Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(19)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service.h

Issue 7058049: Added client-side support for the TLS cached info extension. This feature is disabled by default ... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Added Null pointer check Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/common/chrome_switches.cc ('K') | « chrome/common/chrome_switches.cc ('k') | net/base/ssl_config_service.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_
6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <vector> 9 #include <vector>
10 10
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
51 // 51 //
52 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in 52 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in
53 // big-endian form, they should be declared in host byte order, with the 53 // big-endian form, they should be declared in host byte order, with the
54 // first uint8 occupying the most significant byte. 54 // first uint8 occupying the most significant byte.
55 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to 55 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
56 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. 56 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
57 // 57 //
58 // TODO(rsleevi): Not implemented when using Schannel. 58 // TODO(rsleevi): Not implemented when using Schannel.
59 std::vector<uint16> disabled_cipher_suites; 59 std::vector<uint16> disabled_cipher_suites;
60 60
61 bool cached_info_enabled; // True if TLS cached info extension is enabled.
61 bool false_start_enabled; // True if we'll use TLS False Start. 62 bool false_start_enabled; // True if we'll use TLS False Start.
62 63
63 // TODO(wtc): move the following members to a new SSLParams structure. They 64 // TODO(wtc): move the following members to a new SSLParams structure. They
64 // are not SSL configuration settings. 65 // are not SSL configuration settings.
65 66
66 struct NET_API CertAndStatus { 67 struct NET_API CertAndStatus {
67 CertAndStatus(); 68 CertAndStatus();
68 ~CertAndStatus(); 69 ~CertAndStatus();
69 70
70 scoped_refptr<X509Certificate> cert; 71 scoped_refptr<X509Certificate> cert;
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 133
133 // Returns true if the given hostname is known to be incompatible with TLS 134 // Returns true if the given hostname is known to be incompatible with TLS
134 // False Start. 135 // False Start.
135 static bool IsKnownFalseStartIncompatibleServer(const std::string& hostname); 136 static bool IsKnownFalseStartIncompatibleServer(const std::string& hostname);
136 137
137 // Enables the acceptance of self-signed certificates which contain an 138 // Enables the acceptance of self-signed certificates which contain an
138 // embedded DNSSEC chain proving their validity. 139 // embedded DNSSEC chain proving their validity.
139 static void EnableDNSSEC(); 140 static void EnableDNSSEC();
140 static bool dnssec_enabled(); 141 static bool dnssec_enabled();
141 142
143 // Enables the TLS cached info extension, which allows the server to send
144 // just a digest of its certificate chain
145 static void EnableCachedInfo();
146 static bool cached_info_enabled();
147
142 // Disables False Start in SSL connections. 148 // Disables False Start in SSL connections.
143 static void DisableFalseStart(); 149 static void DisableFalseStart();
144 // True if we use False Start for SSL and TLS. 150 // True if we use False Start for SSL and TLS.
145 static bool false_start_enabled(); 151 static bool false_start_enabled();
146 152
147 // Enables DNS side checks for certificates. 153 // Enables DNS side checks for certificates.
148 static void EnableDNSCertProvenanceChecking(); 154 static void EnableDNSCertProvenanceChecking();
149 static bool dns_cert_provenance_checking_enabled(); 155 static bool dns_cert_provenance_checking_enabled();
150 156
151 // Is SNI available in this configuration? 157 // Is SNI available in this configuration?
(...skipping 17 matching lines...) Expand all
169 void ProcessConfigUpdate(const SSLConfig& orig_config, 175 void ProcessConfigUpdate(const SSLConfig& orig_config,
170 const SSLConfig& new_config); 176 const SSLConfig& new_config);
171 177
172 private: 178 private:
173 ObserverList<Observer> observer_list_; 179 ObserverList<Observer> observer_list_;
174 }; 180 };
175 181
176 } // namespace net 182 } // namespace net
177 183
178 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ 184 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_
OLDNEW
« chrome/common/chrome_switches.cc ('K') | « chrome/common/chrome_switches.cc ('k') | net/base/ssl_config_service.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698