OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CONFIG_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_H_ |
6 #define NET_SSL_SSL_CONFIG_H_ | 6 #define NET_SSL_SSL_CONFIG_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
147 // version (one still needs to decrement | 147 // version (one still needs to decrement |
148 // version_max). | 148 // version_max). |
149 | 149 |
150 // If cert_io_enabled is false, then certificate verification will not | 150 // If cert_io_enabled is false, then certificate verification will not |
151 // result in additional HTTP requests. (For example: to fetch missing | 151 // result in additional HTTP requests. (For example: to fetch missing |
152 // intermediates or to perform OCSP/CRL fetches.) It also implies that online | 152 // intermediates or to perform OCSP/CRL fetches.) It also implies that online |
153 // revocation checking is disabled. | 153 // revocation checking is disabled. |
154 // NOTE: Only used by NSS. | 154 // NOTE: Only used by NSS. |
155 bool cert_io_enabled; | 155 bool cert_io_enabled; |
156 | 156 |
157 // The list of supported application level protocols supported in decreasing | 157 // The list of application level protocols supported with ALPN (Application |
158 // order of preference. For ALPN (Application Layer Protocol Negotation), | 158 // Layer Protocol Negotation), in decreasing order of preference. Protocols |
159 // protocols will be advertised in this order. For NPN (Next Protocol | 159 // will be advertised in this order during TLS handshake. |
160 // Negotiation), the last item on the list is selected if there is no overlap | 160 NextProtoVector alpn_protos; |
161 // between |next_protos| and the protocols supported by the server, otherwise | 161 |
162 // server preference is observed and the order of |next_protos| is irrelevant. | 162 // The list of application level protocols supported with NPN (Next Protocol |
163 NextProtoVector next_protos; | 163 // Negotiation). The last item on the list is selected if there is no overlap |
| 164 // between |npn_protos| and the protocols supported by the server, otherwise |
| 165 // server preference is observed and the order of |npn_protos| is irrelevant. |
| 166 // Note that due to NSS limitations, ports which use NSS will use |
| 167 // |alpn_protos| for both ALPN and NPN. However, if |npn_protos| is empty, NPN |
| 168 // will still be disabled. |
| 169 // TODO(bnc): Deprecate NPN, see https://crbug.com/526713. |
| 170 NextProtoVector npn_protos; |
164 | 171 |
165 // True if renegotiation should be allowed for the default application-level | 172 // True if renegotiation should be allowed for the default application-level |
166 // protocol when the peer negotiates neither ALPN nor NPN. | 173 // protocol when the peer negotiates neither ALPN nor NPN. |
167 bool renego_allowed_default; | 174 bool renego_allowed_default; |
168 | 175 |
169 // The list of application-level protocols to enable renegotiation for. | 176 // The list of application-level protocols to enable renegotiation for. |
170 NextProtoVector renego_allowed_for_protos; | 177 NextProtoVector renego_allowed_for_protos; |
171 | 178 |
172 scoped_refptr<X509Certificate> client_cert; | 179 scoped_refptr<X509Certificate> client_cert; |
173 }; | 180 }; |
174 | 181 |
175 } // namespace net | 182 } // namespace net |
176 | 183 |
177 #endif // NET_SSL_SSL_CONFIG_H_ | 184 #endif // NET_SSL_SSL_CONFIG_H_ |
OLD | NEW |