diff options
| author | ekasper@google.com <ekasper@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-13 19:57:48 +0000 |
|---|---|---|
| committer | ekasper@google.com <ekasper@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-13 19:57:48 +0000 |
| commit | 9a72d237330d80648f93b2e466d5027b9ce8bb2a (patch) | |
| tree | 10c449fbd40cba62d54916af30c81b106536b46a /net/socket/ssl_client_socket.h | |
| parent | b4c4dc526a5163fafc4430ee190a4ee075efc543 (diff) | |
| download | chromium_src-9a72d237330d80648f93b2e466d5027b9ce8bb2a.zip chromium_src-9a72d237330d80648f93b2e466d5027b9ce8bb2a.tar.gz chromium_src-9a72d237330d80648f93b2e466d5027b9ce8bb2a.tar.bz2 | |
Extract Certificate Transparency SCTs from stapled OCSP responses
BUG=309578
Review URL: https://codereview.chromium.org/92443002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240721 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket.h')
| -rw-r--r-- | net/socket/ssl_client_socket.h | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h index 40840e4..410062d 100644 --- a/net/socket/ssl_client_socket.h +++ b/net/socket/ssl_client_socket.h @@ -7,6 +7,7 @@ #include <string> +#include "base/gtest_prod_util.h" #include "net/base/completion_callback.h" #include "net/base/load_flags.h" #include "net/base/net_errors.h" @@ -131,18 +132,15 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { // Public for ssl_client_socket_openssl_unittest.cc. virtual bool WasChannelIDSent() const; - // Returns true if the server sent Certificate Transparency SCTs - // via a TLS extension. - // Temporary glue for testing while the CT code hasn't landed. - // TODO(ekasper): expose received SCTs via SSLInfo instead. - virtual bool WereSignedCertTimestampsReceived() const; - protected: virtual void set_channel_id_sent(bool channel_id_sent); virtual void set_signed_cert_timestamps_received( bool signed_cert_timestamps_received); + virtual void set_stapled_ocsp_response_received( + bool stapled_ocsp_response_received); + // Records histograms for channel id support during full handshakes - resumed // handshakes are ignored. static void RecordChannelIDSupport( @@ -157,6 +155,14 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { ServerBoundCertService* server_bound_cert_service); private: + // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_. + FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, + ConnectSignedCertTimestampsEnabledTLSExtension); + FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, + ConnectSignedCertTimestampsEnabledOCSP); + FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, + ConnectSignedCertTimestampsDisabled); + // True if NPN was responded to, independent of selecting SPDY or HTTP. bool was_npn_negotiated_; // True if NPN successfully negotiated SPDY. @@ -167,6 +173,8 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { bool channel_id_sent_; // True if SCTs were received via a TLS extension. bool signed_cert_timestamps_received_; + // True if a stapled OCSP response was received. + bool stapled_ocsp_response_received_; }; } // namespace net |