Chromium Code Reviews Chromium Code Reviews
Issue 83333003:
Add support for fetching Certificate Transparency SCTs over a TLS extension (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ |
| 6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ | 6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ |
| 7 | 7 |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 92 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in | 92 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in |
| 93 // big-endian form, they should be declared in host byte order, with the | 93 // big-endian form, they should be declared in host byte order, with the |
| 94 // first uint8 occupying the most significant byte. | 94 // first uint8 occupying the most significant byte. |
| 95 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to | 95 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
| 96 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. | 96 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
| 97 std::vector<uint16> disabled_cipher_suites; | 97 std::vector<uint16> disabled_cipher_suites; |
| 98 | 98 |
| 99 bool cached_info_enabled; // True if TLS cached info extension is enabled. | 99 bool cached_info_enabled; // True if TLS cached info extension is enabled. |
| 100 bool channel_id_enabled; // True if TLS channel ID extension is enabled. | 100 bool channel_id_enabled; // True if TLS channel ID extension is enabled. |
| 101 bool false_start_enabled; // True if we'll use TLS False Start. | 101 bool false_start_enabled; // True if we'll use TLS False Start. |
| 102 // True if the Certificate Transparency signed_certificate_timestamp | |
| 103 // TLS extension is enabled. | |
| 104 bool signed_cert_timestamps_enabled; | |
| 102 | 105 |
| 103 // require_forward_secrecy, if true, causes only (EC)DHE cipher suites to be | 106 // require_forward_secrecy, if true, causes only (EC)DHE cipher suites to be |
| 104 // enabled. NOTE: this only applies to server sockets currently, although | 107 // enabled. NOTE: this only applies to server sockets currently, although |
| 105 // that could be extended if needed. | 108 // that could be extended if needed. |
| 106 bool require_forward_secrecy; | 109 bool require_forward_secrecy; |
| 107 | 110 |
| 108 // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be | 111 // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be |
| 109 // enabled for all sites. | 112 // enabled for all sites. |
| 110 // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be | 113 // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be |
| 111 // disabled for a site pinned to the Google pin list (indicating that it is a | 114 // disabled for a site pinned to the Google pin list (indicating that it is a |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 167 class NET_EXPORT Observer { | 170 class NET_EXPORT Observer { |
| 168 public: | 171 public: |
| 169 // Notify observers if SSL settings have changed. We don't check all of the | 172 // Notify observers if SSL settings have changed. We don't check all of the |
| 170 // data in SSLConfig, just those that qualify as a user config change. | 173 // data in SSLConfig, just those that qualify as a user config change. |
| 171 // The following settings are considered user changes: | 174 // The following settings are considered user changes: |
| 172 // rev_checking_enabled | 175 // rev_checking_enabled |
| 173 // version_min | 176 // version_min |
| 174 // version_max | 177 // version_max |
| 175 // disabled_cipher_suites | 178 // disabled_cipher_suites |
| 176 // channel_id_enabled | 179 // channel_id_enabled |
| 177 // false_start_enabled | 180 // false_start_enabled |
|
wtc
2013/11/26 17:32:55
We may need to list signed_cert_timestamps_enabled
| |
| 178 // require_forward_secrecy | 181 // require_forward_secrecy |
| 179 virtual void OnSSLConfigChanged() = 0; | 182 virtual void OnSSLConfigChanged() = 0; |
| 180 | 183 |
| 181 protected: | 184 protected: |
| 182 virtual ~Observer() {} | 185 virtual ~Observer() {} |
| 183 }; | 186 }; |
| 184 | 187 |
| 185 SSLConfigService(); | 188 SSLConfigService(); |
| 186 | 189 |
| 187 // May not be thread-safe, should only be called on the IO thread. | 190 // May not be thread-safe, should only be called on the IO thread. |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 227 void ProcessConfigUpdate(const SSLConfig& orig_config, | 230 void ProcessConfigUpdate(const SSLConfig& orig_config, |
| 228 const SSLConfig& new_config); | 231 const SSLConfig& new_config); |
| 229 | 232 |
| 230 private: | 233 private: |
| 231 ObserverList<Observer> observer_list_; | 234 ObserverList<Observer> observer_list_; |
| 232 }; | 235 }; |
| 233 | 236 |
| 234 } // namespace net | 237 } // namespace net |
| 235 | 238 |
| 236 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ | 239 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ |
| OLD | NEW |
