Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(606)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket.h

Issue 92443002: Extract Certificate Transparency SCTs from stapled OCSP responses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts
Patch Set: fix format errors Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/ct_objects_extractor_nss.cc ('K') | « net/cert/multi_log_ct_verifier_unittest.cc ('k') | net/socket/ssl_client_socket.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket.h
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index 40840e457dda2e3fbf7ecbbf7177d6a1dfcef0dc..410062dc5a9b9798214233b7a5ecf2b79dd54359 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -7,6 +7,7 @@
#include <string>
+#include "base/gtest_prod_util.h"
#include "net/base/completion_callback.h"
#include "net/base/load_flags.h"
#include "net/base/net_errors.h"
@@ -131,18 +132,15 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
// Public for ssl_client_socket_openssl_unittest.cc.
virtual bool WasChannelIDSent() const;
- // Returns true if the server sent Certificate Transparency SCTs
- // via a TLS extension.
- // Temporary glue for testing while the CT code hasn't landed.
- // TODO(ekasper): expose received SCTs via SSLInfo instead.
- virtual bool WereSignedCertTimestampsReceived() const;
-
protected:
virtual void set_channel_id_sent(bool channel_id_sent);
virtual void set_signed_cert_timestamps_received(
bool signed_cert_timestamps_received);
+ virtual void set_stapled_ocsp_response_received(
+ bool stapled_ocsp_response_received);
+
// Records histograms for channel id support during full handshakes - resumed
// handshakes are ignored.
static void RecordChannelIDSupport(
@@ -157,6 +155,14 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
ServerBoundCertService* server_bound_cert_service);
private:
+ // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_.
+ FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
+ ConnectSignedCertTimestampsEnabledTLSExtension);
+ FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
+ ConnectSignedCertTimestampsEnabledOCSP);
+ FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
+ ConnectSignedCertTimestampsDisabled);
+
// True if NPN was responded to, independent of selecting SPDY or HTTP.
bool was_npn_negotiated_;
// True if NPN successfully negotiated SPDY.
@@ -167,6 +173,8 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
bool channel_id_sent_;
// True if SCTs were received via a TLS extension.
bool signed_cert_timestamps_received_;
+ // True if a stapled OCSP response was received.
+ bool stapled_ocsp_response_received_;
};
} // namespace net
« net/cert/ct_objects_extractor_nss.cc ('K') | « net/cert/multi_log_ct_verifier_unittest.cc ('k') | net/socket/ssl_client_socket.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698