| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ |
| 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ | 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/observer_list.h" | 13 #include "base/observer_list.h" |
| 14 #include "base/string_piece.h" |
| 14 #include "net/base/net_api.h" | 15 #include "net/base/net_api.h" |
| 15 #include "net/base/x509_certificate.h" | 16 #include "net/base/x509_certificate.h" |
| 16 | 17 |
| 17 namespace net { | 18 namespace net { |
| 18 | 19 |
| 19 // A collection of SSL-related configuration settings. | 20 // A collection of SSL-related configuration settings. |
| 20 struct NET_API SSLConfig { | 21 struct NET_API SSLConfig { |
| 21 // Default to revocation checking. | 22 // Default to revocation checking. |
| 22 // Default to SSL 3.0 on and TLS 1.0 on. | 23 // Default to SSL 3.0 on and TLS 1.0 on. |
| 23 SSLConfig(); | 24 SSLConfig(); |
| 24 ~SSLConfig(); | 25 ~SSLConfig(); |
| 25 | 26 |
| 26 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. | 27 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. |
| 27 // The expected cert status is written to |cert_status|. |*cert_status| can | 28 // The expected cert status is written to |cert_status|. |*cert_status| can |
| 28 // be NULL if user doesn't care about the cert status. | 29 // be NULL if user doesn't care about the cert status. |
| 29 bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const; | 30 bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const; |
| 30 | 31 |
| 32 // Same as above except works with DER encoded certificates instead |
| 33 // of X509Certificate. |
| 34 bool IsAllowedBadCert(const base::StringPiece& der_cert, |
| 35 int* cert_status) const; |
| 36 |
| 31 bool rev_checking_enabled; // True if server certificate revocation | 37 bool rev_checking_enabled; // True if server certificate revocation |
| 32 // checking is enabled. | 38 // checking is enabled. |
| 33 // SSL 2.0 is not supported. | 39 // SSL 2.0 is not supported. |
| 34 bool ssl3_enabled; // True if SSL 3.0 is enabled. | 40 bool ssl3_enabled; // True if SSL 3.0 is enabled. |
| 35 bool tls1_enabled; // True if TLS 1.0 is enabled. | 41 bool tls1_enabled; // True if TLS 1.0 is enabled. |
| 36 // True if we'll do async checks for certificate provenance using DNS. | 42 // True if we'll do async checks for certificate provenance using DNS. |
| 37 bool dns_cert_provenance_checking_enabled; | 43 bool dns_cert_provenance_checking_enabled; |
| 38 | 44 |
| 39 // Cipher suites which should be explicitly prevented from being used in | 45 // Cipher suites which should be explicitly prevented from being used in |
| 40 // addition to those disabled by the net built-in policy -- by default, all | 46 // addition to those disabled by the net built-in policy -- by default, all |
| (...skipping 19 matching lines...) Expand all Loading... |
| 60 bool cached_info_enabled; // True if TLS cached info extension is enabled. | 66 bool cached_info_enabled; // True if TLS cached info extension is enabled. |
| 61 bool false_start_enabled; // True if we'll use TLS False Start. | 67 bool false_start_enabled; // True if we'll use TLS False Start. |
| 62 | 68 |
| 63 // TODO(wtc): move the following members to a new SSLParams structure. They | 69 // TODO(wtc): move the following members to a new SSLParams structure. They |
| 64 // are not SSL configuration settings. | 70 // are not SSL configuration settings. |
| 65 | 71 |
| 66 struct NET_API CertAndStatus { | 72 struct NET_API CertAndStatus { |
| 67 CertAndStatus(); | 73 CertAndStatus(); |
| 68 ~CertAndStatus(); | 74 ~CertAndStatus(); |
| 69 | 75 |
| 70 scoped_refptr<X509Certificate> cert; | 76 std::string der_cert; |
| 71 int cert_status; | 77 int cert_status; |
| 72 }; | 78 }; |
| 73 | 79 |
| 74 // Add any known-bad SSL certificate (with its cert status) to | 80 // Add any known-bad SSL certificate (with its cert status) to |
| 75 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when | 81 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when |
| 76 // calling SSLClientSocket::Connect. This would normally be done in | 82 // calling SSLClientSocket::Connect. This would normally be done in |
| 77 // response to the user explicitly accepting the bad certificate. | 83 // response to the user explicitly accepting the bad certificate. |
| 78 std::vector<CertAndStatus> allowed_bad_certs; | 84 std::vector<CertAndStatus> allowed_bad_certs; |
| 79 | 85 |
| 80 // True if we should send client_cert to the server. | 86 // True if we should send client_cert to the server. |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 169 void ProcessConfigUpdate(const SSLConfig& orig_config, | 175 void ProcessConfigUpdate(const SSLConfig& orig_config, |
| 170 const SSLConfig& new_config); | 176 const SSLConfig& new_config); |
| 171 | 177 |
| 172 private: | 178 private: |
| 173 ObserverList<Observer> observer_list_; | 179 ObserverList<Observer> observer_list_; |
| 174 }; | 180 }; |
| 175 | 181 |
| 176 } // namespace net | 182 } // namespace net |
| 177 | 183 |
| 178 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ | 184 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7401003:
Don't use X509Certificate in SSLConfig. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src