net/base/ssl_config_service.h - Issue 5746003: Defines SSLServerSocket and implements SSLServerSocketNSS

Side by Side Diff: net/base/ssl_config_service.h

Issue 5746003: Defines SSLServerSocket and implements SSLServerSocketNSS (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: address comments Created 10 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_	5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_

6 #define NET_BASE_SSL_CONFIG_SERVICE_H_	6 #define NET_BASE_SSL_CONFIG_SERVICE_H_

7 #pragma once	7 #pragma once

8	8

9 #include <vector>	9 #include <vector>

10	10

(...skipping 14 matching lines...) Expand all Loading...
25 bool rev_checking_enabled; // True if server certificate revocation	25 bool rev_checking_enabled; // True if server certificate revocation

26 // checking is enabled.	26 // checking is enabled.

27 // SSL 2.0 is not supported.	27 // SSL 2.0 is not supported.

28 bool ssl3_enabled; // True if SSL 3.0 is enabled.	28 bool ssl3_enabled; // True if SSL 3.0 is enabled.

29 bool tls1_enabled; // True if TLS 1.0 is enabled.	29 bool tls1_enabled; // True if TLS 1.0 is enabled.

30 bool dnssec_enabled; // True if we'll accept DNSSEC chains in certificates.	30 bool dnssec_enabled; // True if we'll accept DNSSEC chains in certificates.

31 bool snap_start_enabled; // True if we'll try Snap Start handshakes.	31 bool snap_start_enabled; // True if we'll try Snap Start handshakes.

32 // True if we'll do async checks for certificate provenance using DNS.	32 // True if we'll do async checks for certificate provenance using DNS.

33 bool dns_cert_provenance_checking_enabled;	33 bool dns_cert_provenance_checking_enabled;

34	34

	35 // TODO(hclam): This option is used to simplify SSLServerSocketNSS
	agl 2010/12/17 18:30:50 s/simplify/simplify the/ s/simplify/simplify the/
	36 // implementation and should be removed when session cache is implemented.
	agl 2010/12/17 18:30:50 s/cache/caching/ s/cache/caching/
	37 // See http://crbug.com/67236 for more details.

	38 bool session_cache_disabled; // Disable caching.
	wtc 2010/12/17 18:08:04 Please change the comment to say Don't use the s Please change the comment to say Don't use the session cache. because "disabling cache" may be misunderstood as disabling the session cache globally. Perhaps this member should be named session_resume_disabled. Alpha Left Google 2010/12/17 20:09:57 Done. Show quoted text On 2010/12/17 18:08:04, wtc wrote: > Please change the comment to say > Don't use the session cache. > because "disabling cache" may be misunderstood as > disabling the session cache globally. Perhaps this > member should be named session_resume_disabled. Done. Alpha Left Google 2010/12/17 20:09:57 Done. Show quoted text On 2010/12/17 18:08:04, wtc wrote: > Please change the comment to say > Don't use the session cache. > because "disabling cache" may be misunderstood as > disabling the session cache globally. Perhaps this > member should be named session_resume_disabled. Done.
	39

35 // Cipher suites which should be explicitly prevented from being used in	40 // Cipher suites which should be explicitly prevented from being used in

36 // addition to those disabled by the net built-in policy -- by default, all	41 // addition to those disabled by the net built-in policy -- by default, all

37 // cipher suites supported by the underlying SSL implementation will be	42 // cipher suites supported by the underlying SSL implementation will be

38 // enabled except for:	43 // enabled except for:

39 // - Null encryption cipher suites.	44 // - Null encryption cipher suites.

40 // - Weak cipher suites: < 80 bits of security strength.	45 // - Weak cipher suites: < 80 bits of security strength.

41 // - FORTEZZA cipher suites (obsolete).	46 // - FORTEZZA cipher suites (obsolete).

42 // - IDEA cipher suites (RFC 5469 explains why).	47 // - IDEA cipher suites (RFC 5469 explains why).

43 // - Anonymous cipher suites.	48 // - Anonymous cipher suites.

44 // The ciphers listed in \|disabled_cipher_suites\| will be removed in addition	49 // The ciphers listed in \|disabled_cipher_suites\| will be removed in addition

(...skipping 144 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
189 void ProcessConfigUpdate(const SSLConfig& orig_config,	194 void ProcessConfigUpdate(const SSLConfig& orig_config,

190 const SSLConfig& new_config);	195 const SSLConfig& new_config);

191	196

192 private:	197 private:

193 ObserverList<Observer> observer_list_;	198 ObserverList<Observer> observer_list_;

194 };	199 };

195	200

196 } // namespace net	201 } // namespace net

197	202

198 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_	203 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_

OLD	NEW

« no previous file with comments | « net/base/net_log_event_type_list.h ('k') | net/base/ssl_config_service.cc » ('j') | net/socket/nss_ssl_util.h » ('J')