OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
8 #include "base/metrics/sparse_histogram.h" | 8 #include "base/metrics/sparse_histogram.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "crypto/ec_private_key.h" | 10 #include "crypto/ec_private_key.h" |
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
149 ChannelIDService* channel_id_service, | 149 ChannelIDService* channel_id_service, |
150 bool negotiated_channel_id, | 150 bool negotiated_channel_id, |
151 bool channel_id_enabled, | 151 bool channel_id_enabled, |
152 bool supports_ecc) { | 152 bool supports_ecc) { |
153 // Since this enum is used for a histogram, do not change or re-use values. | 153 // Since this enum is used for a histogram, do not change or re-use values. |
154 enum { | 154 enum { |
155 DISABLED = 0, | 155 DISABLED = 0, |
156 CLIENT_ONLY = 1, | 156 CLIENT_ONLY = 1, |
157 CLIENT_AND_SERVER = 2, | 157 CLIENT_AND_SERVER = 2, |
158 CLIENT_NO_ECC = 3, | 158 CLIENT_NO_ECC = 3, |
| 159 // CLIENT_BAD_SYSTEM_TIME is unused now. |
159 CLIENT_BAD_SYSTEM_TIME = 4, | 160 CLIENT_BAD_SYSTEM_TIME = 4, |
160 CLIENT_NO_CHANNEL_ID_SERVICE = 5, | 161 CLIENT_NO_CHANNEL_ID_SERVICE = 5, |
161 CHANNEL_ID_USAGE_MAX | 162 CHANNEL_ID_USAGE_MAX |
162 } supported = DISABLED; | 163 } supported = DISABLED; |
163 if (negotiated_channel_id) { | 164 if (negotiated_channel_id) { |
164 supported = CLIENT_AND_SERVER; | 165 supported = CLIENT_AND_SERVER; |
165 } else if (channel_id_enabled) { | 166 } else if (channel_id_enabled) { |
166 if (!channel_id_service) | 167 if (!channel_id_service) |
167 supported = CLIENT_NO_CHANNEL_ID_SERVICE; | 168 supported = CLIENT_NO_CHANNEL_ID_SERVICE; |
168 else if (!supports_ecc) | 169 else if (!supports_ecc) |
169 supported = CLIENT_NO_ECC; | 170 supported = CLIENT_NO_ECC; |
170 else if (!channel_id_service->IsSystemTimeValid()) | |
171 supported = CLIENT_BAD_SYSTEM_TIME; | |
172 else | 171 else |
173 supported = CLIENT_ONLY; | 172 supported = CLIENT_ONLY; |
174 } | 173 } |
175 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 174 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
176 CHANNEL_ID_USAGE_MAX); | 175 CHANNEL_ID_USAGE_MAX); |
177 } | 176 } |
178 | 177 |
179 // static | 178 // static |
180 bool SSLClientSocket::IsChannelIDEnabled( | 179 bool SSLClientSocket::IsChannelIDEnabled( |
181 const SSLConfig& ssl_config, | 180 const SSLConfig& ssl_config, |
182 ChannelIDService* channel_id_service) { | 181 ChannelIDService* channel_id_service) { |
183 if (!ssl_config.channel_id_enabled) | 182 if (!ssl_config.channel_id_enabled) |
184 return false; | 183 return false; |
185 if (!channel_id_service) { | 184 if (!channel_id_service) { |
186 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID."; | 185 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID."; |
187 return false; | 186 return false; |
188 } | 187 } |
189 if (!crypto::ECPrivateKey::IsSupported()) { | 188 if (!crypto::ECPrivateKey::IsSupported()) { |
190 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; | 189 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; |
191 return false; | 190 return false; |
192 } | 191 } |
193 if (!channel_id_service->IsSystemTimeValid()) { | |
194 DVLOG(1) << "System time is not within the supported range for certificate " | |
195 "generation, not enabling channel ID."; | |
196 return false; | |
197 } | |
198 return true; | 192 return true; |
199 } | 193 } |
200 | 194 |
201 // static | 195 // static |
202 bool SSLClientSocket::HasCipherAdequateForHTTP2( | 196 bool SSLClientSocket::HasCipherAdequateForHTTP2( |
203 const std::vector<uint16>& cipher_suites) { | 197 const std::vector<uint16>& cipher_suites) { |
204 for (uint16 cipher : cipher_suites) { | 198 for (uint16 cipher : cipher_suites) { |
205 if (IsSecureTLSCipherSuite(cipher)) | 199 if (IsSecureTLSCipherSuite(cipher)) |
206 return true; | 200 return true; |
207 } | 201 } |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
262 } else { | 256 } else { |
263 sample += 500; | 257 sample += 500; |
264 } | 258 } |
265 } else { | 259 } else { |
266 DCHECK_EQ(kExtensionALPN, negotiation_extension_); | 260 DCHECK_EQ(kExtensionALPN, negotiation_extension_); |
267 } | 261 } |
268 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLProtocolNegotiation", sample); | 262 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLProtocolNegotiation", sample); |
269 } | 263 } |
270 | 264 |
271 } // namespace net | 265 } // namespace net |
OLD | NEW |