net/ssl/ssl_config.cc - Issue 2239963002: Add enterprise policy to allow locally issued SHA-1 certificates.

Side by Side Diff: net/ssl/ssl_config.cc

Issue 2239963002: Add enterprise policy to allow locally issued SHA-1 certificates. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/ssl_config.h"	5 #include "net/ssl/ssl_config.h"

6	6

7 #include "net/cert/cert_verifier.h"	7 #include "net/cert/cert_verifier.h"

8	8

9 namespace net {	9 namespace net {

10	10

11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1;	11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1;

12	12

13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2;	13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2;

14	14

15 const uint16_t kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1_2;	15 const uint16_t kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1_2;

16	16

17 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}	17 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}

18	18

19 SSLConfig::CertAndStatus::~CertAndStatus() {}	19 SSLConfig::CertAndStatus::~CertAndStatus() {}

20	20

21 SSLConfig::SSLConfig()	21 SSLConfig::SSLConfig()

22 : rev_checking_enabled(false),	22 : rev_checking_enabled(false),

23 rev_checking_required_local_anchors(false),	23 rev_checking_required_local_anchors(false),

	24 sha1_local_anchors_enabled(false),

24 version_min(kDefaultSSLVersionMin),	25 version_min(kDefaultSSLVersionMin),

25 version_max(kDefaultSSLVersionMax),	26 version_max(kDefaultSSLVersionMax),

26 version_fallback_min(kDefaultSSLVersionFallbackMin),	27 version_fallback_min(kDefaultSSLVersionFallbackMin),

27 deprecated_cipher_suites_enabled(false),	28 deprecated_cipher_suites_enabled(false),

28 dhe_enabled(false),	29 dhe_enabled(false),

29 channel_id_enabled(true),	30 channel_id_enabled(true),

30 false_start_enabled(true),	31 false_start_enabled(true),

31 signed_cert_timestamps_enabled(true),	32 signed_cert_timestamps_enabled(true),

32 require_ecdhe(false),	33 require_ecdhe(false),

33 send_client_cert(false),	34 send_client_cert(false),

(...skipping 29 matching lines...) Expand all Loading...
63 int SSLConfig::GetCertVerifyFlags() const {	64 int SSLConfig::GetCertVerifyFlags() const {

64 int flags = 0;	65 int flags = 0;

65 if (rev_checking_enabled)	66 if (rev_checking_enabled)

66 flags \|= CertVerifier::VERIFY_REV_CHECKING_ENABLED;	67 flags \|= CertVerifier::VERIFY_REV_CHECKING_ENABLED;

67 if (verify_ev_cert)	68 if (verify_ev_cert)

68 flags \|= CertVerifier::VERIFY_EV_CERT;	69 flags \|= CertVerifier::VERIFY_EV_CERT;

69 if (cert_io_enabled)	70 if (cert_io_enabled)

70 flags \|= CertVerifier::VERIFY_CERT_IO_ENABLED;	71 flags \|= CertVerifier::VERIFY_CERT_IO_ENABLED;

71 if (rev_checking_required_local_anchors)	72 if (rev_checking_required_local_anchors)

72 flags \|= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS;	73 flags \|= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS;

	74 if (sha1_local_anchors_enabled)

	75 flags \|= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS;

73 return flags;	76 return flags;

74 }	77 }

75	78

76 } // namespace net	79 } // namespace net

OLD	NEW

« no previous file with comments | « net/ssl/ssl_config.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »