| Index: net/socket/ssl_client_socket.h
|
| diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
|
| deleted file mode 100644
|
| index 46461df2ead1fcc6f1424a7eebe533a5ffdc4768..0000000000000000000000000000000000000000
|
| --- a/net/socket/ssl_client_socket.h
|
| +++ /dev/null
|
| @@ -1,267 +0,0 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_
|
| -#define NET_SOCKET_SSL_CLIENT_SOCKET_H_
|
| -
|
| -#include <string>
|
| -
|
| -#include "base/gtest_prod_util.h"
|
| -#include "net/base/completion_callback.h"
|
| -#include "net/base/load_flags.h"
|
| -#include "net/base/net_errors.h"
|
| -#include "net/socket/ssl_socket.h"
|
| -#include "net/socket/stream_socket.h"
|
| -
|
| -namespace net {
|
| -
|
| -class CertPolicyEnforcer;
|
| -class CertVerifier;
|
| -class ChannelIDService;
|
| -class CTVerifier;
|
| -class HostPortPair;
|
| -class ServerBoundCertService;
|
| -class SSLCertRequestInfo;
|
| -struct SSLConfig;
|
| -class SSLInfo;
|
| -class TransportSecurityState;
|
| -class X509Certificate;
|
| -
|
| -// This struct groups together several fields which are used by various
|
| -// classes related to SSLClientSocket.
|
| -struct SSLClientSocketContext {
|
| - SSLClientSocketContext()
|
| - : cert_verifier(NULL),
|
| - channel_id_service(NULL),
|
| - transport_security_state(NULL),
|
| - cert_transparency_verifier(NULL),
|
| - cert_policy_enforcer(NULL) {}
|
| -
|
| - SSLClientSocketContext(CertVerifier* cert_verifier_arg,
|
| - ChannelIDService* channel_id_service_arg,
|
| - TransportSecurityState* transport_security_state_arg,
|
| - CTVerifier* cert_transparency_verifier_arg,
|
| - CertPolicyEnforcer* cert_policy_enforcer_arg,
|
| - const std::string& ssl_session_cache_shard_arg)
|
| - : cert_verifier(cert_verifier_arg),
|
| - channel_id_service(channel_id_service_arg),
|
| - transport_security_state(transport_security_state_arg),
|
| - cert_transparency_verifier(cert_transparency_verifier_arg),
|
| - cert_policy_enforcer(cert_policy_enforcer_arg),
|
| - ssl_session_cache_shard(ssl_session_cache_shard_arg) {}
|
| -
|
| - CertVerifier* cert_verifier;
|
| - ChannelIDService* channel_id_service;
|
| - TransportSecurityState* transport_security_state;
|
| - CTVerifier* cert_transparency_verifier;
|
| - CertPolicyEnforcer* cert_policy_enforcer;
|
| - // ssl_session_cache_shard is an opaque string that identifies a shard of the
|
| - // SSL session cache. SSL sockets with the same ssl_session_cache_shard may
|
| - // resume each other's SSL sessions but we'll never sessions between shards.
|
| - const std::string ssl_session_cache_shard;
|
| -};
|
| -
|
| -// A client socket that uses SSL as the transport layer.
|
| -//
|
| -// NOTE: The SSL handshake occurs within the Connect method after a TCP
|
| -// connection is established. If a SSL error occurs during the handshake,
|
| -// Connect will fail.
|
| -//
|
| -class NET_EXPORT SSLClientSocket : public SSLSocket {
|
| - public:
|
| - SSLClientSocket();
|
| -
|
| - // Next Protocol Negotiation (NPN) allows a TLS client and server to come to
|
| - // an agreement about the application level protocol to speak over a
|
| - // connection.
|
| - enum NextProtoStatus {
|
| - // WARNING: These values are serialized to disk. Don't change them.
|
| -
|
| - kNextProtoUnsupported = 0, // The server doesn't support NPN.
|
| - kNextProtoNegotiated = 1, // We agreed on a protocol.
|
| - kNextProtoNoOverlap = 2, // No protocols in common. We requested
|
| - // the first protocol in our list.
|
| - };
|
| -
|
| - // TLS extension used to negotiate protocol.
