Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(265)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket.cc

Issue 1076063002: Remove certificates from Channel ID (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Udpate KeysEqual to fail if preconditions fail Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/test_tools/crypto_test_utils_nss.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/metrics/histogram.h" 7 #include "base/metrics/histogram.h"
8 #include "base/metrics/sparse_histogram.h" 8 #include "base/metrics/sparse_histogram.h"
9 #include "base/strings/string_util.h" 9 #include "base/strings/string_util.h"
10 #include "crypto/ec_private_key.h" 10 #include "crypto/ec_private_key.h"
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after
136 ChannelIDService* channel_id_service, 136 ChannelIDService* channel_id_service,
137 bool negotiated_channel_id, 137 bool negotiated_channel_id,
138 bool channel_id_enabled, 138 bool channel_id_enabled,
139 bool supports_ecc) { 139 bool supports_ecc) {
140 // Since this enum is used for a histogram, do not change or re-use values. 140 // Since this enum is used for a histogram, do not change or re-use values.
141 enum { 141 enum {
142 DISABLED = 0, 142 DISABLED = 0,
143 CLIENT_ONLY = 1, 143 CLIENT_ONLY = 1,
144 CLIENT_AND_SERVER = 2, 144 CLIENT_AND_SERVER = 2,
145 CLIENT_NO_ECC = 3, 145 CLIENT_NO_ECC = 3,
146 // CLIENT_BAD_SYSTEM_TIME is unused now.
146 CLIENT_BAD_SYSTEM_TIME = 4, 147 CLIENT_BAD_SYSTEM_TIME = 4,
147 CLIENT_NO_CHANNEL_ID_SERVICE = 5, 148 CLIENT_NO_CHANNEL_ID_SERVICE = 5,
148 CHANNEL_ID_USAGE_MAX 149 CHANNEL_ID_USAGE_MAX
149 } supported = DISABLED; 150 } supported = DISABLED;
150 if (negotiated_channel_id) { 151 if (negotiated_channel_id) {
151 supported = CLIENT_AND_SERVER; 152 supported = CLIENT_AND_SERVER;
152 } else if (channel_id_enabled) { 153 } else if (channel_id_enabled) {
153 if (!channel_id_service) 154 if (!channel_id_service)
154 supported = CLIENT_NO_CHANNEL_ID_SERVICE; 155 supported = CLIENT_NO_CHANNEL_ID_SERVICE;
155 else if (!supports_ecc) 156 else if (!supports_ecc)
156 supported = CLIENT_NO_ECC; 157 supported = CLIENT_NO_ECC;
157 else if (!channel_id_service->IsSystemTimeValid())
158 supported = CLIENT_BAD_SYSTEM_TIME;
159 else 158 else
160 supported = CLIENT_ONLY; 159 supported = CLIENT_ONLY;
161 } 160 }
162 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, 161 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
163 CHANNEL_ID_USAGE_MAX); 162 CHANNEL_ID_USAGE_MAX);
164 } 163 }
165 164
166 // static 165 // static
167 bool SSLClientSocket::IsChannelIDEnabled( 166 bool SSLClientSocket::IsChannelIDEnabled(
168 const SSLConfig& ssl_config, 167 const SSLConfig& ssl_config,
169 ChannelIDService* channel_id_service) { 168 ChannelIDService* channel_id_service) {
170 if (!ssl_config.channel_id_enabled) 169 if (!ssl_config.channel_id_enabled)
171 return false; 170 return false;
172 if (!channel_id_service) { 171 if (!channel_id_service) {
173 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID."; 172 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID.";
174 return false; 173 return false;
175 } 174 }
176 if (!crypto::ECPrivateKey::IsSupported()) { 175 if (!crypto::ECPrivateKey::IsSupported()) {
177 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; 176 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID.";
178 return false; 177 return false;
179 } 178 }
180 if (!channel_id_service->IsSystemTimeValid()) {
181 DVLOG(1) << "System time is not within the supported range for certificate "
182 "generation, not enabling channel ID.";
183 return false;
184 }
185 return true; 179 return true;
186 } 180 }
187 181
188 // static 182 // static
189 bool SSLClientSocket::HasCipherAdequateForHTTP2( 183 bool SSLClientSocket::HasCipherAdequateForHTTP2(
190 const std::vector<uint16>& cipher_suites) { 184 const std::vector<uint16>& cipher_suites) {
191 for (uint16 cipher : cipher_suites) { 185 for (uint16 cipher : cipher_suites) {
192 if (IsSecureTLSCipherSuite(cipher)) 186 if (IsSecureTLSCipherSuite(cipher))
193 return true; 187 return true;
194 } 188 }
(...skipping 28 matching lines...) Expand all
223 wire_protos.push_back(proto.size()); 217 wire_protos.push_back(proto.size());
224 for (const char ch : proto) { 218 for (const char ch : proto) {
225 wire_protos.push_back(static_cast<uint8_t>(ch)); 219 wire_protos.push_back(static_cast<uint8_t>(ch));
226 } 220 }
227 } 221 }
228 222
229 return wire_protos; 223 return wire_protos;
230 } 224 }
231 225
232 } // namespace net 226 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/test_tools/crypto_test_utils_nss.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698