| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_info.h" | 5 #include "net/ssl/ssl_info.h" |
| 6 | 6 |
| 7 #include <openssl/ssl.h> | 7 #include <openssl/ssl.h> |
| 8 | 8 |
| 9 #include "base/pickle.h" | 9 #include "base/pickle.h" |
| 10 #include "net/cert/cert_status_flags.h" | 10 #include "net/cert/cert_status_flags.h" |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 } | 24 } |
| 25 | 25 |
| 26 SSLInfo::~SSLInfo() { | 26 SSLInfo::~SSLInfo() { |
| 27 } | 27 } |
| 28 | 28 |
| 29 SSLInfo& SSLInfo::operator=(const SSLInfo& info) { | 29 SSLInfo& SSLInfo::operator=(const SSLInfo& info) { |
| 30 cert = info.cert; | 30 cert = info.cert; |
| 31 unverified_cert = info.unverified_cert; | 31 unverified_cert = info.unverified_cert; |
| 32 cert_status = info.cert_status; | 32 cert_status = info.cert_status; |
| 33 security_bits = info.security_bits; | 33 security_bits = info.security_bits; |
| 34 key_exchange_info = info.key_exchange_info; | 34 key_exchange_group = info.key_exchange_group; |
| 35 connection_status = info.connection_status; | 35 connection_status = info.connection_status; |
| 36 is_issued_by_known_root = info.is_issued_by_known_root; | 36 is_issued_by_known_root = info.is_issued_by_known_root; |
| 37 pkp_bypassed = info.pkp_bypassed; | 37 pkp_bypassed = info.pkp_bypassed; |
| 38 client_cert_sent = info.client_cert_sent; | 38 client_cert_sent = info.client_cert_sent; |
| 39 channel_id_sent = info.channel_id_sent; | 39 channel_id_sent = info.channel_id_sent; |
| 40 token_binding_negotiated = info.token_binding_negotiated; | 40 token_binding_negotiated = info.token_binding_negotiated; |
| 41 token_binding_key_param = info.token_binding_key_param; | 41 token_binding_key_param = info.token_binding_key_param; |
| 42 handshake_type = info.handshake_type; | 42 handshake_type = info.handshake_type; |
| 43 public_key_hashes = info.public_key_hashes; | 43 public_key_hashes = info.public_key_hashes; |
| 44 pinning_failure_log = info.pinning_failure_log; | 44 pinning_failure_log = info.pinning_failure_log; |
| 45 signed_certificate_timestamps = info.signed_certificate_timestamps; | 45 signed_certificate_timestamps = info.signed_certificate_timestamps; |
| 46 ct_compliance_details_available = info.ct_compliance_details_available; | 46 ct_compliance_details_available = info.ct_compliance_details_available; |
| 47 ct_ev_policy_compliance = info.ct_ev_policy_compliance; | 47 ct_ev_policy_compliance = info.ct_ev_policy_compliance; |
| 48 ct_cert_policy_compliance = info.ct_cert_policy_compliance; | 48 ct_cert_policy_compliance = info.ct_cert_policy_compliance; |
| 49 ocsp_result = info.ocsp_result; | 49 ocsp_result = info.ocsp_result; |
| 50 return *this; | 50 return *this; |
| 51 } | 51 } |
| 52 | 52 |
| 53 void SSLInfo::Reset() { | 53 void SSLInfo::Reset() { |
| 54 cert = NULL; | 54 cert = NULL; |
| 55 unverified_cert = NULL; | 55 unverified_cert = NULL; |
| 56 cert_status = 0; | 56 cert_status = 0; |
| 57 security_bits = -1; | 57 security_bits = -1; |
| 58 key_exchange_info = 0; | 58 key_exchange_group = 0; |
| 59 connection_status = 0; | 59 connection_status = 0; |
| 60 is_issued_by_known_root = false; | 60 is_issued_by_known_root = false; |
| 61 pkp_bypassed = false; | 61 pkp_bypassed = false; |
| 62 client_cert_sent = false; | 62 client_cert_sent = false; |
| 63 channel_id_sent = false; | 63 channel_id_sent = false; |