|
| - enum SSLNegotiationExtension {
|
| - kExtensionUnknown,
|
| - kExtensionALPN,
|
| - kExtensionNPN,
|
| - };
|
| -
|
| - // StreamSocket:
|
| - bool WasNpnNegotiated() const override;
|
| - NextProto GetNegotiatedProtocol() const override;
|
| -
|
| - // Computes a unique key string for the SSL session cache.
|
| - virtual std::string GetSessionCacheKey() const = 0;
|
| -
|
| - // Returns true if there is a cache entry in the SSL session cache
|
| - // for the cache key of the SSL socket.
|
| - //
|
| - // The cache key consists of a host and port concatenated with a session
|
| - // cache shard. These two strings are passed to the constructor of most
|
| - // subclasses of SSLClientSocket.
|
| - virtual bool InSessionCache() const = 0;
|
| -
|
| - // Sets |callback| to be run when the handshake has fully completed.
|
| - // For example, in the case of False Start, Connect() will return
|
| - // early, before the peer's TLS Finished message has been verified,
|
| - // in order to allow the caller to call Write() and send application
|
| - // data with the client's Finished message.
|
| - // In such situations, |callback| will be invoked sometime after
|
| - // Connect() - either during a Write() or Read() call, and before
|
| - // invoking the Read() or Write() callback.
|
| - // Otherwise, during a traditional TLS connection (i.e. no False
|
| - // Start), this will be called right before the Connect() callback
|
| - // is called.
|
| - //
|
| - // Note that it's not valid to mutate this socket during such
|
| - // callbacks, including deleting the socket.
|
| - //
|
| - // TODO(mshelley): Provide additional details about whether or not
|
| - // the handshake actually succeeded or not. This can be inferred
|
| - // from the result to Connect()/Read()/Write(), but may be useful
|
| - // to inform here as well.
|
| - virtual void SetHandshakeCompletionCallback(
|
| - const base::Closure& callback) = 0;
|
| -
|
| - // Gets the SSL CertificateRequest info of the socket after Connect failed
|
| - // with ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
|
| - virtual void GetSSLCertRequestInfo(
|
| - SSLCertRequestInfo* cert_request_info) = 0;
|
| -
|
| - // Get the application level protocol that we negotiated with the server.
|
| - // *proto is set to the resulting protocol (n.b. that the string may have
|
| - // embedded NULs).
|
| - // kNextProtoUnsupported: *proto is cleared.
|
| - // kNextProtoNegotiated: *proto is set to the negotiated protocol.
|
| - // kNextProtoNoOverlap: *proto is set to the first protocol in the
|
| - // supported list.
|
| - virtual NextProtoStatus GetNextProto(std::string* proto) = 0;
|
| -
|
| - static NextProto NextProtoFromString(const std::string& proto_string);
|
| -
|
| - static const char* NextProtoToString(NextProto next_proto);
|
| -
|
| - static const char* NextProtoStatusToString(const NextProtoStatus status);
|
| -
|
| - static bool IgnoreCertError(int error, int load_flags);
|
| -
|
| - // ClearSessionCache clears the SSL session cache, used to resume SSL
|
| - // sessions.
|
| - static void ClearSessionCache();
|
| -
|
| - // Get the maximum SSL version supported by the underlying library and
|
| - // cryptographic implementation.
|
| - static uint16 GetMaxSupportedSSLVersion();
|
| -
|
| - virtual bool set_was_npn_negotiated(bool negotiated);
|
| -
|
| - virtual bool was_spdy_negotiated() const;
|
| -
|
| - virtual bool set_was_spdy_negotiated(bool negotiated);
|
| -
|
| - virtual void set_protocol_negotiated(NextProto protocol_negotiated);
|
| -
|
| - void set_negotiation_extension(SSLNegotiationExtension negotiation_extension);
|
| -
|
| - // Returns the ChannelIDService used by this socket, or NULL if
|
| - // channel ids are not supported.
|
| - virtual ChannelIDService* GetChannelIDService() const = 0;
|
| -
|
| - // Returns true if a channel ID was sent on this connection.
