Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(84)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service.h

Issue 125120: Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_verifier.cc ('k') | net/base/x509_certificate.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H__ 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H__
6 #define NET_BASE_SSL_CONFIG_SERVICE_H__ 6 #define NET_BASE_SSL_CONFIG_SERVICE_H__
7 7
8 #include <set> 8 #include <set>
9 9
10 #include "base/time.h" 10 #include "base/time.h"
11 #include "net/base/x509_certificate.h" 11 #include "net/base/x509_certificate.h"
12 12
13 namespace net { 13 namespace net {
14 14
15 // A collection of SSL-related configuration settings. 15 // A collection of SSL-related configuration settings.
16 struct SSLConfig { 16 struct SSLConfig {
17 // Default to no revocation checking. 17 // Default to no revocation checking.
18 // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. 18 // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
19 SSLConfig() 19 SSLConfig()
20 : rev_checking_enabled(false), ssl2_enabled(false), 20 : rev_checking_enabled(false), ssl2_enabled(false), ssl3_enabled(true),
21 ssl3_enabled(true), tls1_enabled(true), send_client_cert(false) { 21 tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) {
22 } 22 }
23 23
24 bool rev_checking_enabled; // True if server certificate revocation 24 bool rev_checking_enabled; // True if server certificate revocation
25 // checking is enabled. 25 // checking is enabled.
26 bool ssl2_enabled; // True if SSL 2.0 is enabled. 26 bool ssl2_enabled; // True if SSL 2.0 is enabled.
27 bool ssl3_enabled; // True if SSL 3.0 is enabled. 27 bool ssl3_enabled; // True if SSL 3.0 is enabled.
28 bool tls1_enabled; // True if TLS 1.0 is enabled. 28 bool tls1_enabled; // True if TLS 1.0 is enabled.
29 29
30 // TODO(wtc): move the following members to a new SSLParams structure. They 30 // TODO(wtc): move the following members to a new SSLParams structure. They
31 // are not SSL configuration settings. 31 // are not SSL configuration settings.
32 32
33 // Add any known-bad SSL certificates to allowed_bad_certs_ that should not 33 // Add any known-bad SSL certificates to allowed_bad_certs_ that should not
34 // trigger an ERR_CERT_*_INVALID error when calling SSLClientSocket::Connect. 34 // trigger an ERR_CERT_*_INVALID error when calling SSLClientSocket::Connect.
35 // This would normally be done in response to the user explicitly accepting 35 // This would normally be done in response to the user explicitly accepting
36 // the bad certificate. 36 // the bad certificate.
37 std::set<scoped_refptr<X509Certificate> > allowed_bad_certs_; 37 std::set<scoped_refptr<X509Certificate> > allowed_bad_certs_;
38 38
39 // True if we should send client_cert to the server. 39 // True if we should send client_cert to the server.
40 bool send_client_cert; 40 bool send_client_cert;
41 41
42 bool verify_ev_cert; // True if we should verify the certificate for EV.
43
42 scoped_refptr<X509Certificate> client_cert; 44 scoped_refptr<X509Certificate> client_cert;
43 }; 45 };
44 46
45 // This class is responsible for getting and setting the SSL configuration. 47 // This class is responsible for getting and setting the SSL configuration.
46 // 48 //
47 // We think the SSL configuration settings should apply to all applications 49 // We think the SSL configuration settings should apply to all applications
48 // used by the user. We consider IE's Internet Options as the de facto 50 // used by the user. We consider IE's Internet Options as the de facto
49 // system-wide network configuration settings, so we just use the values 51 // system-wide network configuration settings, so we just use the values
50 // from IE's Internet Settings registry key. 52 // from IE's Internet Settings registry key.
51 class SSLConfigService { 53 class SSLConfigService {
(...skipping 27 matching lines...) Expand all
79 // We store the IE SSL config and the time that we fetched it. 81 // We store the IE SSL config and the time that we fetched it.
80 SSLConfig config_info_; 82 SSLConfig config_info_;
81 base::TimeTicks config_time_; 83 base::TimeTicks config_time_;
82 84
83 DISALLOW_EVIL_CONSTRUCTORS(SSLConfigService); 85 DISALLOW_EVIL_CONSTRUCTORS(SSLConfigService);
84 }; 86 };
85 87
86 } // namespace net 88 } // namespace net
87 89
88 #endif // NET_BASE_SSL_CONFIG_SERVICE_H__ 90 #endif // NET_BASE_SSL_CONFIG_SERVICE_H__
OLDNEW
« no previous file with comments | « net/base/cert_verifier.cc ('k') | net/base/x509_certificate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698