| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/ssl_config_service.h" | 5 #include "net/base/ssl_config_service.h" |
| 6 | 6 |
| 7 #include "net/base/ssl_config_service_defaults.h" | 7 #include "net/base/ssl_config_service_defaults.h" |
| 8 #include "net/base/ssl_false_start_blacklist.h" | 8 #include "net/base/ssl_false_start_blacklist.h" |
| 9 | 9 |
| 10 namespace net { | 10 namespace net { |
| 11 | 11 |
| 12 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} | 12 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} |
| 13 | 13 |
| 14 SSLConfig::CertAndStatus::~CertAndStatus() {} | 14 SSLConfig::CertAndStatus::~CertAndStatus() {} |
| 15 | 15 |
| 16 SSLConfig::SSLConfig() | 16 SSLConfig::SSLConfig() |
| 17 : rev_checking_enabled(true), ssl3_enabled(true), | 17 : rev_checking_enabled(true), ssl3_enabled(true), |
| 18 tls1_enabled(true), | 18 tls1_enabled(true), |
| 19 dns_cert_provenance_checking_enabled(false), | 19 dns_cert_provenance_checking_enabled(false), cached_info_enabled(false), |
| 20 false_start_enabled(true), | 20 false_start_enabled(true), |
| 21 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { | 21 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { |
| 22 } | 22 } |
| 23 | 23 |
| 24 SSLConfig::~SSLConfig() { | 24 SSLConfig::~SSLConfig() { |
| 25 } | 25 } |
| 26 | 26 |
| 27 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, | 27 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, |
| 28 int* cert_status) const { | 28 int* cert_status) const { |
| 29 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { | 29 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { |
| (...skipping 12 matching lines...) Expand all Loading... |
| 42 | 42 |
| 43 // static | 43 // static |
| 44 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( | 44 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( |
| 45 const std::string& hostname) { | 45 const std::string& hostname) { |
| 46 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); | 46 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); |
| 47 } | 47 } |
| 48 | 48 |
| 49 static bool g_false_start_enabled = true; | 49 static bool g_false_start_enabled = true; |
| 50 static bool g_dns_cert_provenance_checking = false; | 50 static bool g_dns_cert_provenance_checking = false; |
| 51 static bool g_rev_checking_disabled_for_pinned_sites = false; | 51 static bool g_rev_checking_disabled_for_pinned_sites = false; |
| 52 static bool g_cached_info_enabled = false; |
| 53 |
| 54 // static |
| 55 void SSLConfigService::EnableCachedInfo() { |
| 56 g_cached_info_enabled = true; |
| 57 } |
| 58 |
| 59 // static |
| 60 bool SSLConfigService::cached_info_enabled() { |
| 61 return g_cached_info_enabled; |
| 62 } |
| 52 | 63 |
| 53 // static | 64 // static |
| 54 void SSLConfigService::DisableFalseStart() { | 65 void SSLConfigService::DisableFalseStart() { |
| 55 g_false_start_enabled = false; | 66 g_false_start_enabled = false; |
| 56 } | 67 } |
| 57 | 68 |
| 58 // static | 69 // static |
| 59 bool SSLConfigService::false_start_enabled() { | 70 bool SSLConfigService::false_start_enabled() { |
| 60 return g_false_start_enabled; | 71 return g_false_start_enabled; |
| 61 } | 72 } |
| (...skipping 27 matching lines...) Expand all Loading... |
| 89 } | 100 } |
| 90 | 101 |
| 91 SSLConfigService::~SSLConfigService() { | 102 SSLConfigService::~SSLConfigService() { |
| 92 } | 103 } |
| 93 | 104 |
| 94 // static | 105 // static |
| 95 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { | 106 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { |
| 96 ssl_config->false_start_enabled = g_false_start_enabled; | 107 ssl_config->false_start_enabled = g_false_start_enabled; |
| 97 ssl_config->dns_cert_provenance_checking_enabled = | 108 ssl_config->dns_cert_provenance_checking_enabled = |
| 98 g_dns_cert_provenance_checking; | 109 g_dns_cert_provenance_checking; |
| 110 ssl_config->cached_info_enabled = g_cached_info_enabled; |
| 99 } | 111 } |
| 100 | 112 |
| 101 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, | 113 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, |
| 102 const SSLConfig& new_config) { | 114 const SSLConfig& new_config) { |
| 103 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || | 115 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || |
| 104 orig_config.ssl3_enabled != new_config.ssl3_enabled || | 116 orig_config.ssl3_enabled != new_config.ssl3_enabled || |
| 105 orig_config.tls1_enabled != new_config.tls1_enabled) { | 117 orig_config.tls1_enabled != new_config.tls1_enabled) { |
| 106 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); | 118 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); |
| 107 } | 119 } |
| 108 } | 120 } |
| 109 | 121 |
| 110 // static | 122 // static |
| 111 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { | 123 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { |
| 112 if (!service) | 124 if (!service) |
| 113 return false; | 125 return false; |
| 114 | 126 |
| 115 SSLConfig ssl_config; | 127 SSLConfig ssl_config; |
| 116 service->GetSSLConfig(&ssl_config); | 128 service->GetSSLConfig(&ssl_config); |
| 117 return ssl_config.tls1_enabled; | 129 return ssl_config.tls1_enabled; |
| 118 } | 130 } |
| 119 | 131 |
| 120 } // namespace net | 132 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7058049:
Added client-side support for the TLS cached info extension. This feature is disabled by default ... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/