diff options
Diffstat (limited to 'chromium/net/ssl/ssl_config_service.cc')
-rw-r--r-- | chromium/net/ssl/ssl_config_service.cc | 95 |
1 files changed, 1 insertions, 94 deletions
diff --git a/chromium/net/ssl/ssl_config_service.cc b/chromium/net/ssl/ssl_config_service.cc index a28c46d97d7..cd2a00dc6da 100644 --- a/chromium/net/ssl/ssl_config_service.cc +++ b/chromium/net/ssl/ssl_config_service.cc @@ -5,82 +5,15 @@ #include "net/ssl/ssl_config_service.h" #include "base/lazy_instance.h" -#include "base/memory/ref_counted.h" #include "base/synchronization/lock.h" -#include "net/cert/crl_set.h" #include "net/ssl/ssl_config_service_defaults.h" -#if defined(USE_OPENSSL) -#include <openssl/ssl.h> -#endif - namespace net { -static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3; - -static uint16 g_default_version_max = -#if defined(USE_OPENSSL) -#if defined(SSL_OP_NO_TLSv1_2) - SSL_PROTOCOL_VERSION_TLS1_2; -#elif defined(SSL_OP_NO_TLSv1_1) - SSL_PROTOCOL_VERSION_TLS1_1; -#else - SSL_PROTOCOL_VERSION_TLS1; -#endif -#else - SSL_PROTOCOL_VERSION_TLS1_2; -#endif - -SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} - -SSLConfig::CertAndStatus::~CertAndStatus() {} - -SSLConfig::SSLConfig() - : rev_checking_enabled(false), - rev_checking_required_local_anchors(false), - version_min(g_default_version_min), - version_max(g_default_version_max), - cached_info_enabled(false), - channel_id_enabled(true), - false_start_enabled(true), - signed_cert_timestamps_enabled(true), - require_forward_secrecy(false), - unrestricted_ssl3_fallback_enabled(false), - send_client_cert(false), - verify_ev_cert(false), - version_fallback(false), - cert_io_enabled(true) { -} - -SSLConfig::~SSLConfig() { -} - -bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, - CertStatus* cert_status) const { - std::string der_cert; - if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) - return false; - return IsAllowedBadCert(der_cert, cert_status); -} - -bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, - CertStatus* cert_status) const { - for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { - if (der_cert == allowed_bad_certs[i].der_cert) { - if (cert_status) - *cert_status = allowed_bad_certs[i].cert_status; - return true; - } - } - return false; -} - SSLConfigService::SSLConfigService() : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { } -static bool g_cached_info_enabled = false; - // GlobalCRLSet holds a reference to the global CRLSet. It simply wraps a lock // around a scoped_refptr so that getting a reference doesn't race with // updating the CRLSet. @@ -114,25 +47,6 @@ scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() { return g_crl_set.Get().Get(); } -void SSLConfigService::EnableCachedInfo() { - g_cached_info_enabled = true; -} - -// static -bool SSLConfigService::cached_info_enabled() { - return g_cached_info_enabled; -} - -// static -uint16 SSLConfigService::default_version_min() { - return g_default_version_min; -} - -// static -uint16 SSLConfigService::default_version_max() { - return g_default_version_max; -} - void SSLConfigService::AddObserver(Observer* observer) { observer_list_.AddObserver(observer); } @@ -148,11 +62,6 @@ void SSLConfigService::NotifySSLConfigChange() { SSLConfigService::~SSLConfigService() { } -// static -void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { - ssl_config->cached_info_enabled = g_cached_info_enabled; -} - void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, const SSLConfig& new_config) { bool config_changed = @@ -166,9 +75,7 @@ void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, (orig_config.channel_id_enabled != new_config.channel_id_enabled) || (orig_config.false_start_enabled != new_config.false_start_enabled) || (orig_config.require_forward_secrecy != - new_config.require_forward_secrecy) || - (orig_config.unrestricted_ssl3_fallback_enabled != - new_config.unrestricted_ssl3_fallback_enabled); + new_config.require_forward_secrecy); if (config_changed) NotifySSLConfigChange(); |