Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service.h

Issue 7995014: Revert 102322 - For the SSL cert status, convert anonymous enum that gives bit values into a type... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_verify_result.h ('k') | net/base/ssl_config_service.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_
6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/memory/ref_counted.h" 12 #include "base/memory/ref_counted.h"
13 #include "base/observer_list.h" 13 #include "base/observer_list.h"
14 #include "base/string_piece.h" 14 #include "base/string_piece.h"
15 #include "net/base/cert_status_flags.h"
16 #include "net/base/net_export.h" 15 #include "net/base/net_export.h"
17 #include "net/base/x509_certificate.h" 16 #include "net/base/x509_certificate.h"
18 17
19 namespace net { 18 namespace net {
20 19
21 // A collection of SSL-related configuration settings. 20 // A collection of SSL-related configuration settings.
22 struct NET_EXPORT SSLConfig { 21 struct NET_EXPORT SSLConfig {
23 // Default to revocation checking. 22 // Default to revocation checking.
24 // Default to SSL 3.0 on and TLS 1.0 on. 23 // Default to SSL 3.0 on and TLS 1.0 on.
25 SSLConfig(); 24 SSLConfig();
26 ~SSLConfig(); 25 ~SSLConfig();
27 26
28 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. 27 // Returns true if |cert| is one of the certs in |allowed_bad_certs|.
29 // The expected cert status is written to |cert_status|. |*cert_status| can 28 // The expected cert status is written to |cert_status|. |*cert_status| can
30 // be NULL if user doesn't care about the cert status. 29 // be NULL if user doesn't care about the cert status.
31 bool IsAllowedBadCert(X509Certificate* cert, CertStatus* cert_status) const; 30 bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const;
32 31
33 // Same as above except works with DER encoded certificates instead 32 // Same as above except works with DER encoded certificates instead
34 // of X509Certificate. 33 // of X509Certificate.
35 bool IsAllowedBadCert(const base::StringPiece& der_cert, 34 bool IsAllowedBadCert(const base::StringPiece& der_cert,
36 CertStatus* cert_status) const; 35 int* cert_status) const;
37 36
38 bool rev_checking_enabled; // True if server certificate revocation 37 bool rev_checking_enabled; // True if server certificate revocation
39 // checking is enabled. 38 // checking is enabled.
40 // SSL 2.0 is not supported. 39 // SSL 2.0 is not supported.
41 bool ssl3_enabled; // True if SSL 3.0 is enabled. 40 bool ssl3_enabled; // True if SSL 3.0 is enabled.
42 bool tls1_enabled; // True if TLS 1.0 is enabled. 41 bool tls1_enabled; // True if TLS 1.0 is enabled.
43 // True if we'll do async checks for certificate provenance using DNS. 42 // True if we'll do async checks for certificate provenance using DNS.
44 bool dns_cert_provenance_checking_enabled; 43 bool dns_cert_provenance_checking_enabled;
45 44
46 // Presorted list of cipher suites which should be explicitly prevented from 45 // Presorted list of cipher suites which should be explicitly prevented from
(...skipping 24 matching lines...) Expand all
71 bool false_start_enabled; // True if we'll use TLS False Start. 70 bool false_start_enabled; // True if we'll use TLS False Start.
72 71
73 // TODO(wtc): move the following members to a new SSLParams structure. They 72 // TODO(wtc): move the following members to a new SSLParams structure. They
74 // are not SSL configuration settings. 73 // are not SSL configuration settings.
75 74
76 struct NET_EXPORT CertAndStatus { 75 struct NET_EXPORT CertAndStatus {
77 CertAndStatus(); 76 CertAndStatus();
78 ~CertAndStatus(); 77 ~CertAndStatus();
79 78
80 std::string der_cert; 79 std::string der_cert;
81 CertStatus cert_status; 80 int cert_status;
82 }; 81 };
83 82
84 // Add any known-bad SSL certificate (with its cert status) to 83 // Add any known-bad SSL certificate (with its cert status) to
85 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when 84 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when
86 // calling SSLClientSocket::Connect. This would normally be done in 85 // calling SSLClientSocket::Connect. This would normally be done in
87 // response to the user explicitly accepting the bad certificate. 86 // response to the user explicitly accepting the bad certificate.
88 std::vector<CertAndStatus> allowed_bad_certs; 87 std::vector<CertAndStatus> allowed_bad_certs;
89 88
90 // True if we should send client_cert to the server. 89 // True if we should send client_cert to the server.
91 bool send_client_cert; 90 bool send_client_cert;
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after
184 void ProcessConfigUpdate(const SSLConfig& orig_config, 183 void ProcessConfigUpdate(const SSLConfig& orig_config,
185 const SSLConfig& new_config); 184 const SSLConfig& new_config);
186 185
187 private: 186 private:
188 ObserverList<Observer> observer_list_; 187 ObserverList<Observer> observer_list_;
189 }; 188 };
190 189
191 } // namespace net 190 } // namespace net
192 191
193 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ 192 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_
OLDNEW
« no previous file with comments | « net/base/cert_verify_result.h ('k') | net/base/ssl_config_service.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698