| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_CONFIG_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_H_ |
| 6 #define NET_SSL_SSL_CONFIG_H_ | 6 #define NET_SSL_SSL_CONFIG_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 // Default to revocation checking. | 49 // Default to revocation checking. |
| 50 SSLConfig(); | 50 SSLConfig(); |
| 51 SSLConfig(const SSLConfig& other); | 51 SSLConfig(const SSLConfig& other); |
| 52 ~SSLConfig(); | 52 ~SSLConfig(); |
| 53 | 53 |
| 54 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. | 54 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. |
| 55 // The expected cert status is written to |cert_status|. |*cert_status| can | 55 // The expected cert status is written to |cert_status|. |*cert_status| can |
| 56 // be NULL if user doesn't care about the cert status. | 56 // be NULL if user doesn't care about the cert status. |
| 57 bool IsAllowedBadCert(X509Certificate* cert, CertStatus* cert_status) const; | 57 bool IsAllowedBadCert(X509Certificate* cert, CertStatus* cert_status) const; |
| 58 | 58 |
| 59 // Same as above except works with DER encoded certificates instead | |
| 60 // of X509Certificate. | |
| 61 bool IsAllowedBadCert(const base::StringPiece& der_cert, | |
| 62 CertStatus* cert_status) const; | |
| 63 | |
| 64 // Returns the set of flags to use for certificate verification, which is a | 59 // Returns the set of flags to use for certificate verification, which is a |
| 65 // bitwise OR of CertVerifier::VerifyFlags that represent this SSLConfig's | 60 // bitwise OR of CertVerifier::VerifyFlags that represent this SSLConfig's |
| 66 // configuration. | 61 // configuration. |
| 67 int GetCertVerifyFlags() const; | 62 int GetCertVerifyFlags() const; |
| 68 | 63 |
| 69 // rev_checking_enabled is true if online certificate revocation checking is | 64 // rev_checking_enabled is true if online certificate revocation checking is |
| 70 // enabled (i.e. OCSP and CRL fetching). | 65 // enabled (i.e. OCSP and CRL fetching). |
| 71 // | 66 // |
| 72 // Regardless of this flag, CRLSet checking is always enabled and locally | 67 // Regardless of this flag, CRLSet checking is always enabled and locally |
| 73 // cached revocation information will be considered. | 68 // cached revocation information will be considered. |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 134 bool signed_cert_timestamps_enabled; | 129 bool signed_cert_timestamps_enabled; |
| 135 | 130 |
| 136 // If true, causes only ECDHE cipher suites to be enabled. | 131 // If true, causes only ECDHE cipher suites to be enabled. |
| 137 bool require_ecdhe; | 132 bool require_ecdhe; |
| 138 | 133 |
| 139 // TODO(wtc): move the following members to a new SSLParams structure. They | 134 // TODO(wtc): move the following members to a new SSLParams structure. They |
| 140 // are not SSL configuration settings. | 135 // are not SSL configuration settings. |
| 141 | 136 |
| 142 struct NET_EXPORT CertAndStatus { | 137 struct NET_EXPORT CertAndStatus { |
| 143 CertAndStatus(); | 138 CertAndStatus(); |
| 139 CertAndStatus(scoped_refptr<X509Certificate> cert, CertStatus status); |
| 140 CertAndStatus(const CertAndStatus&); |
| 144 ~CertAndStatus(); | 141 ~CertAndStatus(); |
| 145 | 142 |
| 146 std::string der_cert; | 143 scoped_refptr<X509Certificate> cert; |
| 147 CertStatus cert_status; | 144 CertStatus cert_status = 0; |
| 148 }; | 145 }; |
| 149 | 146 |
| 150 // Add any known-bad SSL certificate (with its cert status) to | 147 // Add any known-bad SSL certificate (with its cert status) to |
| 151 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when | 148 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when |
| 152 // calling SSLClientSocket::Connect. This would normally be done in | 149 // calling SSLClientSocket::Connect. This would normally be done in |
| 153 // response to the user explicitly accepting the bad certificate. | 150 // response to the user explicitly accepting the bad certificate. |
| 154 std::vector<CertAndStatus> allowed_bad_certs; | 151 std::vector<CertAndStatus> allowed_bad_certs; |
| 155 | 152 |
| 156 // True if we should send client_cert to the server. | 153 // True if we should send client_cert to the server. |
| 157 bool send_client_cert; | 154 bool send_client_cert; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 191 // The list of application-level protocols to enable renegotiation for. | 188 // The list of application-level protocols to enable renegotiation for. |
| 192 NextProtoVector renego_allowed_for_protos; | 189 NextProtoVector renego_allowed_for_protos; |
| 193 | 190 |
| 194 scoped_refptr<X509Certificate> client_cert; | 191 scoped_refptr<X509Certificate> client_cert; |
| 195 scoped_refptr<SSLPrivateKey> client_private_key; | 192 scoped_refptr<SSLPrivateKey> client_private_key; |
| 196 }; | 193 }; |
| 197 | 194 |
| 198 } // namespace net | 195 } // namespace net |
| 199 | 196 |
| 200 #endif // NET_SSL_SSL_CONFIG_H_ | 197 #endif // NET_SSL_SSL_CONFIG_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2300533002:
Stop caching DER-encoded certificates unnecessarily (Closed)
