net/ssl/ssl_info.cc - Issue 2272603003: Route key_exchange_group over to DevTools.

Side by Side Diff: net/ssl/ssl_info.cc

Issue 2272603003: Route key_exchange_group over to DevTools. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fix test maybe Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/ssl_info.h"	5 #include "net/ssl/ssl_info.h"

6	6

	7 #include <openssl/ssl.h>

	8

7 #include "base/pickle.h"	9 #include "base/pickle.h"

8 #include "net/cert/cert_status_flags.h"	10 #include "net/cert/cert_status_flags.h"

9 #include "net/cert/ct_policy_status.h"	11 #include "net/cert/ct_policy_status.h"

10 #include "net/cert/signed_certificate_timestamp.h"	12 #include "net/cert/signed_certificate_timestamp.h"

11 #include "net/cert/x509_certificate.h"	13 #include "net/cert/x509_certificate.h"

	14 #include "net/ssl/ssl_connection_status_flags.h"

12	15

13 namespace net {	16 namespace net {

14	17

15 SSLInfo::SSLInfo() {	18 SSLInfo::SSLInfo() {

16 Reset();	19 Reset();

17 }	20 }

18	21

19 SSLInfo::SSLInfo(const SSLInfo& info) {	22 SSLInfo::SSLInfo(const SSLInfo& info) {

20 *this = info;	23 *this = info;

21 }	24 }

(...skipping 42 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
64 public_key_hashes.clear();	67 public_key_hashes.clear();

65 pinning_failure_log.clear();	68 pinning_failure_log.clear();

66 signed_certificate_timestamps.clear();	69 signed_certificate_timestamps.clear();

67 ct_compliance_details_available = false;	70 ct_compliance_details_available = false;

68 ct_ev_policy_compliance = ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY;	71 ct_ev_policy_compliance = ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY;

69 ct_cert_policy_compliance =	72 ct_cert_policy_compliance =

70 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;	73 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;

71 ocsp_result = OCSPVerifyResult();	74 ocsp_result = OCSPVerifyResult();

72 }	75 }

73	76

	77 uint16_t SSLInfo::GetKeyExchangeGroup() const {

	78 // key_exchange_info is sometimes the (EC)DH group ID and sometimes a
	lgarron 2016/08/30 22:13:51 That makes is sound like you can end up with a gri That makes is sound like you can end up with a grinning cat emoji. :-P How about "key_exchange_info either the (EC)DH group ID or a synthesized name for the key exchange, depending on the version of TLS."? davidben 2016/08/30 22:24:26 Cat emoji is... basically right. For DHE ciphers, Show quoted text On 2016/08/30 22:13:51, lgarron wrote: > That makes is sound like you can end up with a grinning cat emoji. :-P > How about "key_exchange_info either the (EC)DH group ID or a synthesized name > for the key exchange, depending on the version of TLS."? Cat emoji is... basically right. For DHE ciphers, it's the number of bits in the group. For FFDHE in TLS 1.3 which we won't implement, it's back to being the group ID. For static RSA it was, at one point, the number of bits in the RSA key and then I took that out because it was useless. key_exchange_info was just a mistake. :-)
	79 // completely different value.

	80 //

	81 // TODO(davidben): Once the DHE removal has stuck, remove key_exchange_info

	82 // from this struct, doing all necessary conversions when parsing out of

	83 // legacy cache entries. At that point, this accessor may be replaced with the

	84 // struct field. See https://crbug.com/639421.

	85 //

	86 // TODO(davidben): When TLS 1.3 draft 15's new negotiation is implemented,

	87 // also report key_exchange_info for the new AEAD/PRF ciphers.

	88 uint16_t cipher_value = SSLConnectionStatusToCipherSuite(connection_status);

	89 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(cipher_value);

	90 if (cipher && SSL_CIPHER_is_ECDHE(cipher))

	91 return static_cast<uint16_t>(key_exchange_info);

	92 return 0;

	93 }

	94

74 void SSLInfo::SetCertError(int error) {	95 void SSLInfo::SetCertError(int error) {

75 cert_status \|= MapNetErrorToCertStatus(error);	96 cert_status \|= MapNetErrorToCertStatus(error);

76 }	97 }

77	98

78 void SSLInfo::UpdateCertificateTransparencyInfo(	99 void SSLInfo::UpdateCertificateTransparencyInfo(

79 const ct::CTVerifyResult& ct_verify_result) {	100 const ct::CTVerifyResult& ct_verify_result) {

80 signed_certificate_timestamps.insert(signed_certificate_timestamps.end(),	101 signed_certificate_timestamps.insert(signed_certificate_timestamps.end(),

81 ct_verify_result.scts.begin(),	102 ct_verify_result.scts.begin(),

82 ct_verify_result.scts.end());	103 ct_verify_result.scts.end());

83	104

84 ct_compliance_details_available = ct_verify_result.ct_policies_applied;	105 ct_compliance_details_available = ct_verify_result.ct_policies_applied;

85 ct_cert_policy_compliance = ct_verify_result.cert_policy_compliance;	106 ct_cert_policy_compliance = ct_verify_result.cert_policy_compliance;

86 ct_ev_policy_compliance = ct_verify_result.ev_policy_compliance;	107 ct_ev_policy_compliance = ct_verify_result.ev_policy_compliance;

87 }	108 }

88	109

89 } // namespace net	110 } // namespace net

OLD	NEW

« content/common/ssl_status_serialization.cc ('K') | « net/ssl/ssl_info.h ('k') | third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp » ('j') | no next file with comments »