Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Side by Side Diff: net/ssl/ssl_config.cc

Issue 1131763002: Reject renegotiations in SSLClientSocket by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: NSS greediness... Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/ssl_config.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_config.h" 5 #include "net/ssl/ssl_config.h"
6 6
7 #include "net/socket/ssl_client_socket.h" 7 #include "net/socket/ssl_client_socket.h"
8 8
9 namespace net { 9 namespace net {
10 10
(...skipping 13 matching lines...) Expand all
24 version_fallback_min(kDefaultSSLVersionFallbackMin), 24 version_fallback_min(kDefaultSSLVersionFallbackMin),
25 enable_deprecated_cipher_suites(false), 25 enable_deprecated_cipher_suites(false),
26 channel_id_enabled(true), 26 channel_id_enabled(true),
27 false_start_enabled(true), 27 false_start_enabled(true),
28 signed_cert_timestamps_enabled(true), 28 signed_cert_timestamps_enabled(true),
29 require_forward_secrecy(false), 29 require_forward_secrecy(false),
30 send_client_cert(false), 30 send_client_cert(false),
31 verify_ev_cert(false), 31 verify_ev_cert(false),
32 version_fallback(false), 32 version_fallback(false),
33 cert_io_enabled(true), 33 cert_io_enabled(true),
34 renego_allowed_default(false),
34 fastradio_padding_enabled(false), 35 fastradio_padding_enabled(false),
35 fastradio_padding_eligible(false) { 36 fastradio_padding_eligible(false) {
36 } 37 }
37 38
38 SSLConfig::~SSLConfig() {} 39 SSLConfig::~SSLConfig() {}
39 40
40 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 41 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
41 CertStatus* cert_status) const { 42 CertStatus* cert_status) const {
42 std::string der_cert; 43 std::string der_cert;
43 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) 44 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert))
44 return false; 45 return false;
45 return IsAllowedBadCert(der_cert, cert_status); 46 return IsAllowedBadCert(der_cert, cert_status);
46 } 47 }
47 48
48 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, 49 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert,
49 CertStatus* cert_status) const { 50 CertStatus* cert_status) const {
50 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { 51 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {
51 if (der_cert == allowed_bad_certs[i].der_cert) { 52 if (der_cert == allowed_bad_certs[i].der_cert) {
52 if (cert_status) 53 if (cert_status)
53 *cert_status = allowed_bad_certs[i].cert_status; 54 *cert_status = allowed_bad_certs[i].cert_status;
54 return true; 55 return true;
55 } 56 }
56 } 57 }
57 return false; 58 return false;
58 } 59 }
59 60
60 } // namespace net 61 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/ssl_config.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698