Chromium Code Reviews Chromium Code Reviews
Issue 208713004:
Move SSLConfig class from ssl_config_service.h to ssl_config.h (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_H_ |
| 6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ | 6 #define NET_SSL_SSL_CONFIG_H_ |
| 7 | |
| 8 #include <vector> | |
| 9 | 7 |
| 10 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 11 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 12 #include "base/observer_list.h" | |
| 13 #include "base/strings/string_piece.h" | |
| 14 #include "net/base/net_export.h" | |
| 15 #include "net/cert/cert_status_flags.h" | |
| 16 #include "net/cert/crl_set.h" | |
| 17 #include "net/cert/x509_certificate.h" | 10 #include "net/cert/x509_certificate.h" |
| 18 | 11 |
| 19 namespace net { | 12 namespace net { |
| 20 | 13 |
| 21 // Various TLS/SSL ProtocolVersion values encoded as uint16 | 14 // Various TLS/SSL ProtocolVersion values encoded as uint16 |
| 22 // struct { | 15 // struct { |
| 23 // uint8 major; | 16 // uint8 major; |
| 24 // uint8 minor; | 17 // uint8 minor; |
| 25 // } ProtocolVersion; | 18 // } ProtocolVersion; |
| 26 // The most significant byte is |major|, and the least significant byte | 19 // The most significant byte is |major|, and the least significant byte |
| 27 // is |minor|. | 20 // is |minor|. |
| 28 enum { | 21 enum { |
| 29 SSL_PROTOCOL_VERSION_SSL3 = 0x0300, | 22 SSL_PROTOCOL_VERSION_SSL3 = 0x0300, |
| 30 SSL_PROTOCOL_VERSION_TLS1 = 0x0301, | 23 SSL_PROTOCOL_VERSION_TLS1 = 0x0301, |
| 31 SSL_PROTOCOL_VERSION_TLS1_1 = 0x0302, | 24 SSL_PROTOCOL_VERSION_TLS1_1 = 0x0302, |
| 32 SSL_PROTOCOL_VERSION_TLS1_2 = 0x0303, | 25 SSL_PROTOCOL_VERSION_TLS1_2 = 0x0303, |
| 33 }; | 26 }; |
| 34 | 27 |
| 28 static uint16 kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_SSL3; | |
| 29 | |
| 30 static uint16 kDefaultSSLVersionMax = | |
|
Ryan Sleevi
2014/03/21 19:24:05
I would rather keep the actual definitions for the
Sergey Ulanov
2014/03/21 19:56:53
Done.
| |
| 31 #if defined(USE_OPENSSL) | |
| 32 #if defined(SSL_OP_NO_TLSv1_2) | |
| 33 SSL_PROTOCOL_VERSION_TLS1_2; | |
| 34 #elif defined(SSL_OP_NO_TLSv1_1) | |
| 35 SSL_PROTOCOL_VERSION_TLS1_1; | |
| 36 #else | |
| 37 SSL_PROTOCOL_VERSION_TLS1; | |
| 38 #endif | |
| 39 #else | |
| 40 SSL_PROTOCOL_VERSION_TLS1_2; | |
| 41 #endif | |
| 42 | |
| 35 // A collection of SSL-related configuration settings. | 43 // A collection of SSL-related configuration settings. |
| 36 struct NET_EXPORT SSLConfig { | 44 struct NET_EXPORT SSLConfig { |
| 37 // Default to revocation checking. | 45 // Default to revocation checking. |
| 38 // Default to SSL 3.0 ~ default_version_max() on. | 46 // Default to SSL 3.0 ~ default_version_max() on. |
| 39 SSLConfig(); | 47 SSLConfig(); |
| 40 ~SSLConfig(); | 48 ~SSLConfig(); |
| 41 | 49 |
| 42 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. | 50 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. |
| 43 // The expected cert status is written to |cert_status|. |*cert_status| can | 51 // The expected cert status is written to |cert_status|. |*cert_status| can |
| 44 // be NULL if user doesn't care about the cert status. | 52 // be NULL if user doesn't care about the cert status. |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 151 // enable Next Protocol Negotiation (if supported). The order of the | 159 // enable Next Protocol Negotiation (if supported). The order of the |
| 152 // protocols doesn't matter expect for one case: if the server supports Next | 160 // protocols doesn't matter expect for one case: if the server supports Next |
