Chromium Code Reviews Chromium Code Reviews
Issue 7058049:
Added client-side support for the TLS cached info extension. This feature is disabled by default ... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ |
| 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ | 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 // | 50 // |
| 51 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in | 51 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in |
| 52 // big-endian form, they should be declared in host byte order, with the | 52 // big-endian form, they should be declared in host byte order, with the |
| 53 // first uint8 occupying the most significant byte. | 53 // first uint8 occupying the most significant byte. |
| 54 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to | 54 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
| 55 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. | 55 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
| 56 // | 56 // |
| 57 // TODO(rsleevi): Not implemented when using Schannel. | 57 // TODO(rsleevi): Not implemented when using Schannel. |
| 58 std::vector<uint16> disabled_cipher_suites; | 58 std::vector<uint16> disabled_cipher_suites; |
| 59 | 59 |
| 60 bool cached_info_enabled; // True if TLS cached info extension is enabled. | |
| 60 bool false_start_enabled; // True if we'll use TLS False Start. | 61 bool false_start_enabled; // True if we'll use TLS False Start. |
| 61 | 62 |
| 62 // TODO(wtc): move the following members to a new SSLParams structure. They | 63 // TODO(wtc): move the following members to a new SSLParams structure. They |
| 63 // are not SSL configuration settings. | 64 // are not SSL configuration settings. |
| 64 | 65 |
| 65 struct NET_API CertAndStatus { | 66 struct NET_API CertAndStatus { |
| 66 CertAndStatus(); | 67 CertAndStatus(); |
| 67 ~CertAndStatus(); | 68 ~CertAndStatus(); |
| 68 | 69 |
| 69 scoped_refptr<X509Certificate> cert; | 70 scoped_refptr<X509Certificate> cert; |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 126 // that are not native to their platform, such as preference-backed ones. | 127 // that are not native to their platform, such as preference-backed ones. |
| 127 static SSLConfigService* CreateSystemSSLConfigService(); | 128 static SSLConfigService* CreateSystemSSLConfigService(); |
| 128 | 129 |
| 129 // May not be thread-safe, should only be called on the IO thread. | 130 // May not be thread-safe, should only be called on the IO thread. |
| 130 virtual void GetSSLConfig(SSLConfig* config) = 0; | 131 virtual void GetSSLConfig(SSLConfig* config) = 0; |
| 131 | 132 |
| 132 // Returns true if the given hostname is known to be incompatible with TLS | 133 // Returns true if the given hostname is known to be incompatible with TLS |
| 133 // False Start. | 134 // False Start. |
| 134 static bool IsKnownFalseStartIncompatibleServer(const std::string& hostname); | 135 static bool IsKnownFalseStartIncompatibleServer(const std::string& hostname); |
| 135 | 136 |
| 137 // Enables the TLS cached info extension, which allows the server to send | |
| 138 // just a digest of its certificate chain | |
|
wtc
2011/06/17 22:57:09
Nit: add a period (.)
rkn
2011/06/20 21:21:09
Done.
| |
| 139 static void EnableCachedInfo(); | |
| 140 static bool cached_info_enabled(); | |
| 141 | |
| 136 // Disables False Start in SSL connections. | 142 // Disables False Start in SSL connections. |
| 137 static void DisableFalseStart(); | 143 static void DisableFalseStart(); |
| 138 // True if we use False Start for SSL and TLS. | 144 // True if we use False Start for SSL and TLS. |
| 139 static bool false_start_enabled(); | 145 static bool false_start_enabled(); |
| 140 | 146 |
| 141 // Enables DNS side checks for certificates. | 147 // Enables DNS side checks for certificates. |
| 142 static void EnableDNSCertProvenanceChecking(); | 148 static void EnableDNSCertProvenanceChecking(); |
| 143 static bool dns_cert_provenance_checking_enabled(); | 149 static bool dns_cert_provenance_checking_enabled(); |
| 144 | 150 |
| 145 // Disabled revocation checking for some sites that we have additional | 151 // Disabled revocation checking for some sites that we have additional |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 168 void ProcessConfigUpdate(const SSLConfig& orig_config, | 174 void ProcessConfigUpdate(const SSLConfig& orig_config, |
| 169 const SSLConfig& new_config); | 175 const SSLConfig& new_config); |
| 170 | 176 |
| 171 private: | 177 private: |
| 172 ObserverList<Observer> observer_list_; | 178 ObserverList<Observer> observer_list_; |
| 173 }; | 179 }; |
| 174 | 180 |
| 175 } // namespace net | 181 } // namespace net |
| 176 | 182 |
| 177 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ | 183 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ |
| OLD | NEW |
