Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(211)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_config.cc

Issue 2735733003: Disable commonName matching for certificates (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/ssl_config.h ('k') | net/ssl/ssl_config_service.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_config.h" 5 #include "net/ssl/ssl_config.h"
6 6
7 #include "net/cert/cert_verifier.h" 7 #include "net/cert/cert_verifier.h"
8 8
9 namespace net { 9 namespace net {
10 10
11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1; 11 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1;
12 12
13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2; 13 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2;
14 14
15 SSLConfig::CertAndStatus::CertAndStatus() = default; 15 SSLConfig::CertAndStatus::CertAndStatus() = default;
16 SSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg, 16 SSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg,
17 CertStatus status) 17 CertStatus status)
18 : cert(std::move(cert_arg)), cert_status(status) {} 18 : cert(std::move(cert_arg)), cert_status(status) {}
19 SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) 19 SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other)
20 : cert(other.cert), cert_status(other.cert_status) {} 20 : cert(other.cert), cert_status(other.cert_status) {}
21 SSLConfig::CertAndStatus::~CertAndStatus() = default; 21 SSLConfig::CertAndStatus::~CertAndStatus() = default;
22 22
23 SSLConfig::SSLConfig() 23 SSLConfig::SSLConfig()
24 : rev_checking_enabled(false), 24 : rev_checking_enabled(false),
25 rev_checking_required_local_anchors(false), 25 rev_checking_required_local_anchors(false),
26 sha1_local_anchors_enabled(true), 26 sha1_local_anchors_enabled(true),
27 common_name_fallback_local_anchors_enabled(true),
27 version_min(kDefaultSSLVersionMin), 28 version_min(kDefaultSSLVersionMin),
28 version_max(kDefaultSSLVersionMax), 29 version_max(kDefaultSSLVersionMax),
29 deprecated_cipher_suites_enabled(false), 30 deprecated_cipher_suites_enabled(false),
30 channel_id_enabled(true), 31 channel_id_enabled(true),
31 false_start_enabled(true), 32 false_start_enabled(true),
32 signed_cert_timestamps_enabled(true), 33 signed_cert_timestamps_enabled(true),
33 require_ecdhe(false), 34 require_ecdhe(false),
34 send_client_cert(false), 35 send_client_cert(false),
35 verify_ev_cert(false), 36 verify_ev_cert(false),
36 cert_io_enabled(true), 37 cert_io_enabled(true),
(...skipping 20 matching lines...) Expand all
57 if (rev_checking_enabled) 58 if (rev_checking_enabled)
58 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; 59 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED;
59 if (verify_ev_cert) 60 if (verify_ev_cert)
60 flags |= CertVerifier::VERIFY_EV_CERT; 61 flags |= CertVerifier::VERIFY_EV_CERT;
61 if (cert_io_enabled) 62 if (cert_io_enabled)
62 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; 63 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED;
63 if (rev_checking_required_local_anchors) 64 if (rev_checking_required_local_anchors)
64 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; 65 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS;
65 if (sha1_local_anchors_enabled) 66 if (sha1_local_anchors_enabled)
66 flags |= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS; 67 flags |= CertVerifier::VERIFY_ENABLE_SHA1_LOCAL_ANCHORS;
68 if (common_name_fallback_local_anchors_enabled)
69 flags |= CertVerifier::VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS;
67 return flags; 70 return flags;
68 } 71 }
69 72
70 } // namespace net 73 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/ssl_config.h ('k') | net/ssl/ssl_config_service.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698