Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(315)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket.h

Issue 757033004: Do not use HTTP/2 without adequate security. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Do not leave out TLS version check. Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/net.gypi ('k') | net/socket/ssl_client_socket.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_ 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/gtest_prod_util.h" 10 #include "base/gtest_prod_util.h"
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after
202 bool supports_ecc); 202 bool supports_ecc);
203 203
204 // Records ConnectionType histograms for a successful SSL connection. 204 // Records ConnectionType histograms for a successful SSL connection.
205 static void RecordConnectionTypeMetrics(int ssl_version); 205 static void RecordConnectionTypeMetrics(int ssl_version);
206 206
207 // Returns whether TLS channel ID is enabled. 207 // Returns whether TLS channel ID is enabled.
208 static bool IsChannelIDEnabled( 208 static bool IsChannelIDEnabled(
209 const SSLConfig& ssl_config, 209 const SSLConfig& ssl_config,
210 ChannelIDService* channel_id_service); 210 ChannelIDService* channel_id_service);
211 211
212 // Determine if there is at least one enabled cipher suite that satisfies
213 // Section 9.2 of the HTTP/2 specification. Note that the server might still
214 // pick an inadequate cipher suite.
215 static bool IsCipherAdequateForHTTP2(
davidben 2014/12/12 21:56:22 Nit: IsCipherAdequateForHTTP2 -> HasCipherAdequate
Bence 2014/12/12 22:08:43 Done.
216 const std::vector<uint16>& cipher_suites);
217
218 // Determine if the TLS version required by Section 9.2 of the HTTP/2
219 // specification is enabled. Note that the server might still pick an
220 // inadequate TLS version.
221 static bool IsTLSVersionAdequateForHTTP2(const SSLConfig& ssl_config);
222
212 // Serializes |next_protos| in the wire format for ALPN: protocols are listed 223 // Serializes |next_protos| in the wire format for ALPN: protocols are listed
213 // in order, each prefixed by a one-byte length. 224 // in order, each prefixed by a one-byte length. Any HTTP/2 protocols in
225 // |next_protos| are ignored if |can_advertise_http2| is false.
214 static std::vector<uint8_t> SerializeNextProtos( 226 static std::vector<uint8_t> SerializeNextProtos(
215 const NextProtoVector& next_protos); 227 const NextProtoVector& next_protos,
228 bool can_advertise_http2);
216 229
217 // For unit testing only. 230 // For unit testing only.
218 // Returns the unverified certificate chain as presented by server. 231 // Returns the unverified certificate chain as presented by server.
219 // Note that chain may be different than the verified chain returned by 232 // Note that chain may be different than the verified chain returned by
220 // StreamSocket::GetSSLInfo(). 233 // StreamSocket::GetSSLInfo().
221 virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain() 234 virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain()
222 const = 0; 235 const = 0;
223 236
224 private: 237 private:
225 FRIEND_TEST_ALL_PREFIXES(SSLClientSocket, SerializeNextProtos); 238 FRIEND_TEST_ALL_PREFIXES(SSLClientSocket, SerializeNextProtos);
(...skipping 19 matching lines...) Expand all
245 bool signed_cert_timestamps_received_; 258 bool signed_cert_timestamps_received_;
246 // True if a stapled OCSP response was received. 259 // True if a stapled OCSP response was received.
247 bool stapled_ocsp_response_received_; 260 bool stapled_ocsp_response_received_;
248 // Protocol negotiation extension used. 261 // Protocol negotiation extension used.
249 SSLNegotiationExtension negotiation_extension_; 262 SSLNegotiationExtension negotiation_extension_;
250 }; 263 };
251 264
252 } // namespace net 265 } // namespace net
253 266
254 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_ 267 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_
OLDNEW
« no previous file with comments | « net/net.gypi ('k') | net/socket/ssl_client_socket.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698