OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_config.h" | 5 #include "net/ssl/ssl_config.h" |
6 | 6 |
7 #include "net/cert/cert_verifier.h" | 7 #include "net/cert/cert_verifier.h" |
8 | 8 |
9 namespace net { | 9 namespace net { |
10 | 10 |
11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1; | 11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1; |
12 | 12 |
13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2; | 13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2; |
14 | 14 |
15 SSLConfig::CertAndStatus::CertAndStatus() = default; | 15 SSLConfig::CertAndStatus::CertAndStatus() = default; |
16 SSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg, | 16 SSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg, |
17 CertStatus status) | 17 CertStatus status) |
18 : cert(std::move(cert_arg)), cert_status(status) {} | 18 : cert(std::move(cert_arg)), cert_status(status) {} |
19 SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) | 19 SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) |
20 : cert(other.cert), cert_status(other.cert_status) {} | 20 : cert(other.cert), cert_status(other.cert_status) {} |
21 SSLConfig::CertAndStatus::~CertAndStatus() = default; | 21 SSLConfig::CertAndStatus::~CertAndStatus() = default; |
22 | 22 |
23 SSLConfig::SSLConfig() | 23 SSLConfig::SSLConfig() |
24 : rev_checking_enabled(false), | 24 : rev_checking_enabled(false), |
25 rev_checking_required_local_anchors(false), | 25 rev_checking_required_local_anchors(false), |
26 sha1_local_anchors_enabled(true), | 26 sha1_local_anchors_enabled(true), |
| 27 common_name_fallback_local_anchors_enabled(true), |
27 version_min(kDefaultSSLVersionMin), | 28 version_min(kDefaultSSLVersionMin), |
28 version_max(kDefaultSSLVersionMax), | 29 version_max(kDefaultSSLVersionMax), |
29 deprecated_cipher_suites_enabled(false), | 30 deprecated_cipher_suites_enabled(false), |
30 channel_id_enabled(true), | 31 channel_id_enabled(true), |
31 false_start_enabled(true), | 32 false_start_enabled(true), |
32 signed_cert_timestamps_enabled(true), | 33 signed_cert_timestamps_enabled(true), |
33 require_ecdhe(false), | 34 require_ecdhe(false), |
34 send_client_cert(false), | 35 send_client_cert(false), |
35 verify_ev_cert(false), | 36 verify_ev_cert(false), |
36 cert_io_enabled(true), | 37 cert_io_enabled(true), |
(...skipping 20 matching lines...) Expand all Loading... |
57 if (rev_checking_enabled) | 58 if (rev_checking_enabled) |
58 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 59 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
59 if (verify_ev_cert) | 60 if (verify_ev_cert) |
60 flags |= CertVerifier::VERIFY_EV_CERT; | 61 flags |= CertVerifier::VERIFY_EV_CERT; |
61 if (cert_io_enabled) | 62 if (cert_io_enabled) |
62 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 63 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
63 if (rev_checking_required_local_anchors) | 64 if (rev_checking_required_local_anchors) |
64 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; | 65 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; |
65 if (sha1_local_anchors_enabled) | 66 if (sha1_local_anchors_enabled) |
66 flags |= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS; | 67 flags |= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS; |
| 68 if (common_name_fallback_local_anchors_enabled) |
| 69 flags |= CertVerifier::VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS; |
67 return flags; | 70 return flags; |
68 } | 71 } |
69 | 72 |
70 } // namespace net | 73 } // namespace net |
OLD | NEW |