Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service.h

Issue 7058049: Added client-side support for the TLS cached info extension. This feature is disabled by default ... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/common/chrome_switches.cc ('k') | net/base/ssl_config_service.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_
6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <vector> 9 #include <vector>
10 10
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
50 // 50 //
51 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in 51 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in
52 // big-endian form, they should be declared in host byte order, with the 52 // big-endian form, they should be declared in host byte order, with the
53 // first uint8 occupying the most significant byte. 53 // first uint8 occupying the most significant byte.
54 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to 54 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
55 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. 55 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
56 // 56 //
57 // TODO(rsleevi): Not implemented when using Schannel. 57 // TODO(rsleevi): Not implemented when using Schannel.
58 std::vector<uint16> disabled_cipher_suites; 58 std::vector<uint16> disabled_cipher_suites;
59 59
60 bool cached_info_enabled; // True if TLS cached info extension is enabled.
60 bool false_start_enabled; // True if we'll use TLS False Start. 61 bool false_start_enabled; // True if we'll use TLS False Start.
61 62
62 // TODO(wtc): move the following members to a new SSLParams structure. They 63 // TODO(wtc): move the following members to a new SSLParams structure. They
63 // are not SSL configuration settings. 64 // are not SSL configuration settings.
64 65
65 struct NET_API CertAndStatus { 66 struct NET_API CertAndStatus {
66 CertAndStatus(); 67 CertAndStatus();
67 ~CertAndStatus(); 68 ~CertAndStatus();
68 69
69 scoped_refptr<X509Certificate> cert; 70 scoped_refptr<X509Certificate> cert;
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
135 136
136 // Disables False Start in SSL connections. 137 // Disables False Start in SSL connections.
137 static void DisableFalseStart(); 138 static void DisableFalseStart();
138 // True if we use False Start for SSL and TLS. 139 // True if we use False Start for SSL and TLS.
139 static bool false_start_enabled(); 140 static bool false_start_enabled();
140 141
141 // Enables DNS side checks for certificates. 142 // Enables DNS side checks for certificates.
142 static void EnableDNSCertProvenanceChecking(); 143 static void EnableDNSCertProvenanceChecking();
143 static bool dns_cert_provenance_checking_enabled(); 144 static bool dns_cert_provenance_checking_enabled();
144 145
146 // Enables the TLS cached info extension, which allows the server to send
147 // just a digest of its certificate chain.
148 static void EnableCachedInfo();
149 static bool cached_info_enabled();
150
145 // Is SNI available in this configuration? 151 // Is SNI available in this configuration?
146 static bool IsSNIAvailable(SSLConfigService* service); 152 static bool IsSNIAvailable(SSLConfigService* service);
147 153
148 // Add an observer of this service. 154 // Add an observer of this service.
149 void AddObserver(Observer* observer); 155 void AddObserver(Observer* observer);
150 156
151 // Remove an observer of this service. 157 // Remove an observer of this service.
152 void RemoveObserver(Observer* observer); 158 void RemoveObserver(Observer* observer);
153 159
154 protected: 160 protected:
155 friend class base::RefCountedThreadSafe<SSLConfigService>; 161 friend class base::RefCountedThreadSafe<SSLConfigService>;
156 162
157 virtual ~SSLConfigService(); 163 virtual ~SSLConfigService();
158 164
159 // SetFlags sets the values of several flags based on global configuration. 165 // SetFlags sets the values of several flags based on global configuration.
160 static void SetSSLConfigFlags(SSLConfig* ssl_config); 166 static void SetSSLConfigFlags(SSLConfig* ssl_config);
161 167
162 // Process before/after config update. 168 // Process before/after config update.
163 void ProcessConfigUpdate(const SSLConfig& orig_config, 169 void ProcessConfigUpdate(const SSLConfig& orig_config,
164 const SSLConfig& new_config); 170 const SSLConfig& new_config);
165 171
166 private: 172 private:
167 ObserverList<Observer> observer_list_; 173 ObserverList<Observer> observer_list_;
168 }; 174 };
169 175
170 } // namespace net 176 } // namespace net
171 177
172 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ 178 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_
OLDNEW
« no previous file with comments | « chrome/common/chrome_switches.cc ('k') | net/base/ssl_config_service.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698