| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_SERVER_CONFIG_H_ | 5 #ifndef NET_SSL_SSL_SERVER_CONFIG_H_ |
| 6 #define NET_SSL_SSL_SERVER_CONFIG_H_ | 6 #define NET_SSL_SSL_SERVER_CONFIG_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
| 13 #include "net/ssl/ssl_config.h" | 13 #include "net/ssl/ssl_config.h" |
| 14 | 14 |
| 15 namespace net { | 15 namespace net { |
| 16 | 16 |
| 17 class ClientCertVerifier; |
| 18 |
| 17 // A collection of server-side SSL-related configuration settings. | 19 // A collection of server-side SSL-related configuration settings. |
| 18 struct NET_EXPORT SSLServerConfig { | 20 struct NET_EXPORT SSLServerConfig { |
| 19 // Defaults | 21 // Defaults |
| 20 SSLServerConfig(); | 22 SSLServerConfig(); |
| 21 ~SSLServerConfig(); | 23 ~SSLServerConfig(); |
| 22 | 24 |
| 23 // The minimum and maximum protocol versions that are enabled. | 25 // The minimum and maximum protocol versions that are enabled. |
| 24 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h) | 26 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h) |
| 25 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it | 27 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it |
| 26 // means no protocol versions are enabled. | 28 // means no protocol versions are enabled. |
| (...skipping 22 matching lines...) Expand all Loading... |
| 49 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to | 51 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
| 50 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. | 52 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
| 51 std::vector<uint16_t> disabled_cipher_suites; | 53 std::vector<uint16_t> disabled_cipher_suites; |
| 52 | 54 |
| 53 // If true, causes only ECDHE cipher suites to be enabled. | 55 // If true, causes only ECDHE cipher suites to be enabled. |
| 54 bool require_ecdhe; | 56 bool require_ecdhe; |
| 55 | 57 |
| 56 // Requires a client certificate for client authentication from the client. | 58 // Requires a client certificate for client authentication from the client. |
| 57 // This doesn't currently enforce certificate validity. | 59 // This doesn't currently enforce certificate validity. |
| 58 bool require_client_cert; | 60 bool require_client_cert; |
| 61 |
| 62 // List of DER-encoded X.509 DistinguishedName of certificate authorities |
| 63 // to be included in the CertificateRequest handshake message, |
| 64 // if client certificates are required. |
| 65 std::vector<std::string> cert_authorities_; |
| 66 |
| 67 // Provides the CertificateVerifier that is to be used to verify |
| 68 // client certificates during the handshake. |
| 69 // The |client_cert_verifier| continues to be owned by the caller, |
| 70 // and must outlive any sockets using this SSLServerConfig. |
| 71 // This field is meaningful only if client certificates are required. |
| 72 // If a verifier is not provided then all certificates are accepted. |
| 73 ClientCertVerifier* client_cert_verifier; |
| 59 }; | 74 }; |
| 60 | 75 |
| 61 } // namespace net | 76 } // namespace net |
| 62 | 77 |
| 63 #endif // NET_SSL_SSL_SERVER_CONFIG_H_ | 78 #endif // NET_SSL_SSL_SERVER_CONFIG_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1474983003:
Support for client certs in ssl_server_socket. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master