Move SSLConfig class from ssl_config_service.h to ssl_config.h

net/ssl/ssl_config.h

Index: net/ssl/ssl_config.h
diff --git a/net/ssl/ssl_config_service.h b/net/ssl/ssl_config.h
similarity index 71%
copy from net/ssl/ssl_config_service.h
copy to net/ssl/ssl_config.h
index 08a59fd274f21725f56b5e1836cac3a7c656048a..5bebd3d1116e02e16337fcb6fc777f08c02a6103 100644
--- a/net/ssl/ssl_config_service.h
+++ b/net/ssl/ssl_config.h
@@ -1,19 +1,12 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef NET_SSL_SSL_CONFIG_SERVICE_H_
-#define NET_SSL_SSL_CONFIG_SERVICE_H_
-
-#include <vector>
+#ifndef NET_SSL_SSL_CONFIG_H_
+#define NET_SSL_SSL_CONFIG_H_
 
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
-#include "base/observer_list.h"
-#include "base/strings/string_piece.h"
-#include "net/base/net_export.h"
-#include "net/cert/cert_status_flags.h"
-#include "net/cert/crl_set.h"
 #include "net/cert/x509_certificate.h"
 
 namespace net {
@@ -32,6 +25,21 @@ enum {
   SSL_PROTOCOL_VERSION_TLS1_2 = 0x0303,
 };
 
+static uint16 kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_SSL3;
+
+static uint16 kDefaultSSLVersionMax =

[Ryan Sleevi, 2014/03/21 19:24:05]

I would rather keep the actual definitions for these in the .cc file, in the
same way we do command-line flags and the like.

That also avoids header propagation issues (eg: IWYU says we should be including
an OpenSSL public header here to ensure SSL_OP_NO_TLS* is defined, but we don't;
we're relying on x509_certificate.h, which is bad)

[Sergey Ulanov, 2014/03/21 19:56:53]

Done.

+#if defined(USE_OPENSSL)
+#if defined(SSL_OP_NO_TLSv1_2)
+    SSL_PROTOCOL_VERSION_TLS1_2;
+#elif defined(SSL_OP_NO_TLSv1_1)
+    SSL_PROTOCOL_VERSION_TLS1_1;
+#else
+    SSL_PROTOCOL_VERSION_TLS1;
+#endif
+#else
+    SSL_PROTOCOL_VERSION_TLS1_2;
+#endif
+
 // A collection of SSL-related configuration settings.
 struct NET_EXPORT SSLConfig {
   // Default to revocation checking.
@@ -158,73 +166,6 @@ struct NET_EXPORT SSLConfig {
   scoped_refptr<X509Certificate> client_cert;
 };
 
-// The interface for retrieving the SSL configuration.  This interface
-// does not cover setting the SSL configuration, as on some systems, the
-// SSLConfigService objects may not have direct access to the configuration, or
-// live longer than the configuration preferences.
-class NET_EXPORT SSLConfigService
-    : public base::RefCountedThreadSafe<SSLConfigService> {
- public:
-  // Observer is notified when SSL config settings have changed.
-  class NET_EXPORT Observer {
-   public:
-    // Notify observers if SSL settings have changed.  We don't check all of the
-    // data in SSLConfig, just those that qualify as a user config change.
-    // The following settings are considered user changes:
-    //     rev_checking_enabled
-    //     version_min
-    //     version_max
-    //     disabled_cipher_suites
-    //     channel_id_enabled
-    //     false_start_enabled
-    //     require_forward_secrecy
-    virtual void OnSSLConfigChanged() = 0;
-
-   protected:
-    virtual ~Observer() {}
-  };
-
-  SSLConfigService();
-
-  // May not be thread-safe, should only be called on the IO thread.
-  virtual void GetSSLConfig(SSLConfig* config) = 0;
-
-  // Sets and gets the current, global CRL set.
-  static void SetCRLSet(scoped_refptr<CRLSet> crl_set);
-  static scoped_refptr<CRLSet> GetCRLSet();
-
-  // Gets the default minimum protocol version.
-  static uint16 default_version_min();
-
-  // Gets the default maximum protocol version.
-  static uint16 default_version_max();
-
-  // Is SNI available in this configuration?
-  static bool IsSNIAvailable(SSLConfigService* service);
-
-  // Add an observer of this service.
-  void AddObserver(Observer* observer);
-
-  // Remove an observer of this service.
-  void RemoveObserver(Observer* observer);
-
-  // Calls the OnSSLConfigChanged method of registered observers. Should only be
-  // called on the IO thread.
-  void NotifySSLConfigChange();
-
- protected:
-  friend class base::RefCountedThreadSafe<SSLConfigService>;
-
-  virtual ~SSLConfigService();
-
-  // Process before/after config update.
-  void ProcessConfigUpdate(const SSLConfig& orig_config,
-                           const SSLConfig& new_config);
-
- private:
-  ObserverList<Observer> observer_list_;
-};
-
 }  // namespace net
 
-#endif  // NET_SSL_SSL_CONFIG_SERVICE_H_
+#endif  // NET_SSL_SSL_CONFIG_H_