Lots of random cleanups, mostly for native_theme_win.cc:
[chromium-blink-merge.git] / net / ssl / ssl_config.cc
blob02829918ed47248e8f8bebe9febb718319b0f374
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/ssl/ssl_config.h"
7 #if defined(USE_OPENSSL)
8 #include <openssl/ssl.h>
9 #endif
11 namespace net {
13 const uint16 kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_SSL3;
15 const uint16 kDefaultSSLVersionMax =
16 #if defined(USE_OPENSSL)
17 #if defined(SSL_OP_NO_TLSv1_2)
18 SSL_PROTOCOL_VERSION_TLS1_2;
19 #elif defined(SSL_OP_NO_TLSv1_1)
20 SSL_PROTOCOL_VERSION_TLS1_1;
21 #else
22 SSL_PROTOCOL_VERSION_TLS1;
23 #endif
24 #else
25 SSL_PROTOCOL_VERSION_TLS1_2;
26 #endif
28 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
30 SSLConfig::CertAndStatus::~CertAndStatus() {}
32 SSLConfig::SSLConfig()
33 : rev_checking_enabled(false),
34 rev_checking_required_local_anchors(false),
35 version_min(kDefaultSSLVersionMin),
36 version_max(kDefaultSSLVersionMax),
37 channel_id_enabled(true),
38 false_start_enabled(true),
39 signed_cert_timestamps_enabled(true),
40 require_forward_secrecy(false),
41 send_client_cert(false),
42 verify_ev_cert(false),
43 version_fallback(false),
44 cert_io_enabled(true) {
47 SSLConfig::~SSLConfig() {}
49 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
50 CertStatus* cert_status) const {
51 std::string der_cert;
52 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert))
53 return false;
54 return IsAllowedBadCert(der_cert, cert_status);
57 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert,
58 CertStatus* cert_status) const {
59 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {
60 if (der_cert == allowed_bad_certs[i].der_cert) {
61 if (cert_status)
62 *cert_status = allowed_bad_certs[i].cert_status;
63 return true;
66 return false;
69 } // namespace net