OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_config.h" | 5 #include "net/ssl/ssl_config.h" |
6 | 6 |
7 #include "net/cert/cert_verifier.h" | 7 #include "net/cert/cert_verifier.h" |
8 | 8 |
9 namespace net { | 9 namespace net { |
10 | 10 |
(...skipping 16 matching lines...) Expand all Loading... | |
27 deprecated_cipher_suites_enabled(false), | 27 deprecated_cipher_suites_enabled(false), |
28 rc4_enabled(false), | 28 rc4_enabled(false), |
29 channel_id_enabled(true), | 29 channel_id_enabled(true), |
30 false_start_enabled(true), | 30 false_start_enabled(true), |
31 signed_cert_timestamps_enabled(true), | 31 signed_cert_timestamps_enabled(true), |
32 require_ecdhe(false), | 32 require_ecdhe(false), |
33 send_client_cert(false), | 33 send_client_cert(false), |
34 verify_ev_cert(false), | 34 verify_ev_cert(false), |
35 version_fallback(false), | 35 version_fallback(false), |
36 cert_io_enabled(true), | 36 cert_io_enabled(true), |
37 renego_allowed_default(false) {} | 37 renego_allowed_default(false) { |
38 token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
nharper
2015/10/31 02:01:23
I have 2 new fields in SSLConfig: token_binding_en
davidben
2015/11/04 00:40:36
I think I would do one of:
- Caller sets bool tok
nharper
2015/11/04 02:28:04
The latter sounds reasonable to me.
| |
39 } | |
38 | 40 |
39 SSLConfig::~SSLConfig() {} | 41 SSLConfig::~SSLConfig() {} |
40 | 42 |
41 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, | 43 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, |
42 CertStatus* cert_status) const { | 44 CertStatus* cert_status) const { |
43 std::string der_cert; | 45 std::string der_cert; |
44 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) | 46 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) |
45 return false; | 47 return false; |
46 return IsAllowedBadCert(der_cert, cert_status); | 48 return IsAllowedBadCert(der_cert, cert_status); |
47 } | 49 } |
(...skipping 17 matching lines...) Expand all Loading... | |
65 if (verify_ev_cert) | 67 if (verify_ev_cert) |
66 flags |= CertVerifier::VERIFY_EV_CERT; | 68 flags |= CertVerifier::VERIFY_EV_CERT; |
67 if (cert_io_enabled) | 69 if (cert_io_enabled) |
68 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 70 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
69 if (rev_checking_required_local_anchors) | 71 if (rev_checking_required_local_anchors) |
70 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; | 72 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; |
71 return flags; | 73 return flags; |
72 } | 74 } |
73 | 75 |
74 } // namespace net | 76 } // namespace net |
OLD | NEW |