Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(55)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service.cc

Issue 6804032: Add TLS-SRP (RFC 5054) support Base URL: http://git.chromium.org/git/chromium.git@trunk
Patch Set: remove "httpsv" scheme, minor NSS/OpenSSL changes Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_config_service.h ('k') | net/base/ssl_info.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/ssl_config_service.h" 5 #include "net/base/ssl_config_service.h"
6 #include "net/base/ssl_false_start_blacklist.h" 6 #include "net/base/ssl_false_start_blacklist.h"
7 7
8 #if defined(OS_WIN) 8 #if defined(OS_WIN)
9 #include "net/base/ssl_config_service_win.h" 9 #include "net/base/ssl_config_service_win.h"
10 #elif defined(OS_MACOSX) 10 #elif defined(OS_MACOSX)
11 #include "net/base/ssl_config_service_mac.h" 11 #include "net/base/ssl_config_service_mac.h"
12 #else 12 #else
13 #include "net/base/ssl_config_service_defaults.h" 13 #include "net/base/ssl_config_service_defaults.h"
14 #endif 14 #endif
15 15
16 namespace net { 16 namespace net {
17 17
18 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} 18 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
19 19
20 SSLConfig::CertAndStatus::~CertAndStatus() {} 20 SSLConfig::CertAndStatus::~CertAndStatus() {}
21 21
22 SSLConfig::SSLConfig() 22 SSLConfig::SSLConfig()
23 : rev_checking_enabled(true), ssl3_enabled(true), 23 : rev_checking_enabled(true), ssl3_enabled(true),
24 tls1_enabled(true), dnssec_enabled(false), snap_start_enabled(false), 24 tls1_enabled(true), dnssec_enabled(false), snap_start_enabled(false),
25 dns_cert_provenance_checking_enabled(false), 25 dns_cert_provenance_checking_enabled(false),
26 mitm_proxies_allowed(false), false_start_enabled(true), 26 mitm_proxies_allowed(false), false_start_enabled(true),
27 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { 27 send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false),
28 use_tls_auth(true), require_tls_auth(false) {
28 } 29 }
29 30
30 SSLConfig::~SSLConfig() { 31 SSLConfig::~SSLConfig() {
31 } 32 }
32 33
33 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert) const { 34 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert) const {
34 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { 35 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {
35 if (cert->Equals(allowed_bad_certs[i].cert)) 36 if (cert->Equals(allowed_bad_certs[i].cert))
36 return true; 37 return true;
37 } 38 }
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
87 bool SSLConfigService::IsKnownFalseStartIncompatibleServer( 88 bool SSLConfigService::IsKnownFalseStartIncompatibleServer(
88 const std::string& hostname) { 89 const std::string& hostname) {
89 return SSLFalseStartBlacklist::IsMember(hostname.c_str()); 90 return SSLFalseStartBlacklist::IsMember(hostname.c_str());
90 } 91 }
91 92
92 static bool g_dnssec_enabled = false; 93 static bool g_dnssec_enabled = false;
93 static bool g_false_start_enabled = true; 94 static bool g_false_start_enabled = true;
94 static bool g_mitm_proxies_allowed = false; 95 static bool g_mitm_proxies_allowed = false;
95 static bool g_snap_start_enabled = false; 96 static bool g_snap_start_enabled = false;
96 static bool g_dns_cert_provenance_checking = false; 97 static bool g_dns_cert_provenance_checking = false;
98 static bool g_use_tls_auth = true;
97 99
98 // static 100 // static
99 void SSLConfigService::EnableDNSSEC() { 101 void SSLConfigService::EnableDNSSEC() {
100 g_dnssec_enabled = true; 102 g_dnssec_enabled = true;
101 } 103 }
102 104
103 // static 105 // static
104 bool SSLConfigService::dnssec_enabled() { 106 bool SSLConfigService::dnssec_enabled() {
105 return g_dnssec_enabled; 107 return g_dnssec_enabled;
106 } 108 }
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
157 } 159 }
158 160
159 // static 161 // static
160 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { 162 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) {
161 ssl_config->dnssec_enabled = g_dnssec_enabled; 163 ssl_config->dnssec_enabled = g_dnssec_enabled;
162 ssl_config->false_start_enabled = g_false_start_enabled; 164 ssl_config->false_start_enabled = g_false_start_enabled;
163 ssl_config->mitm_proxies_allowed = g_mitm_proxies_allowed; 165 ssl_config->mitm_proxies_allowed = g_mitm_proxies_allowed;
164 ssl_config->snap_start_enabled = g_snap_start_enabled; 166 ssl_config->snap_start_enabled = g_snap_start_enabled;
165 ssl_config->dns_cert_provenance_checking_enabled = 167 ssl_config->dns_cert_provenance_checking_enabled =
166 g_dns_cert_provenance_checking; 168 g_dns_cert_provenance_checking;
169 ssl_config->use_tls_auth = g_use_tls_auth;
167 } 170 }
168 171
169 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, 172 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
170 const SSLConfig& new_config) { 173 const SSLConfig& new_config) {
171 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled || 174 if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled ||
172 orig_config.ssl3_enabled != new_config.ssl3_enabled || 175 orig_config.ssl3_enabled != new_config.ssl3_enabled ||
173 orig_config.tls1_enabled != new_config.tls1_enabled) { 176 orig_config.tls1_enabled != new_config.tls1_enabled ||
177 orig_config.use_tls_auth != new_config.use_tls_auth) {
174 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); 178 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged());
175 } 179 }
176 } 180 }
177 181
178 } // namespace net 182 } // namespace net
OLDNEW
« no previous file with comments | « net/base/ssl_config_service.h ('k') | net/base/ssl_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698