| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_config.h" | 5 #include "net/ssl/ssl_config.h" |
| 6 | 6 |
| 7 #include "net/cert/cert_verifier.h" | 7 #include "net/cert/cert_verifier.h" |
| 8 | 8 |
| 9 namespace net { | 9 namespace net { |
| 10 | 10 |
| 11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1; | 11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1; |
| 12 | 12 |
| 13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2; | 13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2; |
| 14 | 14 |
| 15 const uint16_t kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1_2; | 15 const uint16_t kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1_2; |
| 16 | 16 |
| 17 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} | 17 SSLConfig::CertAndStatus::CertAndStatus() = default; |
| 18 | 18 SSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg, |
| 19 SSLConfig::CertAndStatus::~CertAndStatus() {} | 19 CertStatus status) |
| 20 : cert(std::move(cert_arg)), cert_status(status) {} |
| 21 SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) |
| 22 : cert(other.cert), cert_status(other.cert_status) {} |
| 23 SSLConfig::CertAndStatus::~CertAndStatus() = default; |
| 20 | 24 |
| 21 SSLConfig::SSLConfig() | 25 SSLConfig::SSLConfig() |
| 22 : rev_checking_enabled(false), | 26 : rev_checking_enabled(false), |
| 23 rev_checking_required_local_anchors(false), | 27 rev_checking_required_local_anchors(false), |
| 24 sha1_local_anchors_enabled(false), | 28 sha1_local_anchors_enabled(false), |
| 25 version_min(kDefaultSSLVersionMin), | 29 version_min(kDefaultSSLVersionMin), |
| 26 version_max(kDefaultSSLVersionMax), | 30 version_max(kDefaultSSLVersionMax), |
| 27 version_fallback_min(kDefaultSSLVersionFallbackMin), | 31 version_fallback_min(kDefaultSSLVersionFallbackMin), |
| 28 deprecated_cipher_suites_enabled(false), | 32 deprecated_cipher_suites_enabled(false), |
| 29 dhe_enabled(false), | 33 dhe_enabled(false), |
| 30 channel_id_enabled(true), | 34 channel_id_enabled(true), |
| 31 false_start_enabled(true), | 35 false_start_enabled(true), |
| 32 signed_cert_timestamps_enabled(true), | 36 signed_cert_timestamps_enabled(true), |
| 33 require_ecdhe(false), | 37 require_ecdhe(false), |
| 34 send_client_cert(false), | 38 send_client_cert(false), |
| 35 verify_ev_cert(false), | 39 verify_ev_cert(false), |
| 36 version_fallback(false), | 40 version_fallback(false), |
| 37 cert_io_enabled(true), | 41 cert_io_enabled(true), |
| 38 renego_allowed_default(false) {} | 42 renego_allowed_default(false) {} |
| 39 | 43 |
| 40 SSLConfig::SSLConfig(const SSLConfig& other) = default; | 44 SSLConfig::SSLConfig(const SSLConfig& other) = default; |
| 41 | 45 |
| 42 SSLConfig::~SSLConfig() {} | 46 SSLConfig::~SSLConfig() {} |
| 43 | 47 |
| 44 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, | 48 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, |
| 45 CertStatus* cert_status) const { | 49 CertStatus* cert_status) const { |
| 46 std::string der_cert; | 50 for (const auto& allowed_bad_cert : allowed_bad_certs) { |
| 47 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) | 51 if (cert->Equals(allowed_bad_cert.cert.get())) { |
| 48 return false; | |
| 49 return IsAllowedBadCert(der_cert, cert_status); | |
| 50 } | |
| 51 | |
| 52 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, | |
| 53 CertStatus* cert_status) const { | |
| 54 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { | |
| 55 if (der_cert == allowed_bad_certs[i].der_cert) { | |
| 56 if (cert_status) | 52 if (cert_status) |
| 57 *cert_status = allowed_bad_certs[i].cert_status; | 53 *cert_status = allowed_bad_cert.cert_status; |
| 58 return true; | 54 return true; |
| 59 } | 55 } |
| 60 } | 56 } |
| 61 return false; | 57 return false; |
| 62 } | 58 } |
| 63 | 59 |
| 64 int SSLConfig::GetCertVerifyFlags() const { | 60 int SSLConfig::GetCertVerifyFlags() const { |
| 65 int flags = 0; | 61 int flags = 0; |
| 66 if (rev_checking_enabled) | 62 if (rev_checking_enabled) |
| 67 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 63 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
| 68 if (verify_ev_cert) | 64 if (verify_ev_cert) |
| 69 flags |= CertVerifier::VERIFY_EV_CERT; | 65 flags |= CertVerifier::VERIFY_EV_CERT; |
| 70 if (cert_io_enabled) | 66 if (cert_io_enabled) |
| 71 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 67 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
| 72 if (rev_checking_required_local_anchors) | 68 if (rev_checking_required_local_anchors) |
| 73 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; | 69 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; |
| 74 if (sha1_local_anchors_enabled) | 70 if (sha1_local_anchors_enabled) |
| 75 flags |= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS; | 71 flags |= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS; |
| 76 return flags; | 72 return flags; |
| 77 } | 73 } |
| 78 | 74 |
| 79 } // namespace net | 75 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2300533002:
Stop caching DER-encoded certificates unnecessarily (Closed)
