OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CONFIG_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_H_ |
6 #define NET_SSL_SSL_CONFIG_H_ | 6 #define NET_SSL_SSL_CONFIG_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
71 // certificates will be treated as revoked ("hard-fail"). | 71 // certificates will be treated as revoked ("hard-fail"). |
72 // Note: This is distinct from rev_checking_enabled. If true, it is | 72 // Note: This is distinct from rev_checking_enabled. If true, it is |
73 // equivalent to also setting rev_checking_enabled, but only when the | 73 // equivalent to also setting rev_checking_enabled, but only when the |
74 // certificate chain chains to a local (non-public) trust anchor. | 74 // certificate chain chains to a local (non-public) trust anchor. |
75 bool rev_checking_required_local_anchors; | 75 bool rev_checking_required_local_anchors; |
76 | 76 |
77 // sha1_local_anchors_enabled is true if SHA-1 signed certificates issued by a | 77 // sha1_local_anchors_enabled is true if SHA-1 signed certificates issued by a |
78 // local (non-public) trust anchor should be allowed. | 78 // local (non-public) trust anchor should be allowed. |
79 bool sha1_local_anchors_enabled; | 79 bool sha1_local_anchors_enabled; |
80 | 80 |
| 81 // common_name_fallback_local_anchors_enabled is true if certificates which |
| 82 // only have a commonName in the Subject (i.e. lacking a subjectAltName) |
| 83 // should be checked if the name matches. Only those issued by a local |
| 84 // (non-public) trust anchor will be allowed to match. |
| 85 bool common_name_fallback_local_anchors_enabled; |
| 86 |
81 // The minimum and maximum protocol versions that are enabled. | 87 // The minimum and maximum protocol versions that are enabled. |
82 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) | 88 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) |
83 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it | 89 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it |
84 // means no protocol versions are enabled. | 90 // means no protocol versions are enabled. |
85 uint16_t version_min; | 91 uint16_t version_min; |
86 uint16_t version_max; | 92 uint16_t version_max; |
87 | 93 |
88 // Presorted list of cipher suites which should be explicitly prevented from | 94 // Presorted list of cipher suites which should be explicitly prevented from |
89 // being used in addition to those disabled by the net built-in policy. | 95 // being used in addition to those disabled by the net built-in policy. |
90 // | 96 // |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 // The list of application-level protocols to enable renegotiation for. | 171 // The list of application-level protocols to enable renegotiation for. |
166 NextProtoVector renego_allowed_for_protos; | 172 NextProtoVector renego_allowed_for_protos; |
167 | 173 |
168 scoped_refptr<X509Certificate> client_cert; | 174 scoped_refptr<X509Certificate> client_cert; |
169 scoped_refptr<SSLPrivateKey> client_private_key; | 175 scoped_refptr<SSLPrivateKey> client_private_key; |
170 }; | 176 }; |
171 | 177 |
172 } // namespace net | 178 } // namespace net |
173 | 179 |
174 #endif // NET_SSL_SSL_CONFIG_H_ | 180 #endif // NET_SSL_SSL_CONFIG_H_ |
OLD | NEW |