net/base/ssl_config_service.cc - Issue 12680003: net: split net/ssl out of net/base

Side by Side Diff: net/base/ssl_config_service.cc

Issue 12680003: net: split net/ssl out of net/base (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/base/ssl_config_service.h"

6

7 #include "base/lazy_instance.h"

8 #include "base/memory/ref_counted.h"

9 #include "base/synchronization/lock.h"

10 #include "net/base/crl_set.h"

11 #include "net/base/ssl_config_service_defaults.h"

12

13 #if defined(USE_OPENSSL)

14 #include <openssl/ssl.h>

15 #endif

16

17 namespace net {

18

19 static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3;

20

21 static uint16 g_default_version_max =

22 #if defined(USE_OPENSSL)

23 #if defined(SSL_OP_NO_TLSv1_1)

24 SSL_PROTOCOL_VERSION_TLS1_1;

25 #else

26 SSL_PROTOCOL_VERSION_TLS1;

27 #endif

28 #else

29 SSL_PROTOCOL_VERSION_TLS1_1;

30 #endif

31

32 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}

33

34 SSLConfig::CertAndStatus::~CertAndStatus() {}

35

36 SSLConfig::SSLConfig()

37 : rev_checking_enabled(false),

38 version_min(g_default_version_min),

39 version_max(g_default_version_max),

40 cached_info_enabled(false),

41 channel_id_enabled(true),

42 false_start_enabled(true),

43 send_client_cert(false),

44 verify_ev_cert(false),

45 version_fallback(false),

46 cert_io_enabled(true) {

47 }

48

49 SSLConfig::~SSLConfig() {

50 }

51

52 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,

53 CertStatus* cert_status) const {

54 std::string der_cert;

55 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert))

56 return false;

57 return IsAllowedBadCert(der_cert, cert_status);

58 }

59

60 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert,

61 CertStatus* cert_status) const {

62 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {

63 if (der_cert == allowed_bad_certs[i].der_cert) {

64 if (cert_status)

65 *cert_status = allowed_bad_certs[i].cert_status;

66 return true;

67 }

68 }

69 return false;

70 }

71

72 SSLConfigService::SSLConfigService()

73 : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) {

74 }

75

76 static bool g_cached_info_enabled = false;

77

78 // GlobalCRLSet holds a reference to the global CRLSet. It simply wraps a lock

79 // around a scoped_refptr so that getting a reference doesn't race with

80 // updating the CRLSet.

81 class GlobalCRLSet {

82 public:

83 void Set(const scoped_refptr<CRLSet>& new_crl_set) {

84 base::AutoLock locked(lock_);

85 crl_set_ = new_crl_set;

86 }

87

88 scoped_refptr<CRLSet> Get() const {

89 base::AutoLock locked(lock_);

90 return crl_set_;

91 }

92

93 private:

94 scoped_refptr<CRLSet> crl_set_;

95 mutable base::Lock lock_;

96 };

97

98 base::LazyInstance<GlobalCRLSet>::Leaky g_crl_set = LAZY_INSTANCE_INITIALIZER;

99

100 // static

101 void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set) {

102 // Note: this can be called concurently with GetCRLSet().

103 g_crl_set.Get().Set(crl_set);

104 }

105

106 // static

107 scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() {

108 return g_crl_set.Get().Get();

109 }

110

111 void SSLConfigService::EnableCachedInfo() {

112 g_cached_info_enabled = true;

113 }

114

115 // static

116 bool SSLConfigService::cached_info_enabled() {

117 return g_cached_info_enabled;

118 }

119

120 // static

121 uint16 SSLConfigService::default_version_min() {

122 return g_default_version_min;

123 }

124

125 // static

126 uint16 SSLConfigService::default_version_max() {

127 return g_default_version_max;

128 }

129

130 void SSLConfigService::AddObserver(Observer* observer) {

131 observer_list_.AddObserver(observer);

132 }

133

134 void SSLConfigService::RemoveObserver(Observer* observer) {

135 observer_list_.RemoveObserver(observer);

136 }

137

138 void SSLConfigService::NotifySSLConfigChange() {

139 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged());

140 }

141

142 SSLConfigService::~SSLConfigService() {

143 }

144

145 // static

146 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) {

147 ssl_config->cached_info_enabled = g_cached_info_enabled;

148 }

149

150 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,

151 const SSLConfig& new_config) {

152 bool config_changed =

153 (orig_config.rev_checking_enabled != new_config.rev_checking_enabled) \|\|

154 (orig_config.version_min != new_config.version_min) \|\|

155 (orig_config.version_max != new_config.version_max) \|\|

156 (orig_config.disabled_cipher_suites !=

157 new_config.disabled_cipher_suites) \|\|

158 (orig_config.channel_id_enabled != new_config.channel_id_enabled) \|\|

159 (orig_config.false_start_enabled != new_config.false_start_enabled);

160

161 if (config_changed)

162 NotifySSLConfigChange();

163 }

164

165 // static

166 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) {

167 if (!service)

168 return false;

169

170 SSLConfig ssl_config;

171 service->GetSSLConfig(&ssl_config);

172 return ssl_config.version_max >= SSL_PROTOCOL_VERSION_TLS1;

173 }

174

175 } // namespace net

OLD	NEW

« net/base/DEPS ('K') | « net/base/ssl_config_service.h ('k') | net/base/ssl_config_service_defaults.h » ('j') | net/net.gyp » ('J')