|
| - // This may be useful for protocols, like SPDY, which allow the same
|
| - // connection to be shared between multiple domains, each of which need
|
| - // a channel ID.
|
| - //
|
| - // Public for ssl_client_socket_openssl_unittest.cc.
|
| - virtual bool WasChannelIDSent() const;
|
| -
|
| - // Record which TLS extension was used to negotiate protocol and protocol
|
| - // chosen in a UMA histogram.
|
| - void RecordNegotiationExtension();
|
| -
|
| - protected:
|
| - virtual void set_channel_id_sent(bool channel_id_sent);
|
| -
|
| - virtual void set_signed_cert_timestamps_received(
|
| - bool signed_cert_timestamps_received);
|
| -
|
| - virtual void set_stapled_ocsp_response_received(
|
| - bool stapled_ocsp_response_received);
|
| -
|
| - // Records histograms for channel id support during full handshakes - resumed
|
| - // handshakes are ignored.
|
| - static void RecordChannelIDSupport(
|
| - ChannelIDService* channel_id_service,
|
| - bool negotiated_channel_id,
|
| - bool channel_id_enabled,
|
| - bool supports_ecc);
|
| -
|
| - // Records ConnectionType histograms for a successful SSL connection.
|
| - static void RecordConnectionTypeMetrics(int ssl_version);
|
| -
|
| - // Returns whether TLS channel ID is enabled.
|
| - static bool IsChannelIDEnabled(
|
| - const SSLConfig& ssl_config,
|
| - ChannelIDService* channel_id_service);
|
| -
|
| - // Determine if there is at least one enabled cipher suite that satisfies
|
| - // Section 9.2 of the HTTP/2 specification. Note that the server might still
|
| - // pick an inadequate cipher suite.
|
| - static bool HasCipherAdequateForHTTP2(
|
| - const std::vector<uint16>& cipher_suites);
|
| -
|
| - // Determine if the TLS version required by Section 9.2 of the HTTP/2
|
| - // specification is enabled. Note that the server might still pick an
|
| - // inadequate TLS version.
|
| - static bool IsTLSVersionAdequateForHTTP2(const SSLConfig& ssl_config);
|
| -
|
| - // Serializes |next_protos| in the wire format for ALPN: protocols are listed
|
| - // in order, each prefixed by a one-byte length. Any HTTP/2 protocols in
|
| - // |next_protos| are ignored if |can_advertise_http2| is false.
|
| - static std::vector<uint8_t> SerializeNextProtos(
|
| - const NextProtoVector& next_protos,
|
| - bool can_advertise_http2);
|
| -
|
| - // For unit testing only.
|
| - // Returns the unverified certificate chain as presented by server.
|
| - // Note that chain may be different than the verified chain returned by
|
| - // StreamSocket::GetSSLInfo().
|
| - virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain()
|
| - const = 0;
|
| -
|
| - private:
|
| - FRIEND_TEST_ALL_PREFIXES(SSLClientSocket, SerializeNextProtos);
|
| - // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_.
|
| - FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
|
| - ConnectSignedCertTimestampsEnabledTLSExtension);
|
| - FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
|
| - ConnectSignedCertTimestampsEnabledOCSP);
|
| - FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
|
| - ConnectSignedCertTimestampsDisabled);
|
| - FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
|
| - VerifyServerChainProperlyOrdered);
|
| -
|
| - // True if NPN was responded to, independent of selecting SPDY or HTTP.
|
| - bool was_npn_negotiated_;
|
| - // True if NPN successfully negotiated SPDY.
|
| - bool was_spdy_negotiated_;
|
| - // Protocol that we negotiated with the server.
|
| - NextProto protocol_negotiated_;
|
| - // True if a channel ID was sent.
|
| - bool channel_id_sent_;
|
| - // True if SCTs were received via a TLS extension.
|
| - bool signed_cert_timestamps_received_;
|
| - // True if a stapled OCSP response was received.
|
| - bool stapled_ocsp_response_received_;
|
| - // Protocol negotiation extension used.
|
| - SSLNegotiationExtension negotiation_extension_;
|
| -};
|
| -
|
| -} // namespace net
|
| -
|
| -#endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_
|
|
|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master