Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(818)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_config.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: update to latest version of tb nego spec; tweak SSLConfig Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/ssl/ssl_config.h ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_config.h" 5 #include "net/ssl/ssl_config.h"
6 6
7 #include "net/cert/cert_verifier.h" 7 #include "net/cert/cert_verifier.h"
8 8
9 namespace net { 9 namespace net {
10 10
(...skipping 16 matching lines...) Expand all
27 deprecated_cipher_suites_enabled(false), 27 deprecated_cipher_suites_enabled(false),
28 rc4_enabled(false), 28 rc4_enabled(false),
29 channel_id_enabled(true), 29 channel_id_enabled(true),
30 false_start_enabled(true), 30 false_start_enabled(true),
31 signed_cert_timestamps_enabled(true), 31 signed_cert_timestamps_enabled(true),
32 require_ecdhe(false), 32 require_ecdhe(false),
33 send_client_cert(false), 33 send_client_cert(false),
34 verify_ev_cert(false), 34 verify_ev_cert(false),
35 version_fallback(false), 35 version_fallback(false),
36 cert_io_enabled(true), 36 cert_io_enabled(true),
37 renego_allowed_default(false) {} 37 renego_allowed_default(false) {
38 token_binding_params.push_back(TB_PARAM_ECDSAP256);
nharper 2015/10/31 02:01:23 I have 2 new fields in SSLConfig: token_binding_en
davidben 2015/11/04 00:40:36 I think I would do one of: - Caller sets bool tok
nharper 2015/11/04 02:28:04 The latter sounds reasonable to me.
39 }
38 40
39 SSLConfig::~SSLConfig() {} 41 SSLConfig::~SSLConfig() {}
40 42
41 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 43 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
42 CertStatus* cert_status) const { 44 CertStatus* cert_status) const {
43 std::string der_cert; 45 std::string der_cert;
44 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) 46 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert))
45 return false; 47 return false;
46 return IsAllowedBadCert(der_cert, cert_status); 48 return IsAllowedBadCert(der_cert, cert_status);
47 } 49 }
(...skipping 17 matching lines...) Expand all
65 if (verify_ev_cert) 67 if (verify_ev_cert)
66 flags |= CertVerifier::VERIFY_EV_CERT; 68 flags |= CertVerifier::VERIFY_EV_CERT;
67 if (cert_io_enabled) 69 if (cert_io_enabled)
68 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; 70 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED;
69 if (rev_checking_required_local_anchors) 71 if (rev_checking_required_local_anchors)
70 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; 72 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS;
71 return flags; 73 return flags;
72 } 74 }
73 75
74 } // namespace net 76 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/ssl/ssl_config.h ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698