Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(112)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service.h

Issue 7969023: For the SSL cert status, convert anonymous enum that gives bit values into a typedefed uint32. Th... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_verify_result.h ('k') | net/base/ssl_config_service.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_
6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/memory/ref_counted.h" 12 #include "base/memory/ref_counted.h"
13 #include "base/observer_list.h" 13 #include "base/observer_list.h"
14 #include "base/string_piece.h" 14 #include "base/string_piece.h"
15 #include "net/base/cert_status_flags.h"
15 #include "net/base/net_export.h" 16 #include "net/base/net_export.h"
16 #include "net/base/x509_certificate.h" 17 #include "net/base/x509_certificate.h"
17 18
18 namespace net { 19 namespace net {
19 20
20 // A collection of SSL-related configuration settings. 21 // A collection of SSL-related configuration settings.
21 struct NET_EXPORT SSLConfig { 22 struct NET_EXPORT SSLConfig {
22 // Default to revocation checking. 23 // Default to revocation checking.
23 // Default to SSL 3.0 on and TLS 1.0 on. 24 // Default to SSL 3.0 on and TLS 1.0 on.
24 SSLConfig(); 25 SSLConfig();
25 ~SSLConfig(); 26 ~SSLConfig();
26 27
27 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. 28 // Returns true if |cert| is one of the certs in |allowed_bad_certs|.
28 // The expected cert status is written to |cert_status|. |*cert_status| can 29 // The expected cert status is written to |cert_status|. |*cert_status| can
29 // be NULL if user doesn't care about the cert status. 30 // be NULL if user doesn't care about the cert status.
30 bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const; 31 bool IsAllowedBadCert(X509Certificate* cert, CertStatus* cert_status) const;
31 32
32 // Same as above except works with DER encoded certificates instead 33 // Same as above except works with DER encoded certificates instead
33 // of X509Certificate. 34 // of X509Certificate.
34 bool IsAllowedBadCert(const base::StringPiece& der_cert, 35 bool IsAllowedBadCert(const base::StringPiece& der_cert,
35 int* cert_status) const; 36 CertStatus* cert_status) const;
36 37
37 bool rev_checking_enabled; // True if server certificate revocation 38 bool rev_checking_enabled; // True if server certificate revocation
38 // checking is enabled. 39 // checking is enabled.
39 // SSL 2.0 is not supported. 40 // SSL 2.0 is not supported.
40 bool ssl3_enabled; // True if SSL 3.0 is enabled. 41 bool ssl3_enabled; // True if SSL 3.0 is enabled.
41 bool tls1_enabled; // True if TLS 1.0 is enabled. 42 bool tls1_enabled; // True if TLS 1.0 is enabled.
42 // True if we'll do async checks for certificate provenance using DNS. 43 // True if we'll do async checks for certificate provenance using DNS.
43 bool dns_cert_provenance_checking_enabled; 44 bool dns_cert_provenance_checking_enabled;
44 45
45 // Presorted list of cipher suites which should be explicitly prevented from 46 // Presorted list of cipher suites which should be explicitly prevented from
(...skipping 24 matching lines...) Expand all
70 bool false_start_enabled; // True if we'll use TLS False Start. 71 bool false_start_enabled; // True if we'll use TLS False Start.
71 72
72 // TODO(wtc): move the following members to a new SSLParams structure. They 73 // TODO(wtc): move the following members to a new SSLParams structure. They
73 // are not SSL configuration settings. 74 // are not SSL configuration settings.
74 75
75 struct NET_EXPORT CertAndStatus { 76 struct NET_EXPORT CertAndStatus {
76 CertAndStatus(); 77 CertAndStatus();
77 ~CertAndStatus(); 78 ~CertAndStatus();
78 79
79 std::string der_cert; 80 std::string der_cert;
80 int cert_status; 81 CertStatus cert_status;
81 }; 82 };
82 83
83 // Add any known-bad SSL certificate (with its cert status) to 84 // Add any known-bad SSL certificate (with its cert status) to
84 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when 85 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when
85 // calling SSLClientSocket::Connect. This would normally be done in 86 // calling SSLClientSocket::Connect. This would normally be done in
86 // response to the user explicitly accepting the bad certificate. 87 // response to the user explicitly accepting the bad certificate.
87 std::vector<CertAndStatus> allowed_bad_certs; 88 std::vector<CertAndStatus> allowed_bad_certs;
88 89
89 // True if we should send client_cert to the server. 90 // True if we should send client_cert to the server.
90 bool send_client_cert; 91 bool send_client_cert;
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after
183 void ProcessConfigUpdate(const SSLConfig& orig_config, 184 void ProcessConfigUpdate(const SSLConfig& orig_config,
184 const SSLConfig& new_config); 185 const SSLConfig& new_config);
185 186
186 private: 187 private:
187 ObserverList<Observer> observer_list_; 188 ObserverList<Observer> observer_list_;
188 }; 189 };
189 190
190 } // namespace net 191 } // namespace net
191 192
192 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ 193 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_
OLDNEW
« no previous file with comments | « net/base/cert_verify_result.h ('k') | net/base/ssl_config_service.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698