1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/ssl/ssl_config.h" 6 7 #if defined(USE_OPENSSL) 8 #include <openssl/ssl.h> 9 #endif 10 11 namespace net { 12 13 const uint16 kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_SSL3; 14 15 const uint16 kDefaultSSLVersionMax = 16 #if defined(USE_OPENSSL) 17 #if defined(SSL_OP_NO_TLSv1_2) 18 SSL_PROTOCOL_VERSION_TLS1_2; 19 #elif defined(SSL_OP_NO_TLSv1_1) 20 SSL_PROTOCOL_VERSION_TLS1_1; 21 #else 22 SSL_PROTOCOL_VERSION_TLS1; 23 #endif 24 #else 25 SSL_PROTOCOL_VERSION_TLS1_2; 26 #endif 27 28 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} 29 30 SSLConfig::CertAndStatus::~CertAndStatus() {} 31 32 SSLConfig::SSLConfig() 33 : rev_checking_enabled(false), 34 rev_checking_required_local_anchors(false), 35 version_min(kDefaultSSLVersionMin), 36 version_max(kDefaultSSLVersionMax), 37 channel_id_enabled(true), 38 false_start_enabled(true), 39 signed_cert_timestamps_enabled(true), 40 require_forward_secrecy(false), 41 send_client_cert(false), 42 verify_ev_cert(false), 43 version_fallback(false), 44 cert_io_enabled(true) { 45 } 46 47 SSLConfig::~SSLConfig() {} 48 49 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 50 CertStatus* cert_status) const { 51 std::string der_cert; 52 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_cert)) 53 return false; 54 return IsAllowedBadCert(der_cert, cert_status); 55 } 56 57 bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert, 58 CertStatus* cert_status) const { 59 for (size_t i = 0; i < allowed_bad_certs.size(); ++i) { 60 if (der_cert == allowed_bad_certs[i].der_cert) { 61 if (cert_status) 62 *cert_status = allowed_bad_certs[i].cert_status; 63 return true; 64 } 65 } 66 return false; 67 } 68 69 } // namespace net 70