OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ |
6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ | 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
13 #include "base/observer_list.h" | 13 #include "base/observer_list.h" |
14 #include "net/base/net_api.h" | 14 #include "net/base/net_api.h" |
15 #include "net/base/x509_certificate.h" | 15 #include "net/base/x509_certificate.h" |
16 | 16 |
17 namespace net { | 17 namespace net { |
18 | 18 |
19 // A collection of SSL-related configuration settings. | 19 // A collection of SSL-related configuration settings. |
20 struct NET_API SSLConfig { | 20 struct NET_API SSLConfig { |
21 // Default to revocation checking. | 21 // Default to revocation checking. |
22 // Default to SSL 3.0 on and TLS 1.0 on. | 22 // Default to SSL 3.0 on and TLS 1.0 on. |
23 SSLConfig(); | 23 SSLConfig(); |
24 ~SSLConfig(); | 24 ~SSLConfig(); |
25 | 25 |
26 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. | 26 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. |
27 // The expected cert status is written to |cert_status|. |*cert_status| can | 27 // The expected cert status is written to |cert_status|. |*cert_status| can |
28 // be NULL if user doesn't care about the cert status. | 28 // be NULL if user doesn't care about the cert status. |
29 bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const; | 29 bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const; |
30 bool IsAllowedBadCert(const std::string& cert_der, int* cert_status) const; | |
wtc
2011/07/19 21:57:01
Please document the new IsAllowedBadCert variant.
Sergey Ulanov
2011/07/19 23:50:21
Done.
| |
30 | 31 |
31 bool rev_checking_enabled; // True if server certificate revocation | 32 bool rev_checking_enabled; // True if server certificate revocation |
32 // checking is enabled. | 33 // checking is enabled. |
33 // SSL 2.0 is not supported. | 34 // SSL 2.0 is not supported. |
34 bool ssl3_enabled; // True if SSL 3.0 is enabled. | 35 bool ssl3_enabled; // True if SSL 3.0 is enabled. |
35 bool tls1_enabled; // True if TLS 1.0 is enabled. | 36 bool tls1_enabled; // True if TLS 1.0 is enabled. |
36 // True if we'll do async checks for certificate provenance using DNS. | 37 // True if we'll do async checks for certificate provenance using DNS. |
37 bool dns_cert_provenance_checking_enabled; | 38 bool dns_cert_provenance_checking_enabled; |
38 | 39 |
39 // Cipher suites which should be explicitly prevented from being used in | 40 // Cipher suites which should be explicitly prevented from being used in |
(...skipping 20 matching lines...) Expand all Loading... | |
60 bool cached_info_enabled; // True if TLS cached info extension is enabled. | 61 bool cached_info_enabled; // True if TLS cached info extension is enabled. |
61 bool false_start_enabled; // True if we'll use TLS False Start. | 62 bool false_start_enabled; // True if we'll use TLS False Start. |
62 | 63 |
63 // TODO(wtc): move the following members to a new SSLParams structure. They | 64 // TODO(wtc): move the following members to a new SSLParams structure. They |
64 // are not SSL configuration settings. | 65 // are not SSL configuration settings. |
65 | 66 |
66 struct NET_API CertAndStatus { | 67 struct NET_API CertAndStatus { |
67 CertAndStatus(); | 68 CertAndStatus(); |
68 ~CertAndStatus(); | 69 ~CertAndStatus(); |
69 | 70 |
70 scoped_refptr<X509Certificate> cert; | 71 std::string cert_der; |
71 int cert_status; | 72 int cert_status; |
72 }; | 73 }; |
73 | 74 |
74 // Add any known-bad SSL certificate (with its cert status) to | 75 // Add any known-bad SSL certificate (with its cert status) to |
75 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when | 76 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when |
76 // calling SSLClientSocket::Connect. This would normally be done in | 77 // calling SSLClientSocket::Connect. This would normally be done in |
77 // response to the user explicitly accepting the bad certificate. | 78 // response to the user explicitly accepting the bad certificate. |
78 std::vector<CertAndStatus> allowed_bad_certs; | 79 std::vector<CertAndStatus> allowed_bad_certs; |
79 | 80 |
80 // True if we should send client_cert to the server. | 81 // True if we should send client_cert to the server. |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
169 void ProcessConfigUpdate(const SSLConfig& orig_config, | 170 void ProcessConfigUpdate(const SSLConfig& orig_config, |
170 const SSLConfig& new_config); | 171 const SSLConfig& new_config); |
171 | 172 |
172 private: | 173 private: |
173 ObserverList<Observer> observer_list_; | 174 ObserverList<Observer> observer_list_; |
174 }; | 175 }; |
175 | 176 |
176 } // namespace net | 177 } // namespace net |
177 | 178 |
178 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ | 179 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ |
OLD | NEW |