Chromium Code Reviews Chromium Code Reviews
Issue 208713004:
Move SSLConfig class from ssl_config_service.h to ssl_config.h (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_config_service.h" | 5 #include "net/ssl/ssl_config_service.h" |
| 6 | 6 |
| 7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/synchronization/lock.h" | 9 #include "base/synchronization/lock.h" |
| 10 #include "net/cert/crl_set.h" | 10 #include "net/cert/crl_set.h" |
|
wtc
2014/03/22 01:29:41
Nit: "base/memory/ref_counted.h" and "net/cert/crl
Sergey Ulanov
2014/03/22 01:49:00
Done.
| |
| 11 #include "net/ssl/ssl_config_service_defaults.h" | 11 #include "net/ssl/ssl_config_service_defaults.h" |
| 12 | 12 |
| 13 #if defined(USE_OPENSSL) | 13 #if defined(USE_OPENSSL) |
| 14 #include <openssl/ssl.h> | 14 #include <openssl/ssl.h> |
|
wtc
2014/03/22 01:29:41
We should be able to remove this header.
Sergey Ulanov
2014/03/22 01:49:00
Done.
| |
| 15 #endif | 15 #endif |
| 16 | 16 |
| 17 namespace net { | 17 namespace net { |
| 18 | 18 |
| 19 static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3; | |
| 20 | |
| 21 static uint16 g_default_version_max = | |
| 22 #if defined(USE_OPENSSL) | |
| 23 #if defined(SSL_OP_NO_TLSv1_2) | |
| 24 SSL_PROTOCOL_VERSION_TLS1_2; | |
| 25 #elif defined(SSL_OP_NO_TLSv1_1) | |
| 26 SSL_PROTOCOL_VERSION_TLS1_1; | |
| 27 #else | |
| 28 SSL_PROTOCOL_VERSION_TLS1; | |
| 29 #endif | |
| 30 #else | |
| 31 SSL_PROTOCOL_VERSION_TLS1_2; | |
| 32 #endif | |
| 33 | |
| 34 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} | |
| 35 | |
| 36 SSLConfig::CertAndStatus::~CertAndStatus() {} | |
| 37 | |
| 38 SSLConfig::SSLConfig() | |
| 39 : rev_checking_enabled(false), | |
| 40 rev_checking_required_local_anchors(false), | |
| 41 version_min(g_default_version_min), | |
| 42 version_max(g_default_version_max), | |
| 43 channel_id_enabled(true), | |
| 44 false_start_enabled(true), | |
| 45 signed_cert_timestamps_enabled(true), | |
| 46 require_forward_secrecy(false), | |
| 47 unrestricted_ssl3_fallback_enabled(false), | |
| 48 send_client_cert(false), | |
| 49 verify_ev_cert(false), | |
| 50 version_fallback(false), | |
| 51 cert_io_enabled(true) { | |
| 52 } | |
| 53 | |
| 54 SSLConfig::~SSLConfig() { | |
| 55 } | |
| 56 | |
| 57 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, | |
| 58 CertStatus* cert_status) const { | |
| 59 std::string der_cert; | |
| 60 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) | |
| 61 return false; | |
| 62 return IsAllowedBadCert(der_cert, cert_status); | |
| 63 } | |
| 64 | |
| 65 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, | |
| 66 CertStatus* cert_status) const { | |
| 67 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { | |
| 68 if (der_cert == allowed_bad_certs[i].der_cert) { | |
| 69 if (cert_status) | |
| 70 *cert_status = allowed_bad_certs[i].cert_status; | |
| 71 return true; | |
| 72 } | |
| 73 } | |
| 74 return false; | |
| 75 } | |
| 76 | |
| 77 SSLConfigService::SSLConfigService() | 19 SSLConfigService::SSLConfigService() |
| 78 : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { | 20 : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { |
| 79 } | 21 } |
| 80 | 22 |
| 81 // GlobalCRLSet holds a reference to the global CRLSet. It simply wraps a lock | 23 // GlobalCRLSet holds a reference to the global CRLSet. It simply wraps a lock |
| 82 // around a scoped_refptr so that getting a reference doesn't race with | 24 // around a scoped_refptr so that getting a reference doesn't race with |
| 83 // updating the CRLSet. | 25 // updating the CRLSet. |
| 84 class GlobalCRLSet { | 26 class GlobalCRLSet { |
| 85 public: | 27 public: |
| 86 void Set(const scoped_refptr<CRLSet>& new_crl_set) { | 28 void Set(const scoped_refptr<CRLSet>& new_crl_set) { |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 104 void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set) { | 46 void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set) { |
| 105 // Note: this can be called concurently with GetCRLSet(). | 47 // Note: this can be called concurently with GetCRLSet(). |
| 106 g_crl_set.Get().Set(crl_set); | 48 g_crl_set.Get().Set(crl_set); |
| 107 } | 49 } |
| 108 | 50 |
| 109 // static | 51 // static |
| 110 scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() { | 52 scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() { |
| 111 return g_crl_set.Get().Get(); | 53 return g_crl_set.Get().Get(); |
| 112 } | 54 } |
| 113 | 55 |
| 114 // static | |
| 115 uint16 SSLConfigService::default_version_min() { | |
| 116 return g_default_version_min; | |
| 117 } | |
| 118 | |
| 119 // static | |
| 120 uint16 SSLConfigService::default_version_max() { | |
| 121 return g_default_version_max; | |
| 122 } | |
| 123 | |
| 124 void SSLConfigService::AddObserver(Observer* observer) { | 56 void SSLConfigService::AddObserver(Observer* observer) { |
| 125 observer_list_.AddObserver(observer); | 57 observer_list_.AddObserver(observer); |
| 126 } | 58 } |
| 127 | 59 |
| 128 void SSLConfigService::RemoveObserver(Observer* observer) { | 60 void SSLConfigService::RemoveObserver(Observer* observer) { |
| 129 observer_list_.RemoveObserver(observer); | 61 observer_list_.RemoveObserver(observer); |
| 130 } | 62 } |
| 131 | 63 |
| 132 void SSLConfigService::NotifySSLConfigChange() { | 64 void SSLConfigService::NotifySSLConfigChange() { |
| 133 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); | 65 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); |
| (...skipping 27 matching lines...) Expand all Loading... | |
| 161 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { | 93 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { |
| 162 if (!service) | 94 if (!service) |
| 163 return false; | 95 return false; |
| 164 | 96 |
| 165 SSLConfig ssl_config; | 97 SSLConfig ssl_config; |
| 166 service->GetSSLConfig(&ssl_config); | 98 service->GetSSLConfig(&ssl_config); |
| 167 return ssl_config.version_max >= SSL_PROTOCOL_VERSION_TLS1; | 99 return ssl_config.version_max >= SSL_PROTOCOL_VERSION_TLS1; |
| 168 } | 100 } |
| 169 | 101 |
| 170 } // namespace net | 102 } // namespace net |
| OLD | NEW |
