Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_config.cc

Issue 547603002: Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Avoiding globals in favour of passing the SSLConfigService around Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_nss.cc ('K') | « net/ssl/ssl_config.h ('k') | net/ssl/ssl_config_service.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_config.h" 5 #include "net/ssl/ssl_config.h"
6 6
7 #if defined(USE_OPENSSL) 7 #if defined(USE_OPENSSL)
8 #include <openssl/ssl.h> 8 #include <openssl/ssl.h>
9 #endif 9 #endif
10 10
(...skipping 23 matching lines...) Expand all
34 rev_checking_required_local_anchors(false), 34 rev_checking_required_local_anchors(false),
35 version_min(kDefaultSSLVersionMin), 35 version_min(kDefaultSSLVersionMin),
36 version_max(kDefaultSSLVersionMax), 36 version_max(kDefaultSSLVersionMax),
37 channel_id_enabled(true), 37 channel_id_enabled(true),
38 false_start_enabled(true), 38 false_start_enabled(true),
39 signed_cert_timestamps_enabled(true), 39 signed_cert_timestamps_enabled(true),
40 require_forward_secrecy(false), 40 require_forward_secrecy(false),
41 send_client_cert(false), 41 send_client_cert(false),
42 verify_ev_cert(false), 42 verify_ev_cert(false),
43 version_fallback(false), 43 version_fallback(false),
44 cert_io_enabled(true) { 44 cert_io_enabled(true),
45 ev_certs_whitelist(ct::GetDefaultEVCertsWhitelist()) {
45 } 46 }
46 47
47 SSLConfig::~SSLConfig() {} 48 SSLConfig::~SSLConfig() {}
48 49
49 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 50 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
50 CertStatus* cert_status) const { 51 CertStatus* cert_status) const {
51 std::string der_cert; 52 std::string der_cert;
52 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) 53 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert))
53 return false; 54 return false;
54 return IsAllowedBadCert(der_cert, cert_status); 55 return IsAllowedBadCert(der_cert, cert_status);
55 } 56 }
56 57
57 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, 58 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert,
58 CertStatus* cert_status) const { 59 CertStatus* cert_status) const {
59 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { 60 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {
60 if (der_cert == allowed_bad_certs[i].der_cert) { 61 if (der_cert == allowed_bad_certs[i].der_cert) {
61 if (cert_status) 62 if (cert_status)
62 *cert_status = allowed_bad_certs[i].cert_status; 63 *cert_status = allowed_bad_certs[i].cert_status;
63 return true; 64 return true;
64 } 65 }
65 } 66 }
66 return false; 67 return false;
67 } 68 }
68 69
69 } // namespace net 70 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_nss.cc ('K') | « net/ssl/ssl_config.h ('k') | net/ssl/ssl_config_service.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698