Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(371)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket.cc

Issue 92443002: Extract Certificate Transparency SCTs from stapled OCSP responses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts
Patch Set: review comments Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/ct_verifier.h ('K') | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/metrics/histogram.h" 7 #include "base/metrics/histogram.h"
8 #include "base/strings/string_util.h" 8 #include "base/strings/string_util.h"
9 #include "crypto/ec_private_key.h" 9 #include "crypto/ec_private_key.h"
10 #include "net/ssl/server_bound_cert_service.h" 10 #include "net/ssl/server_bound_cert_service.h"
11 #include "net/ssl/ssl_config_service.h" 11 #include "net/ssl/ssl_config_service.h"
12 12
13 namespace net { 13 namespace net {
14 14
15 SSLClientSocket::SSLClientSocket() 15 SSLClientSocket::SSLClientSocket()
16 : was_npn_negotiated_(false), 16 : was_npn_negotiated_(false),
17 was_spdy_negotiated_(false), 17 was_spdy_negotiated_(false),
18 protocol_negotiated_(kProtoUnknown), 18 protocol_negotiated_(kProtoUnknown),
19 channel_id_sent_(false), 19 channel_id_sent_(false),
20 signed_cert_timestamps_received_(false) { 20 signed_cert_timestamps_received_(false),
21 stapled_ocsp_response_received_(false) {
21 } 22 }
22 23
23 // static 24 // static
24 NextProto SSLClientSocket::NextProtoFromString( 25 NextProto SSLClientSocket::NextProtoFromString(
25 const std::string& proto_string) { 26 const std::string& proto_string) {
26 if (proto_string == "http1.1" || proto_string == "http/1.1") { 27 if (proto_string == "http1.1" || proto_string == "http/1.1") {
27 return kProtoHTTP11; 28 return kProtoHTTP11;
28 } else if (proto_string == "spdy/2") { 29 } else if (proto_string == "spdy/2") {
29 return kProtoDeprecatedSPDY2; 30 return kProtoDeprecatedSPDY2;
30 } else if (proto_string == "spdy/3") { 31 } else if (proto_string == "spdy/3") {
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
142 } 143 }
143 144
144 void SSLClientSocket::set_channel_id_sent(bool channel_id_sent) { 145 void SSLClientSocket::set_channel_id_sent(bool channel_id_sent) {
145 channel_id_sent_ = channel_id_sent; 146 channel_id_sent_ = channel_id_sent;
146 } 147 }
147 148
148 bool SSLClientSocket::WereSignedCertTimestampsReceived() const { 149 bool SSLClientSocket::WereSignedCertTimestampsReceived() const {
149 return signed_cert_timestamps_received_; 150 return signed_cert_timestamps_received_;
150 } 151 }
151 152
153 bool SSLClientSocket::WasStapledOCSPResponseReceived() const {
154 return stapled_ocsp_response_received_;
155 }
156
152 void SSLClientSocket::set_signed_cert_timestamps_received( 157 void SSLClientSocket::set_signed_cert_timestamps_received(
153 bool signed_cert_timestamps_received) { 158 bool signed_cert_timestamps_received) {
154 signed_cert_timestamps_received_ = signed_cert_timestamps_received; 159 signed_cert_timestamps_received_ = signed_cert_timestamps_received;
155 } 160 }
156 161
162 void SSLClientSocket::set_stapled_ocsp_response_received(
163 bool stapled_ocsp_response_received) {
164 stapled_ocsp_response_received_ = stapled_ocsp_response_received;
165 }
166
157 // static 167 // static
158 void SSLClientSocket::RecordChannelIDSupport( 168 void SSLClientSocket::RecordChannelIDSupport(
159 ServerBoundCertService* server_bound_cert_service, 169 ServerBoundCertService* server_bound_cert_service,
160 bool negotiated_channel_id, 170 bool negotiated_channel_id,
161 bool channel_id_enabled, 171 bool channel_id_enabled,
162 bool supports_ecc) { 172 bool supports_ecc) {
163 // Since this enum is used for a histogram, do not change or re-use values. 173 // Since this enum is used for a histogram, do not change or re-use values.
164 enum { 174 enum {
165 DISABLED = 0, 175 DISABLED = 0,
166 CLIENT_ONLY = 1, 176 CLIENT_ONLY = 1,
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
202 } 212 }
203 if (!server_bound_cert_service->IsSystemTimeValid()) { 213 if (!server_bound_cert_service->IsSystemTimeValid()) {
204 DVLOG(1) << "System time is not within the supported range for certificate " 214 DVLOG(1) << "System time is not within the supported range for certificate "
205 "generation, not enabling channel ID."; 215 "generation, not enabling channel ID.";
206 return false; 216 return false;
207 } 217 }
208 return true; 218 return true;
209 } 219 }
210 220
211 } // namespace net 221 } // namespace net
OLDNEW
« net/cert/ct_verifier.h ('K') | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698