Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service.cc

Issue 6019005: Use separate SSL session caches per profile (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_config_service.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/atomic_sequence_num.h"
5 #include "net/base/ssl_config_service.h" 6 #include "net/base/ssl_config_service.h"
6 #include "net/base/ssl_false_start_blacklist.h" 7 #include "net/base/ssl_false_start_blacklist.h"
7 8
8 #if defined(OS_WIN) 9 #if defined(OS_WIN)
9 #include "net/base/ssl_config_service_win.h" 10 #include "net/base/ssl_config_service_win.h"
10 #elif defined(OS_MACOSX) 11 #elif defined(OS_MACOSX)
11 #include "net/base/ssl_config_service_mac.h" 12 #include "net/base/ssl_config_service_mac.h"
12 #else 13 #else
13 #include "net/base/ssl_config_service_defaults.h" 14 #include "net/base/ssl_config_service_defaults.h"
14 #endif 15 #endif
15 16
16 namespace net { 17 namespace net {
17 18
18 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} 19 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
19 20
20 SSLConfig::CertAndStatus::~CertAndStatus() {} 21 SSLConfig::CertAndStatus::~CertAndStatus() {}
21 22
22 SSLConfig::SSLConfig() 23 SSLConfig::SSLConfig()
23 : rev_checking_enabled(true), ssl3_enabled(true), 24 : rev_checking_enabled(true), ssl3_enabled(true),
24 tls1_enabled(true), dnssec_enabled(false), snap_start_enabled(false), 25 tls1_enabled(true), dnssec_enabled(false), snap_start_enabled(false),
25 dns_cert_provenance_checking_enabled(false), 26 dns_cert_provenance_checking_enabled(false),
26 session_resume_disabled(false), mitm_proxies_allowed(false), 27 session_resume_disabled(false), mitm_proxies_allowed(false),
27 false_start_enabled(true), send_client_cert(false), 28 false_start_enabled(true), session_cache_id(0), send_client_cert(false),
28 verify_ev_cert(false), ssl3_fallback(false) { 29 verify_ev_cert(false), ssl3_fallback(false) {
29 } 30 }
30 31
31 SSLConfig::~SSLConfig() { 32 SSLConfig::~SSLConfig() {
32 } 33 }
33 34
34 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert) const { 35 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert) const {
35 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { 36 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {
36 if (cert->Equals(allowed_bad_certs[i].cert)) 37 if (cert->Equals(allowed_bad_certs[i].cert))
37 return true; 38 return true;
38 } 39 }
39 return false; 40 return false;
40 } 41 }
41 42
43 static base::AtomicSequenceNumber g_session_cache_id(base::LINKER_INITIALIZED);
44
42 SSLConfigService::SSLConfigService() 45 SSLConfigService::SSLConfigService()
43 : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { 46 : session_cache_id_(g_session_cache_id.GetNext()),
47 observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) {
44 } 48 }
45 49
46 SSLConfigService::~SSLConfigService() { 50 SSLConfigService::~SSLConfigService() {
47 } 51 }
48 52
49 // static 53 // static
50 SSLConfigService* SSLConfigService::CreateSystemSSLConfigService() { 54 SSLConfigService* SSLConfigService::CreateSystemSSLConfigService() {
51 #if defined(OS_WIN) 55 #if defined(OS_WIN)
52 return new SSLConfigServiceWin; 56 return new SSLConfigServiceWin;
53 #elif defined(OS_MACOSX) 57 #elif defined(OS_MACOSX)
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
92 const std::string& hostname) { 96 const std::string& hostname) {
93 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); 97 return SSLFalseStartBlacklist::IsMember(hostname.c_str());
94 } 98 }
95 99
96 static bool g_dnssec_enabled = false; 100 static bool g_dnssec_enabled = false;
97 static bool g_false_start_enabled = true; 101 static bool g_false_start_enabled = true;
98 static bool g_mitm_proxies_allowed = false; 102 static bool g_mitm_proxies_allowed = false;
99 static bool g_snap_start_enabled = false; 103 static bool g_snap_start_enabled = false;
100 static bool g_dns_cert_provenance_checking = false; 104 static bool g_dns_cert_provenance_checking = false;
101 105
102 // static
103 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { 106 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) {
104 ssl_config->dnssec_enabled = g_dnssec_enabled; 107 ssl_config->dnssec_enabled = g_dnssec_enabled;
105 ssl_config->false_start_enabled = g_false_start_enabled; 108 ssl_config->false_start_enabled = g_false_start_enabled;
106 ssl_config->mitm_proxies_allowed = g_mitm_proxies_allowed; 109 ssl_config->mitm_proxies_allowed = g_mitm_proxies_allowed;
107 ssl_config->snap_start_enabled = g_snap_start_enabled; 110 ssl_config->snap_start_enabled = g_snap_start_enabled;
108 ssl_config->dns_cert_provenance_checking_enabled = 111 ssl_config->dns_cert_provenance_checking_enabled =
109 g_dns_cert_provenance_checking; 112 g_dns_cert_provenance_checking;
113 ssl_config->session_cache_id = session_cache_id_;
110 } 114 }
111 115
112 // static 116 // static
113 void SSLConfigService::EnableDNSSEC() { 117 void SSLConfigService::EnableDNSSEC() {
114 g_dnssec_enabled = true; 118 g_dnssec_enabled = true;
115 } 119 }
116 120
117 // static 121 // static
118 bool SSLConfigService::dnssec_enabled() { 122 bool SSLConfigService::dnssec_enabled() {
119 return g_dnssec_enabled; 123 return g_dnssec_enabled;
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
170 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, 174 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
171 const SSLConfig& new_config) { 175 const SSLConfig& new_config) {
172 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || 176 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled ||
173 orig_config.ssl3_enabled != new_config.ssl3_enabled || 177 orig_config.ssl3_enabled != new_config.ssl3_enabled ||
174 orig_config.tls1_enabled != new_config.tls1_enabled) { 178 orig_config.tls1_enabled != new_config.tls1_enabled) {
175 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); 179 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged());
176 } 180 }
177 } 181 }
178 182
179 } // namespace net 183 } // namespace net
OLDNEW
« no previous file with comments | « net/base/ssl_config_service.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698