| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_CONFIG_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_H_ |
| 6 #define NET_SSL_SSL_CONFIG_H_ | 6 #define NET_SSL_SSL_CONFIG_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 // certificates will be treated as revoked ("hard-fail"). | 71 // certificates will be treated as revoked ("hard-fail"). |
| 72 // Note: This is distinct from rev_checking_enabled. If true, it is | 72 // Note: This is distinct from rev_checking_enabled. If true, it is |
| 73 // equivalent to also setting rev_checking_enabled, but only when the | 73 // equivalent to also setting rev_checking_enabled, but only when the |
| 74 // certificate chain chains to a local (non-public) trust anchor. | 74 // certificate chain chains to a local (non-public) trust anchor. |
| 75 bool rev_checking_required_local_anchors; | 75 bool rev_checking_required_local_anchors; |
| 76 | 76 |
| 77 // sha1_local_anchors_enabled is true if SHA-1 signed certificates issued by a | 77 // sha1_local_anchors_enabled is true if SHA-1 signed certificates issued by a |
| 78 // local (non-public) trust anchor should be allowed. | 78 // local (non-public) trust anchor should be allowed. |
| 79 bool sha1_local_anchors_enabled; | 79 bool sha1_local_anchors_enabled; |
| 80 | 80 |
| 81 // common_name_fallback_local_anchors_enabled is true if certificates which |
| 82 // only have a commonName in the Subject (i.e. lacking a subjectAltName) |
| 83 // should be checked if the name matches. Only those issued by a local |
| 84 // (non-public) trust anchor will be allowed to match. |
| 85 bool common_name_fallback_local_anchors_enabled; |
| 86 |
| 81 // The minimum and maximum protocol versions that are enabled. | 87 // The minimum and maximum protocol versions that are enabled. |
| 82 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) | 88 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) |
| 83 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it | 89 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it |
| 84 // means no protocol versions are enabled. | 90 // means no protocol versions are enabled. |
| 85 uint16_t version_min; | 91 uint16_t version_min; |
| 86 uint16_t version_max; | 92 uint16_t version_max; |
| 87 | 93 |
| 88 // Presorted list of cipher suites which should be explicitly prevented from | 94 // Presorted list of cipher suites which should be explicitly prevented from |
| 89 // being used in addition to those disabled by the net built-in policy. | 95 // being used in addition to those disabled by the net built-in policy. |
| 90 // | 96 // |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 165 // The list of application-level protocols to enable renegotiation for. | 171 // The list of application-level protocols to enable renegotiation for. |
| 166 NextProtoVector renego_allowed_for_protos; | 172 NextProtoVector renego_allowed_for_protos; |
| 167 | 173 |
| 168 scoped_refptr<X509Certificate> client_cert; | 174 scoped_refptr<X509Certificate> client_cert; |
| 169 scoped_refptr<SSLPrivateKey> client_private_key; | 175 scoped_refptr<SSLPrivateKey> client_private_key; |
| 170 }; | 176 }; |
| 171 | 177 |
| 172 } // namespace net | 178 } // namespace net |
| 173 | 179 |
| 174 #endif // NET_SSL_SSL_CONFIG_H_ | 180 #endif // NET_SSL_SSL_CONFIG_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2735733003:
Disable commonName matching for certificates (Closed)
