Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(81)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_config_service.cc

Issue 2719273002: Disable commonName matching for certificates (Closed)
Patch Set: Update macOS Keychain Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/data/ssl/certificates/explicit-policy-chain.pem ('K') | « net/ssl/ssl_config.cc ('k') | net/ssl/ssl_config_service_unittest.cc » ('j') | net/ssl/ssl_config_service_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_config_service.h" 5 #include "net/ssl/ssl_config_service.h"
6 6
7 #include <tuple> 7 #include <tuple>
8 8
9 #include "base/lazy_instance.h" 9 #include "base/lazy_instance.h"
10 #include "base/synchronization/lock.h" 10 #include "base/synchronization/lock.h"
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
81 } 81 }
82 82
83 SSLConfigService::~SSLConfigService() { 83 SSLConfigService::~SSLConfigService() {
84 } 84 }
85 85
86 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, 86 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
87 const SSLConfig& new_config) { 87 const SSLConfig& new_config) {
88 bool config_changed = 88 bool config_changed =
89 std::tie(orig_config.rev_checking_enabled, 89 std::tie(orig_config.rev_checking_enabled,
90 orig_config.rev_checking_required_local_anchors, 90 orig_config.rev_checking_required_local_anchors,
91 orig_config.sha1_local_anchors_enabled, orig_config.version_min, 91 orig_config.sha1_local_anchors_enabled,
92 orig_config.version_max, orig_config.disabled_cipher_suites, 92 orig_config.common_name_fallback_local_anchors_enabled,
93 orig_config.version_min, orig_config.version_max,
94 orig_config.disabled_cipher_suites,
93 orig_config.channel_id_enabled, orig_config.false_start_enabled, 95 orig_config.channel_id_enabled, orig_config.false_start_enabled,
94 orig_config.require_ecdhe) != 96 orig_config.require_ecdhe) !=
mattm 2017/03/01 23:56:47 nit: maybe rename orig_config to old_config so it
Ryan Sleevi 2017/03/02 00:15:31 Excellent suggestion!
95 std::tie(new_config.rev_checking_enabled, 97 std::tie(new_config.rev_checking_enabled,
96 new_config.rev_checking_required_local_anchors, 98 new_config.rev_checking_required_local_anchors,
97 new_config.sha1_local_anchors_enabled, new_config.version_min, 99 new_config.sha1_local_anchors_enabled,
98 new_config.version_max, new_config.disabled_cipher_suites, 100 new_config.common_name_fallback_local_anchors_enabled,
99 new_config.channel_id_enabled, new_config.false_start_enabled, 101 new_config.version_min, new_config.version_max,
100 new_config.require_ecdhe); 102 new_config.disabled_cipher_suites, new_config.channel_id_enabled,
103 new_config.false_start_enabled, new_config.require_ecdhe);
101 104
102 if (config_changed) 105 if (config_changed)
103 NotifySSLConfigChange(); 106 NotifySSLConfigChange();
104 } 107 }
105 108
106 } // namespace net 109 } // namespace net
OLDNEW
« net/data/ssl/certificates/explicit-policy-chain.pem ('K') | « net/ssl/ssl_config.cc ('k') | net/ssl/ssl_config_service_unittest.cc » ('j') | net/ssl/ssl_config_service_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698