| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ |
| 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ | 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/observer_list.h" | 12 #include "base/observer_list.h" |
| 13 #include "base/ref_counted.h" | 13 #include "base/ref_counted.h" |
| 14 #include "net/base/x509_certificate.h" | 14 #include "net/base/x509_certificate.h" |
| 15 | 15 |
| 16 namespace net { | 16 namespace net { |
| 17 | 17 |
| 18 // TODO(davidben): Make this a more interesting ref-counted object if |
| 19 // we move to an SSL library which allows creating and deleting "ssl |
| 20 // session cache" objects or so. |
| 21 typedef int SSLSessionCacheId; |
| 22 |
| 18 // A collection of SSL-related configuration settings. | 23 // A collection of SSL-related configuration settings. |
| 19 struct SSLConfig { | 24 struct SSLConfig { |
| 20 // Default to revocation checking. | 25 // Default to revocation checking. |
| 21 // Default to SSL 3.0 on and TLS 1.0 on. | 26 // Default to SSL 3.0 on and TLS 1.0 on. |
| 22 SSLConfig(); | 27 SSLConfig(); |
| 23 ~SSLConfig(); | 28 ~SSLConfig(); |
| 24 | 29 |
| 25 bool rev_checking_enabled; // True if server certificate revocation | 30 bool rev_checking_enabled; // True if server certificate revocation |
| 26 // checking is enabled. | 31 // checking is enabled. |
| 27 // SSL 2.0 is not supported. | 32 // SSL 2.0 is not supported. |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 // True if we allow this connection to be MITM attacked. This sounds a little | 66 // True if we allow this connection to be MITM attacked. This sounds a little |
| 62 // worse than it is: large networks sometimes MITM attack all SSL connections | 67 // worse than it is: large networks sometimes MITM attack all SSL connections |
| 63 // on egress. We want to know this because we might not have the end-to-end | 68 // on egress. We want to know this because we might not have the end-to-end |
| 64 // connection that we believe that we have based on the hostname. Therefore, | 69 // connection that we believe that we have based on the hostname. Therefore, |
| 65 // certain certificate checks can't be performed and we can't use outside | 70 // certain certificate checks can't be performed and we can't use outside |
| 66 // knowledge about whether the server has the renegotiation extension. | 71 // knowledge about whether the server has the renegotiation extension. |
| 67 bool mitm_proxies_allowed; | 72 bool mitm_proxies_allowed; |
| 68 | 73 |
| 69 bool false_start_enabled; // True if we'll use TLS False Start. | 74 bool false_start_enabled; // True if we'll use TLS False Start. |
| 70 | 75 |
| 76 // A uniquifier to be incorporated into the session cache entry; NSS |
| 77 // provides only a global session cache. |
| 78 SSLSessionCacheId session_cache_id; |
| 79 |
| 71 // TODO(wtc): move the following members to a new SSLParams structure. They | 80 // TODO(wtc): move the following members to a new SSLParams structure. They |
| 72 // are not SSL configuration settings. | 81 // are not SSL configuration settings. |
| 73 | 82 |
| 74 struct CertAndStatus { | 83 struct CertAndStatus { |
| 75 CertAndStatus(); | 84 CertAndStatus(); |
| 76 ~CertAndStatus(); | 85 ~CertAndStatus(); |
| 77 | 86 |
| 78 scoped_refptr<X509Certificate> cert; | 87 scoped_refptr<X509Certificate> cert; |
| 79 int cert_status; | 88 int cert_status; |
| 80 }; | 89 }; |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 178 | 187 |
| 179 // Add an observer of this service. | 188 // Add an observer of this service. |
| 180 void AddObserver(Observer* observer); | 189 void AddObserver(Observer* observer); |
| 181 | 190 |
| 182 // Remove an observer of this service. | 191 // Remove an observer of this service. |
| 183 void RemoveObserver(Observer* observer); | 192 void RemoveObserver(Observer* observer); |
| 184 | 193 |
| 185 protected: | 194 protected: |
| 186 friend class base::RefCountedThreadSafe<SSLConfigService>; | 195 friend class base::RefCountedThreadSafe<SSLConfigService>; |
| 187 | 196 |
| 197 SSLSessionCacheId session_cache_id_; |
| 198 |
| 188 virtual ~SSLConfigService(); | 199 virtual ~SSLConfigService(); |
| 189 | 200 |
| 190 // SetFlags sets the values of several flags based on global configuration. | 201 // SetFlags sets the values of several flags based on global configuration. |
| 191 static void SetSSLConfigFlags(SSLConfig* ssl_config); | 202 void SetSSLConfigFlags(SSLConfig* ssl_config); |
| 192 | 203 |
| 193 // Process before/after config update. | 204 // Process before/after config update. |
| 194 void ProcessConfigUpdate(const SSLConfig& orig_config, | 205 void ProcessConfigUpdate(const SSLConfig& orig_config, |
| 195 const SSLConfig& new_config); | 206 const SSLConfig& new_config); |
| 196 | 207 |
| 197 private: | 208 private: |
| 198 ObserverList<Observer> observer_list_; | 209 ObserverList<Observer> observer_list_; |
| 199 }; | 210 }; |
| 200 | 211 |
| 201 } // namespace net | 212 } // namespace net |
| 202 | 213 |
| 203 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ | 214 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6019005:
Use separate SSL session caches per profile (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src