| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/ssl_config_service.h" | 5 #include "net/base/ssl_config_service.h" |
| 6 | 6 |
| 7 #include "net/base/ssl_config_service_defaults.h" | 7 #include "net/base/ssl_config_service_defaults.h" |
| 8 #include "net/base/ssl_false_start_blacklist.h" | 8 #include "net/base/ssl_false_start_blacklist.h" |
| 9 | 9 |
| 10 namespace net { | 10 namespace net { |
| 11 | 11 |
| 12 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} | 12 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} |
| 13 | 13 |
| 14 SSLConfig::CertAndStatus::~CertAndStatus() {} | 14 SSLConfig::CertAndStatus::~CertAndStatus() {} |
| 15 | 15 |
| 16 SSLConfig::SSLConfig() | 16 SSLConfig::SSLConfig() |
| 17 : rev_checking_enabled(true), ssl3_enabled(true), | 17 : rev_checking_enabled(true), ssl3_enabled(true), |
| 18 tls1_enabled(true), | 18 tls1_enabled(true), |
| 19 dns_cert_provenance_checking_enabled(false), | 19 dns_cert_provenance_checking_enabled(false), cached_info_enabled(false), |
| 20 false_start_enabled(true), | 20 false_start_enabled(true), |
| 21 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { | 21 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { |
| 22 } | 22 } |
| 23 | 23 |
| 24 SSLConfig::~SSLConfig() { | 24 SSLConfig::~SSLConfig() { |
| 25 } | 25 } |
| 26 | 26 |
| 27 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, | 27 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, |
| 28 int* cert_status) const { | 28 int* cert_status) const { |
| 29 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { | 29 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { |
| 30 if (cert->Equals(allowed_bad_certs[i].cert)) { | 30 if (cert->Equals(allowed_bad_certs[i].cert)) { |
| 31 if (cert_status) | 31 if (cert_status) |
| 32 *cert_status = allowed_bad_certs[i].cert_status; | 32 *cert_status = allowed_bad_certs[i].cert_status; |
| 33 return true; | 33 return true; |
| 34 } | 34 } |
| 35 } | 35 } |
| 36 return false; | 36 return false; |
| 37 } | 37 } |
| 38 | 38 |
| 39 SSLConfigService::SSLConfigService() | 39 SSLConfigService::SSLConfigService() |
| 40 : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { | 40 : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { |
| 41 } | 41 } |
| 42 | 42 |
| 43 // static | 43 // static |
| 44 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( | 44 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( |
| 45 const std::string& hostname) { | 45 const std::string& hostname) { |
| 46 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); | 46 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); |
| 47 } | 47 } |
| 48 | 48 |
| 49 static bool g_cached_info_enabled = false; |
| 49 static bool g_false_start_enabled = true; | 50 static bool g_false_start_enabled = true; |
| 50 static bool g_dns_cert_provenance_checking = false; | 51 static bool g_dns_cert_provenance_checking = false; |
| 51 | 52 |
| 52 // static | 53 // static |
| 53 void SSLConfigService::DisableFalseStart() { | 54 void SSLConfigService::DisableFalseStart() { |
| 54 g_false_start_enabled = false; | 55 g_false_start_enabled = false; |
| 55 } | 56 } |
| 56 | 57 |
| 57 // static | 58 // static |
| 58 bool SSLConfigService::false_start_enabled() { | 59 bool SSLConfigService::false_start_enabled() { |
| 59 return g_false_start_enabled; | 60 return g_false_start_enabled; |
| 60 } | 61 } |
| 61 | 62 |
| 62 // static | 63 // static |
| 63 void SSLConfigService::EnableDNSCertProvenanceChecking() { | 64 void SSLConfigService::EnableDNSCertProvenanceChecking() { |
| 64 g_dns_cert_provenance_checking = true; | 65 g_dns_cert_provenance_checking = true; |
| 65 } | 66 } |
| 66 | 67 |
| 67 // static | 68 // static |
| 68 bool SSLConfigService::dns_cert_provenance_checking_enabled() { | 69 bool SSLConfigService::dns_cert_provenance_checking_enabled() { |
| 69 return g_dns_cert_provenance_checking; | 70 return g_dns_cert_provenance_checking; |
| 70 } | 71 } |
| 71 | 72 |
| 73 // static |
| 74 void SSLConfigService::EnableCachedInfo() { |
| 75 g_cached_info_enabled = true; |
| 76 } |
| 77 |
| 78 // static |
| 79 bool SSLConfigService::cached_info_enabled() { |
| 80 return g_cached_info_enabled; |
| 81 } |
| 82 |
| 72 void SSLConfigService::AddObserver(Observer* observer) { | 83 void SSLConfigService::AddObserver(Observer* observer) { |
| 73 observer_list_.AddObserver(observer); | 84 observer_list_.AddObserver(observer); |
| 74 } | 85 } |
| 75 | 86 |
| 76 void SSLConfigService::RemoveObserver(Observer* observer) { | 87 void SSLConfigService::RemoveObserver(Observer* observer) { |
| 77 observer_list_.RemoveObserver(observer); | 88 observer_list_.RemoveObserver(observer); |
| 78 } | 89 } |
| 79 | 90 |
| 80 SSLConfigService::~SSLConfigService() { | 91 SSLConfigService::~SSLConfigService() { |
| 81 } | 92 } |
| 82 | 93 |
| 83 // static | 94 // static |
| 84 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { | 95 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { |
| 85 ssl_config->false_start_enabled = g_false_start_enabled; | 96 ssl_config->false_start_enabled = g_false_start_enabled; |
| 86 ssl_config->dns_cert_provenance_checking_enabled = | 97 ssl_config->dns_cert_provenance_checking_enabled = |
| 87 g_dns_cert_provenance_checking; | 98 g_dns_cert_provenance_checking; |
| 99 ssl_config->cached_info_enabled = g_cached_info_enabled; |
| 88 } | 100 } |
| 89 | 101 |
| 90 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, | 102 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, |
| 91 const SSLConfig& new_config) { | 103 const SSLConfig& new_config) { |
| 92 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || | 104 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || |
| 93 orig_config.ssl3_enabled != new_config.ssl3_enabled || | 105 orig_config.ssl3_enabled != new_config.ssl3_enabled || |
| 94 orig_config.tls1_enabled != new_config.tls1_enabled) { | 106 orig_config.tls1_enabled != new_config.tls1_enabled) { |
| 95 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); | 107 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); |
| 96 } | 108 } |
| 97 } | 109 } |
| 98 | 110 |
| 99 // static | 111 // static |
| 100 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { | 112 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { |
| 101 if (!service) | 113 if (!service) |
| 102 return false; | 114 return false; |
| 103 | 115 |
| 104 SSLConfig ssl_config; | 116 SSLConfig ssl_config; |
| 105 service->GetSSLConfig(&ssl_config); | 117 service->GetSSLConfig(&ssl_config); |
| 106 return ssl_config.tls1_enabled; | 118 return ssl_config.tls1_enabled; |
| 107 } | 119 } |
| 108 | 120 |
| 109 } // namespace net | 121 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7058049:
Added client-side support for the TLS cached info extension. This feature is disabled by default ... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/