OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_config.h" | 5 #include "net/ssl/ssl_config.h" |
6 | 6 |
7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
9 #endif | 9 #endif |
10 | 10 |
(...skipping 23 matching lines...) Expand all Loading... |
34 rev_checking_required_local_anchors(false), | 34 rev_checking_required_local_anchors(false), |
35 version_min(kDefaultSSLVersionMin), | 35 version_min(kDefaultSSLVersionMin), |
36 version_max(kDefaultSSLVersionMax), | 36 version_max(kDefaultSSLVersionMax), |
37 channel_id_enabled(true), | 37 channel_id_enabled(true), |
38 false_start_enabled(true), | 38 false_start_enabled(true), |
39 signed_cert_timestamps_enabled(true), | 39 signed_cert_timestamps_enabled(true), |
40 require_forward_secrecy(false), | 40 require_forward_secrecy(false), |
41 send_client_cert(false), | 41 send_client_cert(false), |
42 verify_ev_cert(false), | 42 verify_ev_cert(false), |
43 version_fallback(false), | 43 version_fallback(false), |
44 cert_io_enabled(true) { | 44 cert_io_enabled(true), |
| 45 ev_certs_whitelist(ct::GetDefaultEVCertsWhitelist()) { |
45 } | 46 } |
46 | 47 |
47 SSLConfig::~SSLConfig() {} | 48 SSLConfig::~SSLConfig() {} |
48 | 49 |
49 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, | 50 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, |
50 CertStatus* cert_status) const { | 51 CertStatus* cert_status) const { |
51 std::string der_cert; | 52 std::string der_cert; |
52 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) | 53 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) |
53 return false; | 54 return false; |
54 return IsAllowedBadCert(der_cert, cert_status); | 55 return IsAllowedBadCert(der_cert, cert_status); |
55 } | 56 } |
56 | 57 |
57 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, | 58 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, |
58 CertStatus* cert_status) const { | 59 CertStatus* cert_status) const { |
59 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { | 60 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { |
60 if (der_cert == allowed_bad_certs[i].der_cert) { | 61 if (der_cert == allowed_bad_certs[i].der_cert) { |
61 if (cert_status) | 62 if (cert_status) |
62 *cert_status = allowed_bad_certs[i].cert_status; | 63 *cert_status = allowed_bad_certs[i].cert_status; |
63 return true; | 64 return true; |
64 } | 65 } |
65 } | 66 } |
66 return false; | 67 return false; |
67 } | 68 } |
68 | 69 |
69 } // namespace net | 70 } // namespace net |
OLD | NEW |