net/base/ssl_cert_request_info.h - Issue 11739004: Add server certificate request parameters to be stored in SSLCertRequestInfo.

Side by Side Diff: net/base/ssl_cert_request_info.h

Issue 11739004: Add server certificate request parameters to be stored in SSLCertRequestInfo. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Created 7 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_BASE_SSL_CERT_REQUEST_INFO_H_	5 #ifndef NET_BASE_SSL_CERT_REQUEST_INFO_H_

6 #define NET_BASE_SSL_CERT_REQUEST_INFO_H_	6 #define NET_BASE_SSL_CERT_REQUEST_INFO_H_

7	7

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

11 #include "base/memory/ref_counted.h"	11 #include "base/memory/ref_counted.h"

12 #include "net/base/net_export.h"	12 #include "net/base/net_export.h"

	13 #include "net/base/ssl_client_cert_type.h"

13	14

14 namespace net {	15 namespace net {

15	16

16 class X509Certificate;	17 class X509Certificate;

17	18

18 // The SSLCertRequestInfo class contains the info that allows a user to	19 // The SSLCertRequestInfo class represents server criteria regarding client

19 // select a certificate to send to the SSL server for client authentication.	20 // certificate required for a secure connection.

	21 //

	22 // In TLS 1.0, the CertificateRequest
	Ryan Sleevi 2013/01/03 19:15:00 We support TLS 1.1 on (NSS, OpenSSL), which adds s We support TLS 1.1 on (NSS, OpenSSL), which adds several more types: enum { rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), fortezza_dms_RESERVED(20), (255) } ClientCertificateType; ppi 2013/01/07 10:43:35 Thanks, done. Show quoted text On 2013/01/03 19:15:00, Ryan Sleevi wrote: > We support TLS 1.1 on (NSS, OpenSSL), which adds several more types: > > enum { > rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), > rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), > fortezza_dms_RESERVED(20), > (255) > > } ClientCertificateType; Thanks, done.
	23 // message is defined as:

	24 // enum {

	25 // rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),

	26 // (255)

	27 // } ClientCertificateType;

	28 //

	29 // opaque DistinguishedName<1..2^16-1>;

	30 //

	31 // struct {

	32 // ClientCertificateType certificate_types<1..2^8-1>;

	33 // DistinguishedName certificate_authorities<3..2^16-1>;

	34 // } CertificateRequest;

	35
	Ryan Sleevi 2013/01/03 19:15:00 nit: drop this blank line nit: drop this blank line ppi 2013/01/07 10:43:35 Thanks, done. Show quoted text On 2013/01/03 19:15:00, Ryan Sleevi wrote: > nit: drop this blank line Thanks, done.
20 class NET_EXPORT SSLCertRequestInfo	36 class NET_EXPORT SSLCertRequestInfo

21 : public base::RefCountedThreadSafe<SSLCertRequestInfo> {	37 : public base::RefCountedThreadSafe<SSLCertRequestInfo> {

22 public:	38 public:

23 SSLCertRequestInfo();	39 SSLCertRequestInfo();

24	40

25 void Reset();	41 void Reset();

26	42

27 // The host and port of the SSL server that requested client authentication.	43 // The host and port of the SSL server that requested client authentication.

28 std::string host_and_port;	44 std::string host_and_port;

29	45

30 // True if the server that issues this request was the HTTPS proxy used in	46 // True if the server that issues this request was the HTTPS proxy used in

31 // the request. False, if the server was the origin server.	47 // the request. False, if the server was the origin server.

32 bool is_proxy;	48 bool is_proxy;

33	49

34 // A list of client certificates that match the server's criteria in the	50 // List of DER-encoded X.509 DistinguishedName of certificate authorities

35 // SSL CertificateRequest message. In TLS 1.0, the CertificateRequest	51 // allowed by the server.

36 // message is defined as:	52 std::vector<std::string> cert_authorities;

37 // enum {	53

38 // rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),	54 std::vector<SSLClientCertType> cert_key_types;

39 // (255)	55

40 // } ClientCertificateType;	56 // Client certificates matching the server criteria. This should be soon

41 //	57 // removed as being tracked in http://crbug.com/166642.
	Ryan Sleevi 2013/01/03 19:15:00 s/soon removed/removed soon,/ s/soon removed/removed soon,/ ppi 2013/01/07 10:43:35 Thanks, done. Show quoted text On 2013/01/03 19:15:00, Ryan Sleevi wrote: > s/soon removed/removed soon,/ Thanks, done.
42 // opaque DistinguishedName<1..2^16-1>;

43 //

44 // struct {

45 // ClientCertificateType certificate_types<1..2^8-1>;

46 // DistinguishedName certificate_authorities<3..2^16-1>;

47 // } CertificateRequest;

48 std::vector<scoped_refptr<X509Certificate> > client_certs;	58 std::vector<scoped_refptr<X509Certificate> > client_certs;

49	59

50 private:	60 private:

51 friend class base::RefCountedThreadSafe<SSLCertRequestInfo>;	61 friend class base::RefCountedThreadSafe<SSLCertRequestInfo>;

52	62

53 ~SSLCertRequestInfo();	63 ~SSLCertRequestInfo();

54 };	64 };

55	65

56 } // namespace net	66 } // namespace net

57	67

58 #endif // NET_BASE_SSL_CERT_REQUEST_INFO_H_	68 #endif // NET_BASE_SSL_CERT_REQUEST_INFO_H_

OLD	NEW

« no previous file with comments | « no previous file | net/base/ssl_cert_request_info.cc » ('j') | no next file with comments »