diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-30 20:40:53 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-30 20:40:53 +0000 |
| commit | 644bdcae0edf0cfa3ac9644edf3b52a0d3162489 (patch) | |
| tree | 64b3ab5519929c10d59e3b58f4415ffdafcde2c8 /net/base | |
| parent | 48f619d8bd9a264f14ce4b62a935e05df015432b (diff) | |
| download | chromium_src-644bdcae0edf0cfa3ac9644edf3b52a0d3162489.zip chromium_src-644bdcae0edf0cfa3ac9644edf3b52a0d3162489.tar.gz chromium_src-644bdcae0edf0cfa3ac9644edf3b52a0d3162489.tar.bz2 | |
Linux: add next-protocol-negotiation to libssl.
This is an experimental, client only implementation of
next-protocol-negotiation:
http://www.imperialviolet.org/binary/draft-agl-tls-nextprotoneg-00.html
This only affects the internal copy of libssl and is only active when
built with use_system_ssl=0, which is not currently the default.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33327 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/ssl_config_service.h | 11 | ||||
| -rw-r--r-- | net/base/ssl_info.h | 20 |
2 files changed, 29 insertions, 2 deletions
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index a4d3cb4..45c1fc6 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -18,7 +18,8 @@ struct SSLConfig { // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. SSLConfig() : rev_checking_enabled(true), ssl2_enabled(false), ssl3_enabled(true), - tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) { + tls1_enabled(true), send_client_cert(false), verify_ev_cert(false), + next_protos("\007http1.1") { } bool rev_checking_enabled; // True if server certificate revocation @@ -57,6 +58,14 @@ struct SSLConfig { bool verify_ev_cert; // True if we should verify the certificate for EV. + // The list of application level protocols supported. If set, this will + // enable Next Protocol Negotiation (if supported). This is a list of 8-bit + // length prefixed strings. The order of the protocols doesn't matter expect + // for one case: if the server supports Next Protocol Negotiation, but there + // is no overlap between the server's and client's protocol sets, then the + // first protocol in this list will be requested by the client. + std::string next_protos; + scoped_refptr<X509Certificate> client_cert; }; diff --git a/net/base/ssl_info.h b/net/base/ssl_info.h index 203b6de..5b637c7 100644 --- a/net/base/ssl_info.h +++ b/net/base/ssl_info.h @@ -5,6 +5,8 @@ #ifndef NET_BASE_SSL_INFO_H_ #define NET_BASE_SSL_INFO_H_ +#include <string> + #include "net/base/cert_status_flags.h" #include "net/base/x509_certificate.h" @@ -14,12 +16,25 @@ namespace net { // This is really a struct. All members are public. class SSLInfo { public: - SSLInfo() : cert_status(0), security_bits(-1) { } + // Next Protocol Negotiation (NPN) allows a TLS client and server to come to + // an agreement about the application level protocol to speak over a + // connection. See also the next_protos field in SSLConfig. + enum NextProtoStatus { + kNextProtoUnsupported = 0, // The server doesn't support NPN. + kNextProtoNegotiated = 1, // We agreed on a protocol, see next_proto + kNextProtoNoOverlap = 2, // No protocols in common. We requested + // |next_proto|. + }; + + SSLInfo() : cert_status(0), security_bits(-1), + next_proto_status(kNextProtoUnsupported) { } void Reset() { cert = NULL; security_bits = -1; cert_status = 0; + next_proto.clear(); + next_proto_status = kNextProtoUnsupported; } bool is_valid() const { return cert != NULL; } @@ -41,6 +56,9 @@ class SSLInfo { // 0 means the connection is not encrypted. // -1 means the security strength is unknown. int security_bits; + + NextProtoStatus next_proto_status; // One of kNextProto* + std::string next_proto; // The negotiated protocol, if any. }; } // namespace net |