Chromium Code Reviews Chromium Code Reviews
Issue 208713004:
Move SSLConfig class from ssl_config_service.h to ssl_config.h (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/ssl/ssl_config.cc |
| diff --git a/net/ssl/ssl_config.cc b/net/ssl/ssl_config.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..7bcb42c1992fb29f442b0f423d0525913c22255b |
| --- /dev/null |
| +++ b/net/ssl/ssl_config.cc |
| @@ -0,0 +1,66 @@ |
| +// Copyright 2014 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "net/ssl/ssl_config.h" |
| + |
|
Ryan Sleevi
2014/03/21 20:03:02
IWYU?
#if defined(USE_OPENSSL)
#include <openssl/
Sergey Ulanov
2014/03/21 20:06:22
Done.
|
| +namespace net { |
| + |
| +const uint16 kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_SSL3; |
| + |
| +const uint16 kDefaultSSLVersionMax = |
| +#if defined(USE_OPENSSL) |
| +#if defined(SSL_OP_NO_TLSv1_2) |
| + SSL_PROTOCOL_VERSION_TLS1_2; |
| +#elif defined(SSL_OP_NO_TLSv1_1) |
| + SSL_PROTOCOL_VERSION_TLS1_1; |
| +#else |
| + SSL_PROTOCOL_VERSION_TLS1; |
| +#endif |
| +#else |
| + SSL_PROTOCOL_VERSION_TLS1_2; |
| +#endif |
| + |
| +SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} |
| + |
| +SSLConfig::CertAndStatus::~CertAndStatus() {} |
| + |
| +SSLConfig::SSLConfig() |
| + : rev_checking_enabled(false), |
| + rev_checking_required_local_anchors(false), |
| + version_min(kDefaultSSLVersionMin), |
| + version_max(kDefaultSSLVersionMax), |
| + channel_id_enabled(true), |
| + false_start_enabled(true), |
| + signed_cert_timestamps_enabled(true), |
| + require_forward_secrecy(false), |
| + unrestricted_ssl3_fallback_enabled(false), |
| + send_client_cert(false), |
| + verify_ev_cert(false), |
| + version_fallback(false), |
| + cert_io_enabled(true) { |
| +} |
| + |
| +SSLConfig::~SSLConfig() {} |
| + |
| +bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, |
| + CertStatus* cert_status) const { |
| + std::string der_cert; |
| + if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) |
| + return false; |
| + return IsAllowedBadCert(der_cert, cert_status); |
| +} |
| + |
| +bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, |
| + CertStatus* cert_status) const { |
| + for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { |
| + if (der_cert == allowed_bad_certs[i].der_cert) { |
| + if (cert_status) |
| + *cert_status = allowed_bad_certs[i].cert_status; |
| + return true; |
| + } |
| + } |
| + return false; |
| +} |
| + |
| +} // namespace net |
