Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(952)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_server_config.h

Issue 1474983003: Support for client certs in ssl_server_socket. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed nits Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/ssl_cert_request_info.h ('k') | net/ssl/ssl_server_config.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SSL_SSL_SERVER_CONFIG_H_ 5 #ifndef NET_SSL_SSL_SERVER_CONFIG_H_
6 #define NET_SSL_SSL_SERVER_CONFIG_H_ 6 #define NET_SSL_SSL_SERVER_CONFIG_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <vector> 10 #include <vector>
11 11
12 #include "net/base/net_export.h" 12 #include "net/base/net_export.h"
13 #include "net/ssl/ssl_config.h" 13 #include "net/ssl/ssl_config.h"
14 14
15 namespace net { 15 namespace net {
16 16
17 class ClientCertVerifier;
18
17 // A collection of server-side SSL-related configuration settings. 19 // A collection of server-side SSL-related configuration settings.
18 struct NET_EXPORT SSLServerConfig { 20 struct NET_EXPORT SSLServerConfig {
21 enum ClientCertType {
22 NO_CLIENT_CERT,
23 OPTIONAL_CLIENT_CERT,
24 REQUIRE_CLIENT_CERT,
25 };
26
19 // Defaults 27 // Defaults
20 SSLServerConfig(); 28 SSLServerConfig();
21 ~SSLServerConfig(); 29 ~SSLServerConfig();
22 30
23 // The minimum and maximum protocol versions that are enabled. 31 // The minimum and maximum protocol versions that are enabled.
24 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h) 32 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h)
25 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it 33 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it
26 // means no protocol versions are enabled. 34 // means no protocol versions are enabled.
27 uint16_t version_min; 35 uint16_t version_min;
28 uint16_t version_max; 36 uint16_t version_max;
(...skipping 17 matching lines...) Expand all
46 // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in 54 // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in
47 // big-endian form, they should be declared in host byte order, with the 55 // big-endian form, they should be declared in host byte order, with the
48 // first uint8_t occupying the most significant byte. 56 // first uint8_t occupying the most significant byte.
49 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to 57 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
50 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. 58 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
51 std::vector<uint16_t> disabled_cipher_suites; 59 std::vector<uint16_t> disabled_cipher_suites;
52 60
53 // If true, causes only ECDHE cipher suites to be enabled. 61 // If true, causes only ECDHE cipher suites to be enabled.
54 bool require_ecdhe; 62 bool require_ecdhe;
55 63
56 // Requires a client certificate for client authentication from the client. 64 // Sets the requirement for client certificates during handshake.
57 // This doesn't currently enforce certificate validity. 65 ClientCertType client_cert_type;
58 bool require_client_cert; 66
67 // List of DER-encoded X.509 DistinguishedName of certificate authorities
68 // to be included in the CertificateRequest handshake message,
69 // if client certificates are required.
70 std::vector<std::string> cert_authorities_;
71
72 // Provides the ClientCertVerifier that is to be used to verify
73 // client certificates during the handshake.
74 // The |client_cert_verifier| continues to be owned by the caller,
75 // and must outlive any sockets using this SSLServerConfig.
76 // This field is meaningful only if client certificates are requested.
77 // If a verifier is not provided then all certificates are accepted.
78 ClientCertVerifier* client_cert_verifier;
59 }; 79 };
60 80
61 } // namespace net 81 } // namespace net
62 82
63 #endif // NET_SSL_SSL_SERVER_CONFIG_H_ 83 #endif // NET_SSL_SSL_SERVER_CONFIG_H_
OLDNEW
« no previous file with comments | « net/ssl/ssl_cert_request_info.h ('k') | net/ssl/ssl_server_config.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698