1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/ssl/ssl_config.h" 6 7#if defined(USE_OPENSSL) 8#include <openssl/ssl.h> 9#endif 10 11namespace net { 12 13const uint16 kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_SSL3; 14 15const uint16 kDefaultSSLVersionMax = 16#if defined(USE_OPENSSL) 17#if defined(SSL_OP_NO_TLSv1_2) 18 SSL_PROTOCOL_VERSION_TLS1_2; 19#elif defined(SSL_OP_NO_TLSv1_1) 20 SSL_PROTOCOL_VERSION_TLS1_1; 21#else 22 SSL_PROTOCOL_VERSION_TLS1; 23#endif 24#else 25 SSL_PROTOCOL_VERSION_TLS1_2; 26#endif 27 28const uint16 kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1; 29 30SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} 31 32SSLConfig::CertAndStatus::~CertAndStatus() {} 33 34SSLConfig::SSLConfig() 35 : rev_checking_enabled(false), 36 rev_checking_required_local_anchors(false), 37 version_min(kDefaultSSLVersionMin), 38 version_max(kDefaultSSLVersionMax), 39 version_fallback_min(kDefaultSSLVersionFallbackMin), 40 channel_id_enabled(true), 41 false_start_enabled(true), 42 signed_cert_timestamps_enabled(true), 43 require_forward_secrecy(false), 44 send_client_cert(false), 45 verify_ev_cert(false), 46 version_fallback(false), 47 cert_io_enabled(true) { 48} 49 50SSLConfig::~SSLConfig() {} 51 52bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 53 CertStatus* cert_status) const { 54 std::string der_cert; 55 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) 56 return false; 57 return IsAllowedBadCert(der_cert, cert_status); 58} 59 60bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, 61 CertStatus* cert_status) const { 62 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { 63 if (der_cert == allowed_bad_certs[i].der_cert) { 64 if (cert_status) 65 *cert_status = allowed_bad_certs[i].cert_status; 66 return true; 67 } 68 } 69 return false; 70} 71 72} // namespace net 73