OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/ssl_config_service.h" | 5 #include "net/base/ssl_config_service.h" |
6 #include "net/base/ssl_false_start_blacklist.h" | 6 #include "net/base/ssl_false_start_blacklist.h" |
7 | 7 |
8 #if defined(OS_WIN) | 8 #if defined(OS_WIN) |
9 #include "net/base/ssl_config_service_win.h" | 9 #include "net/base/ssl_config_service_win.h" |
10 #elif defined(OS_MACOSX) | 10 #elif defined(OS_MACOSX) |
11 #include "net/base/ssl_config_service_mac.h" | 11 #include "net/base/ssl_config_service_mac.h" |
12 #else | 12 #else |
13 #include "net/base/ssl_config_service_defaults.h" | 13 #include "net/base/ssl_config_service_defaults.h" |
14 #endif | 14 #endif |
15 | 15 |
16 namespace net { | 16 namespace net { |
17 | 17 |
18 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} | 18 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} |
19 | 19 |
20 SSLConfig::CertAndStatus::~CertAndStatus() {} | 20 SSLConfig::CertAndStatus::~CertAndStatus() {} |
21 | 21 |
22 SSLConfig::SSLConfig() | 22 SSLConfig::SSLConfig() |
23 : rev_checking_enabled(true), ssl3_enabled(true), | 23 : rev_checking_enabled(true), ssl3_enabled(true), |
24 tls1_enabled(true), dnssec_enabled(false), snap_start_enabled(false), | 24 tls1_enabled(true), dnssec_enabled(false), snap_start_enabled(false), |
25 dns_cert_provenance_checking_enabled(false), | 25 dns_cert_provenance_checking_enabled(false), |
26 mitm_proxies_allowed(false), false_start_enabled(true), | 26 mitm_proxies_allowed(false), false_start_enabled(true), |
27 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { | 27 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false), |
| 28 use_tls_auth(true), require_tls_auth(false) { |
28 } | 29 } |
29 | 30 |
30 SSLConfig::~SSLConfig() { | 31 SSLConfig::~SSLConfig() { |
31 } | 32 } |
32 | 33 |
33 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert) const { | 34 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert) const { |
34 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { | 35 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { |
35 if (cert->Equals(allowed_bad_certs[i].cert)) | 36 if (cert->Equals(allowed_bad_certs[i].cert)) |
36 return true; | 37 return true; |
37 } | 38 } |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
87 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( | 88 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( |
88 const std::string& hostname) { | 89 const std::string& hostname) { |
89 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); | 90 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); |
90 } | 91 } |
91 | 92 |
92 static bool g_dnssec_enabled = false; | 93 static bool g_dnssec_enabled = false; |
93 static bool g_false_start_enabled = true; | 94 static bool g_false_start_enabled = true; |
94 static bool g_mitm_proxies_allowed = false; | 95 static bool g_mitm_proxies_allowed = false; |
95 static bool g_snap_start_enabled = false; | 96 static bool g_snap_start_enabled = false; |
96 static bool g_dns_cert_provenance_checking = false; | 97 static bool g_dns_cert_provenance_checking = false; |
| 98 static bool g_use_tls_auth = true; |
97 | 99 |
98 // static | 100 // static |
99 void SSLConfigService::EnableDNSSEC() { | 101 void SSLConfigService::EnableDNSSEC() { |
100 g_dnssec_enabled = true; | 102 g_dnssec_enabled = true; |
101 } | 103 } |
102 | 104 |
103 // static | 105 // static |
104 bool SSLConfigService::dnssec_enabled() { | 106 bool SSLConfigService::dnssec_enabled() { |
105 return g_dnssec_enabled; | 107 return g_dnssec_enabled; |
106 } | 108 } |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
157 } | 159 } |
158 | 160 |
159 // static | 161 // static |
160 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { | 162 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { |
161 ssl_config->dnssec_enabled = g_dnssec_enabled; | 163 ssl_config->dnssec_enabled = g_dnssec_enabled; |
162 ssl_config->false_start_enabled = g_false_start_enabled; | 164 ssl_config->false_start_enabled = g_false_start_enabled; |
163 ssl_config->mitm_proxies_allowed = g_mitm_proxies_allowed; | 165 ssl_config->mitm_proxies_allowed = g_mitm_proxies_allowed; |
164 ssl_config->snap_start_enabled = g_snap_start_enabled; | 166 ssl_config->snap_start_enabled = g_snap_start_enabled; |
165 ssl_config->dns_cert_provenance_checking_enabled = | 167 ssl_config->dns_cert_provenance_checking_enabled = |
166 g_dns_cert_provenance_checking; | 168 g_dns_cert_provenance_checking; |
| 169 ssl_config->use_tls_auth = g_use_tls_auth; |
167 } | 170 } |
168 | 171 |
169 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, | 172 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, |
170 const SSLConfig& new_config) { | 173 const SSLConfig& new_config) { |
171 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || | 174 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || |
172 orig_config.ssl3_enabled != new_config.ssl3_enabled || | 175 orig_config.ssl3_enabled != new_config.ssl3_enabled || |
173 orig_config.tls1_enabled != new_config.tls1_enabled) { | 176 orig_config.tls1_enabled != new_config.tls1_enabled || |
| 177 orig_config.use_tls_auth != new_config.use_tls_auth) { |
174 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); | 178 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); |
175 } | 179 } |
176 } | 180 } |
177 | 181 |
178 } // namespace net | 182 } // namespace net |
OLD | NEW |