OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ |
6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ | 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
13 #include "base/observer_list.h" | 13 #include "base/observer_list.h" |
| 14 #include "base/string_piece.h" |
14 #include "net/base/net_api.h" | 15 #include "net/base/net_api.h" |
15 #include "net/base/x509_certificate.h" | 16 #include "net/base/x509_certificate.h" |
16 | 17 |
17 namespace net { | 18 namespace net { |
18 | 19 |
19 // A collection of SSL-related configuration settings. | 20 // A collection of SSL-related configuration settings. |
20 struct NET_API SSLConfig { | 21 struct NET_API SSLConfig { |
21 // Default to revocation checking. | 22 // Default to revocation checking. |
22 // Default to SSL 3.0 on and TLS 1.0 on. | 23 // Default to SSL 3.0 on and TLS 1.0 on. |
23 SSLConfig(); | 24 SSLConfig(); |
24 ~SSLConfig(); | 25 ~SSLConfig(); |
25 | 26 |
26 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. | 27 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. |
27 // The expected cert status is written to |cert_status|. |*cert_status| can | 28 // The expected cert status is written to |cert_status|. |*cert_status| can |
28 // be NULL if user doesn't care about the cert status. | 29 // be NULL if user doesn't care about the cert status. |
29 bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const; | 30 bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const; |
30 | 31 |
| 32 // Same as above except works with DER encoded certificates instead |
| 33 // of X509Certificate. |
| 34 bool IsAllowedBadCert(const base::StringPiece& der_cert, |
| 35 int* cert_status) const; |
| 36 |
31 bool rev_checking_enabled; // True if server certificate revocation | 37 bool rev_checking_enabled; // True if server certificate revocation |
32 // checking is enabled. | 38 // checking is enabled. |
33 // SSL 2.0 is not supported. | 39 // SSL 2.0 is not supported. |
34 bool ssl3_enabled; // True if SSL 3.0 is enabled. | 40 bool ssl3_enabled; // True if SSL 3.0 is enabled. |
35 bool tls1_enabled; // True if TLS 1.0 is enabled. | 41 bool tls1_enabled; // True if TLS 1.0 is enabled. |
36 // True if we'll do async checks for certificate provenance using DNS. | 42 // True if we'll do async checks for certificate provenance using DNS. |
37 bool dns_cert_provenance_checking_enabled; | 43 bool dns_cert_provenance_checking_enabled; |
38 | 44 |
39 // Cipher suites which should be explicitly prevented from being used in | 45 // Cipher suites which should be explicitly prevented from being used in |
40 // addition to those disabled by the net built-in policy -- by default, all | 46 // addition to those disabled by the net built-in policy -- by default, all |
(...skipping 19 matching lines...) Expand all Loading... |
60 bool cached_info_enabled; // True if TLS cached info extension is enabled. | 66 bool cached_info_enabled; // True if TLS cached info extension is enabled. |
61 bool false_start_enabled; // True if we'll use TLS False Start. | 67 bool false_start_enabled; // True if we'll use TLS False Start. |
62 | 68 |
63 // TODO(wtc): move the following members to a new SSLParams structure. They | 69 // TODO(wtc): move the following members to a new SSLParams structure. They |
64 // are not SSL configuration settings. | 70 // are not SSL configuration settings. |
65 | 71 |
66 struct NET_API CertAndStatus { | 72 struct NET_API CertAndStatus { |
67 CertAndStatus(); | 73 CertAndStatus(); |
68 ~CertAndStatus(); | 74 ~CertAndStatus(); |
69 | 75 |
70 scoped_refptr<X509Certificate> cert; | 76 std::string der_cert; |
71 int cert_status; | 77 int cert_status; |
72 }; | 78 }; |
73 | 79 |
74 // Add any known-bad SSL certificate (with its cert status) to | 80 // Add any known-bad SSL certificate (with its cert status) to |
75 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when | 81 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when |
76 // calling SSLClientSocket::Connect. This would normally be done in | 82 // calling SSLClientSocket::Connect. This would normally be done in |
77 // response to the user explicitly accepting the bad certificate. | 83 // response to the user explicitly accepting the bad certificate. |
78 std::vector<CertAndStatus> allowed_bad_certs; | 84 std::vector<CertAndStatus> allowed_bad_certs; |
79 | 85 |
80 // True if we should send client_cert to the server. | 86 // True if we should send client_cert to the server. |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
169 void ProcessConfigUpdate(const SSLConfig& orig_config, | 175 void ProcessConfigUpdate(const SSLConfig& orig_config, |
170 const SSLConfig& new_config); | 176 const SSLConfig& new_config); |
171 | 177 |
172 private: | 178 private: |
173 ObserverList<Observer> observer_list_; | 179 ObserverList<Observer> observer_list_; |
174 }; | 180 }; |
175 | 181 |
176 } // namespace net | 182 } // namespace net |
177 | 183 |
178 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ | 184 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ |
OLD | NEW |