| 153 // Protocol Negotiation, but there is no overlap between the server's and | 161 // Protocol Negotiation, but there is no overlap between the server's and |
| 154 // client's protocol sets, then the first protocol in this list will be | 162 // client's protocol sets, then the first protocol in this list will be |
| 155 // requested by the client. | 163 // requested by the client. |
| 156 std::vector<std::string> next_protos; | 164 std::vector<std::string> next_protos; |
| 157 | 165 |
| 158 scoped_refptr<X509Certificate> client_cert; | 166 scoped_refptr<X509Certificate> client_cert; |
| 159 }; | 167 }; |
| 160 | 168 |
| 161 // The interface for retrieving the SSL configuration. This interface | |
| 162 // does not cover setting the SSL configuration, as on some systems, the | |
| 163 // SSLConfigService objects may not have direct access to the configuration, or | |
| 164 // live longer than the configuration preferences. | |
| 165 class NET_EXPORT SSLConfigService | |
| 166 : public base::RefCountedThreadSafe<SSLConfigService> { | |
| 167 public: | |
| 168 // Observer is notified when SSL config settings have changed. | |
| 169 class NET_EXPORT Observer { | |
| 170 public: | |
| 171 // Notify observers if SSL settings have changed. We don't check all of the | |
| 172 // data in SSLConfig, just those that qualify as a user config change. | |
| 173 // The following settings are considered user changes: | |
| 174 // rev_checking_enabled | |
| 175 // version_min | |
| 176 // version_max | |
| 177 // disabled_cipher_suites | |
| 178 // channel_id_enabled | |
| 179 // false_start_enabled | |
| 180 // require_forward_secrecy | |
| 181 virtual void OnSSLConfigChanged() = 0; | |
| 182 | |
| 183 protected: | |
| 184 virtual ~Observer() {} | |
| 185 }; | |
| 186 | |
| 187 SSLConfigService(); | |
| 188 | |
| 189 // May not be thread-safe, should only be called on the IO thread. | |
| 190 virtual void GetSSLConfig(SSLConfig* config) = 0; | |
| 191 | |
| 192 // Sets and gets the current, global CRL set. | |
| 193 static void SetCRLSet(scoped_refptr<CRLSet> crl_set); | |
| 194 static scoped_refptr<CRLSet> GetCRLSet(); | |
| 195 | |
| 196 // Gets the default minimum protocol version. | |
| 197 static uint16 default_version_min(); | |
| 198 | |
| 199 // Gets the default maximum protocol version. | |
| 200 static uint16 default_version_max(); | |
| 201 | |
| 202 // Is SNI available in this configuration? | |
| 203 static bool IsSNIAvailable(SSLConfigService* service); | |
| 204 | |
| 205 // Add an observer of this service. | |
| 206 void AddObserver(Observer* observer); | |
| 207 | |
| 208 // Remove an observer of this service. | |
| 209 void RemoveObserver(Observer* observer); | |
| 210 | |
| 211 // Calls the OnSSLConfigChanged method of registered observers. Should only be | |
| 212 // called on the IO thread. | |
| 213 void NotifySSLConfigChange(); | |
| 214 | |
| 215 protected: | |
| 216 friend class base::RefCountedThreadSafe<SSLConfigService>; | |
| 217 | |
| 218 virtual ~SSLConfigService(); | |
| 219 | |
| 220 // Process before/after config update. | |
| 221 void ProcessConfigUpdate(const SSLConfig& orig_config, | |
| 222 const SSLConfig& new_config); | |
| 223 | |
| 224 private: | |
| 225 ObserverList<Observer> observer_list_; | |
| 226 }; | |
| 227 | |
| 228 } // namespace net | 169 } // namespace net |
| 229 | 170 |
| 230 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ | 171 #endif // NET_SSL_SSL_CONFIG_H_ |
| OLD | NEW |