| 64 token_binding_negotiated = false; | 64 token_binding_negotiated = false; |
| 65 token_binding_key_param = TB_PARAM_ECDSAP256; | 65 token_binding_key_param = TB_PARAM_ECDSAP256; |
| 66 handshake_type = HANDSHAKE_UNKNOWN; | 66 handshake_type = HANDSHAKE_UNKNOWN; |
| 67 public_key_hashes.clear(); | 67 public_key_hashes.clear(); |
| 68 pinning_failure_log.clear(); | 68 pinning_failure_log.clear(); |
| 69 signed_certificate_timestamps.clear(); | 69 signed_certificate_timestamps.clear(); |
| 70 ct_compliance_details_available = false; | 70 ct_compliance_details_available = false; |
| 71 ct_ev_policy_compliance = ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY; | 71 ct_ev_policy_compliance = ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY; |
| 72 ct_cert_policy_compliance = | 72 ct_cert_policy_compliance = |
| 73 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS; | 73 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS; |
| 74 ocsp_result = OCSPVerifyResult(); | 74 ocsp_result = OCSPVerifyResult(); |
| 75 } | 75 } |
| 76 | 76 |
| 77 uint16_t SSLInfo::GetKeyExchangeGroup() const { | |
| 78 // key_exchange_info is sometimes the (EC)DH group ID and sometimes a | |
| 79 // completely different value. | |
| 80 // | |
| 81 // TODO(davidben): Once the DHE removal has stuck, remove key_exchange_info | |
| 82 // from this struct, doing all necessary conversions when parsing out of | |
| 83 // legacy cache entries. At that point, this accessor may be replaced with the | |
| 84 // struct field. See https://crbug.com/639421. | |
| 85 // | |
| 86 // TODO(davidben): When TLS 1.3 draft 15's new negotiation is implemented, | |
| 87 // also report key_exchange_info for the new AEAD/PRF ciphers. | |
| 88 uint16_t cipher_value = SSLConnectionStatusToCipherSuite(connection_status); | |
| 89 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(cipher_value); | |
| 90 if (cipher && SSL_CIPHER_is_ECDHE(cipher)) | |
| 91 return static_cast<uint16_t>(key_exchange_info); | |
| 92 return 0; | |
| 93 } | |
| 94 | |
| 95 void SSLInfo::SetCertError(int error) { | 77 void SSLInfo::SetCertError(int error) { |
| 96 cert_status |= MapNetErrorToCertStatus(error); | 78 cert_status |= MapNetErrorToCertStatus(error); |
| 97 } | 79 } |
| 98 | 80 |
| 99 void SSLInfo::UpdateCertificateTransparencyInfo( | 81 void SSLInfo::UpdateCertificateTransparencyInfo( |
| 100 const ct::CTVerifyResult& ct_verify_result) { | 82 const ct::CTVerifyResult& ct_verify_result) { |
| 101 signed_certificate_timestamps.insert(signed_certificate_timestamps.end(), | 83 signed_certificate_timestamps.insert(signed_certificate_timestamps.end(), |
| 102 ct_verify_result.scts.begin(), | 84 ct_verify_result.scts.begin(), |
| 103 ct_verify_result.scts.end()); | 85 ct_verify_result.scts.end()); |
| 104 | 86 |
| 105 ct_compliance_details_available = ct_verify_result.ct_policies_applied; | 87 ct_compliance_details_available = ct_verify_result.ct_policies_applied; |
| 106 ct_cert_policy_compliance = ct_verify_result.cert_policy_compliance; | 88 ct_cert_policy_compliance = ct_verify_result.cert_policy_compliance; |
| 107 ct_ev_policy_compliance = ct_verify_result.ev_policy_compliance; | 89 ct_ev_policy_compliance = ct_verify_result.ev_policy_compliance; |
| 108 } | 90 } |
| 109 | 91 |
| 110 } // namespace net | 92 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2349713004:
Replace key_exchange_info with key_exchange_group. (Closed)
