Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1446)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_config.cc

Issue 2382983002: Remove the last of the TLS fallback code. (Closed)
Patch Set: mmenke comments Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/ssl_config.h ('k') | net/ssl/ssl_connection_status_flags.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_config.h" 5 #include "net/ssl/ssl_config.h"
6 6
7 #include "net/cert/cert_verifier.h" 7 #include "net/cert/cert_verifier.h"
8 8
9 namespace net { 9 namespace net {
10 10
11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1; 11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1;
12 12
13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2; 13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2;
14 14
15 const uint16_t kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1_2;
16
17 SSLConfig::CertAndStatus::CertAndStatus() = default; 15 SSLConfig::CertAndStatus::CertAndStatus() = default;
18 SSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg, 16 SSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg,
19 CertStatus status) 17 CertStatus status)
20 : cert(std::move(cert_arg)), cert_status(status) {} 18 : cert(std::move(cert_arg)), cert_status(status) {}
21 SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) 19 SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other)
22 : cert(other.cert), cert_status(other.cert_status) {} 20 : cert(other.cert), cert_status(other.cert_status) {}
23 SSLConfig::CertAndStatus::~CertAndStatus() = default; 21 SSLConfig::CertAndStatus::~CertAndStatus() = default;
24 22
25 SSLConfig::SSLConfig() 23 SSLConfig::SSLConfig()
26 : rev_checking_enabled(false), 24 : rev_checking_enabled(false),
27 rev_checking_required_local_anchors(false), 25 rev_checking_required_local_anchors(false),
28 sha1_local_anchors_enabled(false), 26 sha1_local_anchors_enabled(false),
29 version_min(kDefaultSSLVersionMin), 27 version_min(kDefaultSSLVersionMin),
30 version_max(kDefaultSSLVersionMax), 28 version_max(kDefaultSSLVersionMax),
31 version_fallback_min(kDefaultSSLVersionFallbackMin),
32 deprecated_cipher_suites_enabled(false), 29 deprecated_cipher_suites_enabled(false),
33 dhe_enabled(false), 30 dhe_enabled(false),
34 channel_id_enabled(true), 31 channel_id_enabled(true),
35 false_start_enabled(true), 32 false_start_enabled(true),
36 signed_cert_timestamps_enabled(true), 33 signed_cert_timestamps_enabled(true),
37 require_ecdhe(false), 34 require_ecdhe(false),
38 send_client_cert(false), 35 send_client_cert(false),
39 verify_ev_cert(false), 36 verify_ev_cert(false),
40 version_fallback(false),
41 cert_io_enabled(true), 37 cert_io_enabled(true),
42 renego_allowed_default(false) {} 38 renego_allowed_default(false) {}
43 39
44 SSLConfig::SSLConfig(const SSLConfig& other) = default; 40 SSLConfig::SSLConfig(const SSLConfig& other) = default;
45 41
46 SSLConfig::~SSLConfig() {} 42 SSLConfig::~SSLConfig() {}
47 43
48 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 44 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
49 CertStatus* cert_status) const { 45 CertStatus* cert_status) const {
50 for (const auto& allowed_bad_cert : allowed_bad_certs) { 46 for (const auto& allowed_bad_cert : allowed_bad_certs) {
(...skipping 15 matching lines...) Expand all
66 if (cert_io_enabled) 62 if (cert_io_enabled)
67 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; 63 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED;
68 if (rev_checking_required_local_anchors) 64 if (rev_checking_required_local_anchors)
69 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; 65 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS;
70 if (sha1_local_anchors_enabled) 66 if (sha1_local_anchors_enabled)
71 flags |= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS; 67 flags |= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS;
72 return flags; 68 return flags;
73 } 69 }
74 70
75 } // namespace net 71 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/ssl_config.h ('k') | net/ssl/ssl_connection_status_flags.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698