diff options
| author | rkn@chromium.org <rkn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-22 19:24:38 +0000 |
|---|---|---|
| committer | rkn@chromium.org <rkn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-22 19:24:38 +0000 |
| commit | 2fb7e3bad4942773fe363cf776238a5a9a408f1d (patch) | |
| tree | ace7084776a1f1679a302dd09a6f5467bde773b1 /net/base | |
| parent | 66aa024583499d3d9dcea971900817e65b3cb052 (diff) | |
| download | chromium_src-2fb7e3bad4942773fe363cf776238a5a9a408f1d.zip chromium_src-2fb7e3bad4942773fe363cf776238a5a9a408f1d.tar.gz chromium_src-2fb7e3bad4942773fe363cf776238a5a9a408f1d.tar.bz2 | |
Added client-side support for the TLS cached info
extension. This feature is disabled by default and
enabled by the flag --enable-cached-info.
BUG=84920
TEST=None
Review URL: http://codereview.chromium.org/7058049
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90066 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/ssl_config_service.cc | 14 | ||||
| -rw-r--r-- | net/base/ssl_config_service.h | 6 |
2 files changed, 19 insertions, 1 deletions
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc index 56ad78a..5fe01cf 100644 --- a/net/base/ssl_config_service.cc +++ b/net/base/ssl_config_service.cc @@ -16,7 +16,7 @@ SSLConfig::CertAndStatus::~CertAndStatus() {} SSLConfig::SSLConfig() : rev_checking_enabled(true), ssl3_enabled(true), tls1_enabled(true), - dns_cert_provenance_checking_enabled(false), + dns_cert_provenance_checking_enabled(false), cached_info_enabled(false), false_start_enabled(true), send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) { } @@ -46,6 +46,7 @@ bool SSLConfigService::IsKnownFalseStartIncompatibleServer( return SSLFalseStartBlacklist::IsMember(hostname.c_str()); } +static bool g_cached_info_enabled = false; static bool g_false_start_enabled = true; static bool g_dns_cert_provenance_checking = false; @@ -69,6 +70,16 @@ bool SSLConfigService::dns_cert_provenance_checking_enabled() { return g_dns_cert_provenance_checking; } +// static +void SSLConfigService::EnableCachedInfo() { + g_cached_info_enabled = true; +} + +// static +bool SSLConfigService::cached_info_enabled() { + return g_cached_info_enabled; +} + void SSLConfigService::AddObserver(Observer* observer) { observer_list_.AddObserver(observer); } @@ -85,6 +96,7 @@ void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { ssl_config->false_start_enabled = g_false_start_enabled; ssl_config->dns_cert_provenance_checking_enabled = g_dns_cert_provenance_checking; + ssl_config->cached_info_enabled = g_cached_info_enabled; } void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index c44937e..2b2e28a 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -57,6 +57,7 @@ struct NET_API SSLConfig { // TODO(rsleevi): Not implemented when using Schannel. std::vector<uint16> disabled_cipher_suites; + bool cached_info_enabled; // True if TLS cached info extension is enabled. bool false_start_enabled; // True if we'll use TLS False Start. // TODO(wtc): move the following members to a new SSLParams structure. They @@ -142,6 +143,11 @@ class NET_API SSLConfigService static void EnableDNSCertProvenanceChecking(); static bool dns_cert_provenance_checking_enabled(); + // Enables the TLS cached info extension, which allows the server to send + // just a digest of its certificate chain. + static void EnableCachedInfo(); + static bool cached_info_enabled(); + // Is SNI available in this configuration? static bool IsSNIAvailable(SSLConfigService* service); |