net/ssl/ssl_config.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/ssl/ssl_config.h"
   6
   7 namespace net {
   8
   9 const uint16 kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_SSL3;
  10
  11 const uint16 kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2;
  12
  13 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
  14
  15 SSLConfig::CertAndStatus::~CertAndStatus() {}
  16
  17 SSLConfig::SSLConfig()
  18     : rev_checking_enabled(false),
  19       rev_checking_required_local_anchors(false),
  20       version_min(kDefaultSSLVersionMin),
  21       version_max(kDefaultSSLVersionMax),
  22       channel_id_enabled(true),
  23       false_start_enabled(true),
  24       signed_cert_timestamps_enabled(true),
  25       require_forward_secrecy(false),
  26       send_client_cert(false),
  27       verify_ev_cert(false),
  28       version_fallback(false),
  29       cert_io_enabled(true) {
  30 }
  31
  32 SSLConfig::~SSLConfig() {}
  33
  34 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
  35                                  CertStatus* cert_status) const {
  36   std::string der_cert;
  37   if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert))
  38     return false;
  39   return IsAllowedBadCert(der_cert, cert_status);
  40 }
  41
  42 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert,
  43                                  CertStatus* cert_status) const {
  44   for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {
  45     if (der_cert == allowed_bad_certs[i].der_cert) {
  46       if (cert_status)
  47         *cert_status = allowed_bad_certs[i].cert_status;
  48       return true;
  49     }
  50   }
  51   return false;
  52 }
  53
  54 }  // namespace net