OLD | NEW |
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ |
6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ | 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/ref_counted.h" | 10 #include "base/ref_counted.h" |
11 #include "net/base/x509_certificate.h" | 11 #include "net/base/x509_certificate.h" |
12 | 12 |
13 namespace net { | 13 namespace net { |
14 | 14 |
15 // A collection of SSL-related configuration settings. | 15 // A collection of SSL-related configuration settings. |
16 struct SSLConfig { | 16 struct SSLConfig { |
17 // Default to revocation checking. | 17 // Default to revocation checking. |
18 // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. | 18 // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. |
19 SSLConfig() | 19 SSLConfig() |
20 : rev_checking_enabled(true), ssl2_enabled(false), ssl3_enabled(true), | 20 : rev_checking_enabled(true), ssl2_enabled(false), ssl3_enabled(true), |
21 tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) { | 21 tls1_enabled(true), send_client_cert(false), verify_ev_cert(false), |
| 22 otr_mode(false), next_protos("\007http1.1") { |
22 } | 23 } |
23 | 24 |
24 bool rev_checking_enabled; // True if server certificate revocation | 25 bool rev_checking_enabled; // True if server certificate revocation |
25 // checking is enabled. | 26 // checking is enabled. |
26 bool ssl2_enabled; // True if SSL 2.0 is enabled. | 27 bool ssl2_enabled; // True if SSL 2.0 is enabled. |
27 bool ssl3_enabled; // True if SSL 3.0 is enabled. | 28 bool ssl3_enabled; // True if SSL 3.0 is enabled. |
28 bool tls1_enabled; // True if TLS 1.0 is enabled. | 29 bool tls1_enabled; // True if TLS 1.0 is enabled. |
29 | 30 |
30 // TODO(wtc): move the following members to a new SSLParams structure. They | 31 // TODO(wtc): move the following members to a new SSLParams structure. They |
31 // are not SSL configuration settings. | 32 // are not SSL configuration settings. |
(...skipping 18 matching lines...) Expand all Loading... |
50 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when | 51 // |allowed_bad_certs| that should not trigger an ERR_CERT_* error when |
51 // calling SSLClientSocket::Connect. This would normally be done in | 52 // calling SSLClientSocket::Connect. This would normally be done in |
52 // response to the user explicitly accepting the bad certificate. | 53 // response to the user explicitly accepting the bad certificate. |
53 std::vector<CertAndStatus> allowed_bad_certs; | 54 std::vector<CertAndStatus> allowed_bad_certs; |
54 | 55 |
55 // True if we should send client_cert to the server. | 56 // True if we should send client_cert to the server. |
56 bool send_client_cert; | 57 bool send_client_cert; |
57 | 58 |
58 bool verify_ev_cert; // True if we should verify the certificate for EV. | 59 bool verify_ev_cert; // True if we should verify the certificate for EV. |
59 | 60 |
| 61 bool otr_mode; // True if SSL requests are made in OTR mode. |
| 62 |
60 // The list of application level protocols supported. If set, this will | 63 // The list of application level protocols supported. If set, this will |
61 // enable Next Protocol Negotiation (if supported). This is a list of 8-bit | 64 // enable Next Protocol Negotiation (if supported). This is a list of 8-bit |
62 // length prefixed strings. The order of the protocols doesn't matter expect | 65 // length prefixed strings. The order of the protocols doesn't matter expect |
63 // for one case: if the server supports Next Protocol Negotiation, but there | 66 // for one case: if the server supports Next Protocol Negotiation, but there |
64 // is no overlap between the server's and client's protocol sets, then the | 67 // is no overlap between the server's and client's protocol sets, then the |
65 // first protocol in this list will be requested by the client. | 68 // first protocol in this list will be requested by the client. |
66 std::string next_protos; | 69 std::string next_protos; |
67 | 70 |
68 scoped_refptr<X509Certificate> client_cert; | 71 scoped_refptr<X509Certificate> client_cert; |
69 }; | 72 }; |
(...skipping 24 matching lines...) Expand all Loading... |
94 | 97 |
95 protected: | 98 protected: |
96 friend class base::RefCountedThreadSafe<SSLConfigService>; | 99 friend class base::RefCountedThreadSafe<SSLConfigService>; |
97 | 100 |
98 virtual ~SSLConfigService() {} | 101 virtual ~SSLConfigService() {} |
99 }; | 102 }; |
100 | 103 |
101 } // namespace net | 104 } // namespace net |
102 | 105 |
103 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ | 106 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ |
OLD | NEW |