; // True if TLS 1.0 is enabled. |
29 | 30 |
30 // TODO(wtc): move the following members to a new SSLParams structure. They | 31 // TODO(wtc): move the following members to a new SSLParams structure. They |
31 // are not SSL configuration settings. | 32 // are not SSL configuration settings. |
(...skipping 18 matching lines...) Expand all Loading... | |
50 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when | 51 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when |
51 // calling SSLClientSocket::Connect. This would normally be done in | 52 // calling SSLClientSocket::Connect. This would normally be done in |
52 // response to the user explicitly accepting the bad certificate. | 53 // response to the user explicitly accepting the bad certificate. |
53 std::vector<CertAndStatus> allowed_bad_certs; | 54 std::vector<CertAndStatus> allowed_bad_certs; |
54 | 55 |
55 // True if we should send client_cert to the server. | 56 // True if we should send client_cert to the server. |
56 bool send_client_cert; | 57 bool send_client_cert; |
57 | 58 |
58 bool verify_ev_cert; // True if we should verify the certificate for EV. | 59 bool verify_ev_cert; // True if we should verify the certificate for EV. |
59 | 60 |
61 // The list of application level protocols supported. If set, this will | |
62 // enable Next Protocol Negotiation (if supported). This is a list of 8-bit | |
63 // length prefixed strings. The order of the protocols doesn't matter expect | |
64 // for one case: if the server supports Next Protocol Negotiation, but there | |
65 // is no overlap between the server's and client's protocol sets, then the | |
66 // first protocol in this list will be requested by the client. | |
67 std::string next_protos; | |
68 | |
60 scoped_refptr<X509Certificate> client_cert; | 69 scoped_refptr<X509Certificate> client_cert; |
61 }; | 70 }; |
62 | 71 |
63 // The interface for retrieving the SSL configuration. This interface | 72 // The interface for retrieving the SSL configuration. This interface |
64 // does not cover setting the SSL configuration, as on some systems, the | 73 // does not cover setting the SSL configuration, as on some systems, the |
65 // SSLConfigService objects may not have direct access to the configuration, or | 74 // SSLConfigService objects may not have direct access to the configuration, or |
66 // live longer than the configuration preferences. | 75 // live longer than the configuration preferences. |
67 class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> { | 76 class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> { |
68 public: | 77 public: |
69 // Create an instance of SSLConfigService which retrieves the configuration | 78 // Create an instance of SSLConfigService which retrieves the configuration |
70 // from the system SSL configuration, or an instance of | 79 // from the system SSL configuration, or an instance of |
71 // SSLConfigServiceDefaults if the current system does not have a system SSL | 80 // SSLConfigServiceDefaults if the current system does not have a system SSL |
72 // configuration. Note: this does not handle SSLConfigService implementations | 81 // configuration. Note: this does not handle SSLConfigService implementations |
73 // that are not native to their platform, such as preference-backed ones. | 82 // that are not native to their platform, such as preference-backed ones. |
74 static SSLConfigService* CreateSystemSSLConfigService(); | 83 static SSLConfigService* CreateSystemSSLConfigService(); |
75 | 84 |
76 // May not be thread-safe, should only be called on the IO thread. | 85 // May not be thread-safe, should only be called on the IO thread. |
77 virtual void GetSSLConfig(SSLConfig* config) = 0; | 86 virtual void GetSSLConfig(SSLConfig* config) = 0; |
78 | 87 |
79 protected: | 88 protected: |
80 friend class base::RefCountedThreadSafe<SSLConfigService>; | 89 friend class base::RefCountedThreadSafe<SSLConfigService>; |
81 | 90 |
82 virtual ~SSLConfigService() {} | 91 virtual ~SSLConfigService() {} |
83 }; | 92 }; |
84 | 93 |
85 } // namespace net | 94 } // namespace net |
86 | 95 |
87 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ | 96 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ |
OLD | NEW |