Roll src/third_party/skia 7b05ff1:dab1f60
[chromium-blink-merge.git] / net / ssl / ssl_config.cc
blob79608e1c43bcc338a7704a371c032b11f5fc72c7
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/ssl/ssl_config.h"
7 #include "net/socket/ssl_client_socket.h"
9 namespace net {
11 const uint16 kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1;
13 const uint16 kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1_1;
15 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
17 SSLConfig::CertAndStatus::~CertAndStatus() {}
19 SSLConfig::SSLConfig()
20 : rev_checking_enabled(false),
21 rev_checking_required_local_anchors(false),
22 version_min(kDefaultSSLVersionMin),
23 version_max(SSLClientSocket::GetMaxSupportedSSLVersion()),
24 version_fallback_min(kDefaultSSLVersionFallbackMin),
25 enable_deprecated_cipher_suites(false),
26 channel_id_enabled(true),
27 false_start_enabled(true),
28 signed_cert_timestamps_enabled(true),
29 require_ecdhe(false),
30 send_client_cert(false),
31 verify_ev_cert(false),
32 version_fallback(false),
33 cert_io_enabled(true),
34 renego_allowed_default(false),
35 fastradio_padding_enabled(false),
36 fastradio_padding_eligible(false) {
39 SSLConfig::~SSLConfig() {}
41 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
42 CertStatus* cert_status) const {
43 std::string der_cert;
44 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert))
45 return false;
46 return IsAllowedBadCert(der_cert, cert_status);
49 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert,
50 CertStatus* cert_status) const {
51 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) {
52 if (der_cert == allowed_bad_certs[i].der_cert) {
53 if (cert_status)
54 *cert_status = allowed_bad_certs[i].cert_status;
55 return true;
58 return false;
61 } // namespace net