net/ssl/ssl_server_config.h - Issue 1474983003: Support for client certs in ssl_server_socket.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/ssl/ssl_server_config.h

Issue 1474983003: Support for client certs in ssl_server_socket. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Updated browsertest files Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/ssl/ssl_server_config.h

diff --git a/net/ssl/ssl_server_config.h b/net/ssl/ssl_server_config.h

index 36d1286b22552ea7da16561f099740bac091cfc1..085a74682da930b9f197e3cb3e4120034405686a 100644

--- a/net/ssl/ssl_server_config.h

+++ b/net/ssl/ssl_server_config.h

@@ -14,8 +14,16 @@

namespace net {

+class ClientCertVerifier;

// A collection of server-side SSL-related configuration settings.

struct NET_EXPORT SSLServerConfig {

+ enum ClientCertType {

+ NO_CLIENT_CERT,

+ OPTIONAL_CLIENT_CERT,

+ REQUIRE_CLIENT_CERT,

+ };

// Defaults

SSLServerConfig();

~SSLServerConfig();

@@ -53,9 +61,21 @@ struct NET_EXPORT SSLServerConfig {

// If true, causes only ECDHE cipher suites to be enabled.

bool require_ecdhe;

- // Requires a client certificate for client authentication from the client.

- // This doesn't currently enforce certificate validity.

- bool require_client_cert;

+ // Set the requirement for client certificates during handshake

davidben 2016/02/17 22:46:03 Nit: period at end, "Set" -> "Sets"

ryanchung 2016/02/18 01:07:26 Done.

+ ClientCertType client_cert_type;

+ // List of DER-encoded X.509 DistinguishedName of certificate authorities

+ // to be included in the CertificateRequest handshake message,

+ // if client certificates are required.

+ std::vector<std::string> cert_authorities_;

+ // Provides the CertificateVerifier that is to be used to verify

davidben 2016/02/17 22:46:03 Nit: CertificateVerifier -> ClientCertVerifier

ryanchung 2016/02/18 01:07:26 Done.

+ // client certificates during the handshake.

+ // The |client_cert_verifier| continues to be owned by the caller,

+ // and must outlive any sockets using this SSLServerConfig.

+ // This field is meaningful only if client certificates are required.

davidben 2016/02/17 22:46:03 Nit: are required -> are requested? Or maybe "if c

ryanchung 2016/02/18 01:07:26 Done.

+ // If a verifier is not provided then all certificates are accepted.

+ ClientCertVerifier* client_cert_verifier;

};

} // namespace net

« net/ssl/openssl_ssl_util.cc ('K') | « net/ssl/ssl_cert_request_info.h ('k') | net/ssl/ssl_server_config.cc » ('j') | net/url_request/url_request_unittest.cc » ('J')