| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/ssl_config_service.h" | 5 #include "net/base/ssl_config_service.h" |
| 6 | 6 |
| 7 #include "net/base/ssl_config_service_defaults.h" | 7 #include "net/base/ssl_config_service_defaults.h" |
| 8 #include "net/base/ssl_false_start_blacklist.h" | 8 #include "net/base/ssl_false_start_blacklist.h" |
| 9 | 9 |
| 10 namespace net { | 10 namespace net { |
| 11 | 11 |
| 12 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} | 12 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} |
| 13 | 13 |
| 14 SSLConfig::CertAndStatus::~CertAndStatus() {} | 14 SSLConfig::CertAndStatus::~CertAndStatus() {} |
| 15 | 15 |
| 16 SSLConfig::SSLConfig() | 16 SSLConfig::SSLConfig() |
| 17 : rev_checking_enabled(true), ssl3_enabled(true), | 17 : rev_checking_enabled(true), ssl3_enabled(true), |
| 18 tls1_enabled(true), dnssec_enabled(false), | 18 tls1_enabled(true), dnssec_enabled(false), |
| 19 dns_cert_provenance_checking_enabled(false), | 19 dns_cert_provenance_checking_enabled(false), cached_info_enabled(false), |
| 20 false_start_enabled(true), | 20 false_start_enabled(true), |
| 21 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { | 21 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { |
| 22 } | 22 } |
| 23 | 23 |
| 24 SSLConfig::~SSLConfig() { | 24 SSLConfig::~SSLConfig() { |
| 25 } | 25 } |
| 26 | 26 |
| 27 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, | 27 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, |
| 28 int* cert_status) const { | 28 int* cert_status) const { |
| 29 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { | 29 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { |
| (...skipping 12 matching lines...) Expand all Loading... |
| 42 | 42 |
| 43 // static | 43 // static |
| 44 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( | 44 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( |
| 45 const std::string& hostname) { | 45 const std::string& hostname) { |
| 46 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); | 46 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); |
| 47 } | 47 } |
| 48 | 48 |
| 49 static bool g_dnssec_enabled = false; | 49 static bool g_dnssec_enabled = false; |
| 50 static bool g_false_start_enabled = true; | 50 static bool g_false_start_enabled = true; |
| 51 static bool g_dns_cert_provenance_checking = false; | 51 static bool g_dns_cert_provenance_checking = false; |
| 52 static bool g_cached_info_enabled = false; |
| 52 | 53 |
| 53 // static | 54 // static |
| 54 void SSLConfigService::EnableDNSSEC() { | 55 void SSLConfigService::EnableDNSSEC() { |
| 55 g_dnssec_enabled = true; | 56 g_dnssec_enabled = true; |
| 56 } | 57 } |
| 57 | 58 |
| 58 // static | 59 // static |
| 59 bool SSLConfigService::dnssec_enabled() { | 60 bool SSLConfigService::dnssec_enabled() { |
| 60 return g_dnssec_enabled; | 61 return g_dnssec_enabled; |
| 61 } | 62 } |
| 62 | 63 |
| 63 // static | 64 // static |
| 64 void SSLConfigService::DisableFalseStart() { | 65 void SSLConfigService::DisableFalseStart() { |
| 65 g_false_start_enabled = false; | 66 g_false_start_enabled = false; |
| 66 } | 67 } |
| 67 | 68 |
| 68 // static | 69 // static |
| 69 bool SSLConfigService::false_start_enabled() { | 70 bool SSLConfigService::false_start_enabled() { |
| 70 return g_false_start_enabled; | 71 return g_false_start_enabled; |
| 71 } | 72 } |
| 72 | 73 |
| 73 // static | 74 // static |
| 74 void SSLConfigService::EnableDNSCertProvenanceChecking() { | 75 void SSLConfigService::EnableDNSCertProvenanceChecking() { |
| 75 g_dns_cert_provenance_checking = true; | 76 g_dns_cert_provenance_checking = true; |
| 76 } | 77 } |
| 77 | 78 |
| 78 // static | 79 // static |
| 80 void SSLConfigService::EnableCachedInfo() { |
| 81 g_cached_info_enabled = true; |
| 82 } |
| 83 |
| 84 // static |
| 85 bool SSLConfigService::cached_info_enabled() { |
| 86 return g_cached_info_enabled; |
| 87 } |
| 88 |
| 89 // static |
| 79 bool SSLConfigService::dns_cert_provenance_checking_enabled() { | 90 bool SSLConfigService::dns_cert_provenance_checking_enabled() { |
| 80 return g_dns_cert_provenance_checking; | 91 return g_dns_cert_provenance_checking; |
| 81 } | 92 } |
| 82 | 93 |
| 83 void SSLConfigService::AddObserver(Observer* observer) { | 94 void SSLConfigService::AddObserver(Observer* observer) { |
| 84 observer_list_.AddObserver(observer); | 95 observer_list_.AddObserver(observer); |
| 85 } | 96 } |
| 86 | 97 |
| 87 void SSLConfigService::RemoveObserver(Observer* observer) { | 98 void SSLConfigService::RemoveObserver(Observer* observer) { |
| 88 observer_list_.RemoveObserver(observer); | 99 observer_list_.RemoveObserver(observer); |
| 89 } | 100 } |
| 90 | 101 |
| 91 SSLConfigService::~SSLConfigService() { | 102 SSLConfigService::~SSLConfigService() { |
| 92 } | 103 } |
| 93 | 104 |
| 94 // static | 105 // static |
| 95 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { | 106 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { |
| 96 ssl_config->dnssec_enabled = g_dnssec_enabled; | 107 ssl_config->dnssec_enabled = g_dnssec_enabled; |
| 97 ssl_config->false_start_enabled = g_false_start_enabled; | 108 ssl_config->false_start_enabled = g_false_start_enabled; |
| 98 ssl_config->dns_cert_provenance_checking_enabled = | 109 ssl_config->dns_cert_provenance_checking_enabled = |
| 99 g_dns_cert_provenance_checking; | 110 g_dns_cert_provenance_checking; |
| 111 ssl_config->cached_info_enabled = g_cached_info_enabled; |
| 100 } | 112 } |
| 101 | 113 |
| 102 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, | 114 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, |
| 103 const SSLConfig& new_config) { | 115 const SSLConfig& new_config) { |
| 104 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || | 116 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || |
| 105 orig_config.ssl3_enabled != new_config.ssl3_enabled || | 117 orig_config.ssl3_enabled != new_config.ssl3_enabled || |
| 106 orig_config.tls1_enabled != new_config.tls1_enabled) { | 118 orig_config.tls1_enabled != new_config.tls1_enabled) { |
| 107 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); | 119 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); |
| 108 } | 120 } |
| 109 } | 121 } |
| 110 | 122 |
| 111 // static | 123 // static |
| 112 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { | 124 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { |
| 113 if (!service) | 125 if (!service) |
| 114 return false; | 126 return false; |
| 115 | 127 |
| 116 SSLConfig ssl_config; | 128 SSLConfig ssl_config; |
| 117 service->GetSSLConfig(&ssl_config); | 129 service->GetSSLConfig(&ssl_config); |
| 118 return ssl_config.tls1_enabled; | 130 return ssl_config.tls1_enabled; |
| 119 } | 131 } |
| 120 | 132 |
| 121 } // namespace net | 133 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7058049:
Added client-side support for the TLS cached info extension. This feature is disabled by default ... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/