Chromium Code Reviews Chromium Code Reviews
Issue 1474983003:
Support for client certs in ssl_server_socket. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/ssl/ssl_server_config.h |
| diff --git a/net/ssl/ssl_server_config.h b/net/ssl/ssl_server_config.h |
| index 6e712fb88c2719e12f0cb5eef8a9b9f0cc1058a2..004c3e5920515605563cef9ed97c75fd1471bc4c 100644 |
| --- a/net/ssl/ssl_server_config.h |
| +++ b/net/ssl/ssl_server_config.h |
| @@ -14,6 +14,8 @@ |
| namespace net { |
| +class ClientCertVerifier; |
| + |
| // A collection of server-side SSL-related configuration settings. |
| struct NET_EXPORT SSLServerConfig { |
| // Defaults |
| @@ -56,6 +58,19 @@ struct NET_EXPORT SSLServerConfig { |
| // Requires a client certificate for client authentication from the client. |
| // This doesn't currently enforce certificate validity. |
| bool require_client_cert; |
| + |
| + // A list of certificates whose names are to be included in the |
| + // CertificateRequest handshake message, if client certificates are |
| + // required. |
| + CertificateList client_cert_ca_list; |
|
Ryan Sleevi
2015/12/17 03:47:36
DESIGN: Why does this take certificates, rather th
ryanchung
2015/12/18 00:00:56
A STACK_OF(X509_NAME) needs to be set into ssl_ us
Ryan Sleevi
2015/12/18 00:07:09
The client cert code stores it in the DER-encoded
ryanchung
2016/01/14 00:16:40
Done. To populate this list in the unittests, Open
|
| + |
| + // Provides the CertificateVerifier that is to be used to verify |
| + // client certificates during the handshake. |
| + // The |client_cert_verifier| continues to be owned by the caller, |
| + // and must outlive any sockets using this SSLServerConfig. |
| + // This field is meaningful only if client certificates are required. |
| + // If a verifier is not provided then all certificates are accepted. |
| + ClientCertVerifier* client_cert_verifier; |
| }; |
| } // namespace net |
