Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(208)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket.cc

Issue 1076063002: Remove certificates from Channel ID (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: cleanup Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/quic/test_tools/crypto_test_utils_nss.cc ('K') | « net/quic/test_tools/crypto_test_utils_nss.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/metrics/histogram.h" 7 #include "base/metrics/histogram.h"
8 #include "base/metrics/sparse_histogram.h" 8 #include "base/metrics/sparse_histogram.h"
9 #include "base/strings/string_util.h" 9 #include "base/strings/string_util.h"
10 #include "crypto/ec_private_key.h" 10 #include "crypto/ec_private_key.h"
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after
149 ChannelIDService* channel_id_service, 149 ChannelIDService* channel_id_service,
150 bool negotiated_channel_id, 150 bool negotiated_channel_id,
151 bool channel_id_enabled, 151 bool channel_id_enabled,
152 bool supports_ecc) { 152 bool supports_ecc) {
153 // Since this enum is used for a histogram, do not change or re-use values. 153 // Since this enum is used for a histogram, do not change or re-use values.
154 enum { 154 enum {
155 DISABLED = 0, 155 DISABLED = 0,
156 CLIENT_ONLY = 1, 156 CLIENT_ONLY = 1,
157 CLIENT_AND_SERVER = 2, 157 CLIENT_AND_SERVER = 2,
158 CLIENT_NO_ECC = 3, 158 CLIENT_NO_ECC = 3,
159 // CLIENT_BAD_SYSTEM_TIME is unused now.
159 CLIENT_BAD_SYSTEM_TIME = 4, 160 CLIENT_BAD_SYSTEM_TIME = 4,
160 CLIENT_NO_CHANNEL_ID_SERVICE = 5, 161 CLIENT_NO_CHANNEL_ID_SERVICE = 5,
161 CHANNEL_ID_USAGE_MAX 162 CHANNEL_ID_USAGE_MAX
162 } supported = DISABLED; 163 } supported = DISABLED;
163 if (negotiated_channel_id) { 164 if (negotiated_channel_id) {
164 supported = CLIENT_AND_SERVER; 165 supported = CLIENT_AND_SERVER;
165 } else if (channel_id_enabled) { 166 } else if (channel_id_enabled) {
166 if (!channel_id_service) 167 if (!channel_id_service)
167 supported = CLIENT_NO_CHANNEL_ID_SERVICE; 168 supported = CLIENT_NO_CHANNEL_ID_SERVICE;
168 else if (!supports_ecc) 169 else if (!supports_ecc)
169 supported = CLIENT_NO_ECC; 170 supported = CLIENT_NO_ECC;
170 else if (!channel_id_service->IsSystemTimeValid())
171 supported = CLIENT_BAD_SYSTEM_TIME;
172 else 171 else
173 supported = CLIENT_ONLY; 172 supported = CLIENT_ONLY;
174 } 173 }
175 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, 174 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
176 CHANNEL_ID_USAGE_MAX); 175 CHANNEL_ID_USAGE_MAX);
177 } 176 }
178 177
179 // static 178 // static
180 bool SSLClientSocket::IsChannelIDEnabled( 179 bool SSLClientSocket::IsChannelIDEnabled(
181 const SSLConfig& ssl_config, 180 const SSLConfig& ssl_config,
182 ChannelIDService* channel_id_service) { 181 ChannelIDService* channel_id_service) {
183 if (!ssl_config.channel_id_enabled) 182 if (!ssl_config.channel_id_enabled)
184 return false; 183 return false;
185 if (!channel_id_service) { 184 if (!channel_id_service) {
186 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID."; 185 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID.";
187 return false; 186 return false;
188 } 187 }
189 if (!crypto::ECPrivateKey::IsSupported()) { 188 if (!crypto::ECPrivateKey::IsSupported()) {
190 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; 189 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID.";
191 return false; 190 return false;
192 } 191 }
193 if (!channel_id_service->IsSystemTimeValid()) {
194 DVLOG(1) << "System time is not within the supported range for certificate "
195 "generation, not enabling channel ID.";
196 return false;
197 }
198 return true; 192 return true;
199 } 193 }
200 194
201 // static 195 // static
202 bool SSLClientSocket::HasCipherAdequateForHTTP2( 196 bool SSLClientSocket::HasCipherAdequateForHTTP2(
203 const std::vector<uint16>& cipher_suites) { 197 const std::vector<uint16>& cipher_suites) {
204 for (uint16 cipher : cipher_suites) { 198 for (uint16 cipher : cipher_suites) {
205 if (IsSecureTLSCipherSuite(cipher)) 199 if (IsSecureTLSCipherSuite(cipher))
206 return true; 200 return true;
207 } 201 }
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
262 } else { 256 } else {
263 sample += 500; 257 sample += 500;
264 } 258 }
265 } else { 259 } else {
266 DCHECK_EQ(kExtensionALPN, negotiation_extension_); 260 DCHECK_EQ(kExtensionALPN, negotiation_extension_);
267 } 261 }
268 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLProtocolNegotiation", sample); 262 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLProtocolNegotiation", sample);
269 } 263 }
270 264
271 } // namespace net 265 } // namespace net
OLDNEW
« net/quic/test_tools/crypto_test_utils_nss.cc ('K') | « net/quic/test_tools/crypto_test_utils_nss.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698