diff options
| author | ekasper@google.com <ekasper@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-13 19:57:48 +0000 |
|---|---|---|
| committer | ekasper@google.com <ekasper@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-13 19:57:48 +0000 |
| commit | 9a72d237330d80648f93b2e466d5027b9ce8bb2a (patch) | |
| tree | 10c449fbd40cba62d54916af30c81b106536b46a /net/test/spawned_test_server | |
| parent | b4c4dc526a5163fafc4430ee190a4ee075efc543 (diff) | |
| download | chromium_src-9a72d237330d80648f93b2e466d5027b9ce8bb2a.zip chromium_src-9a72d237330d80648f93b2e466d5027b9ce8bb2a.tar.gz chromium_src-9a72d237330d80648f93b2e466d5027b9ce8bb2a.tar.bz2 | |
Extract Certificate Transparency SCTs from stapled OCSP responses
BUG=309578
Review URL: https://codereview.chromium.org/92443002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240721 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/test/spawned_test_server')
| -rw-r--r-- | net/test/spawned_test_server/base_test_server.cc | 17 | ||||
| -rw-r--r-- | net/test/spawned_test_server/base_test_server.h | 9 |
2 files changed, 17 insertions, 9 deletions
diff --git a/net/test/spawned_test_server/base_test_server.cc b/net/test/spawned_test_server/base_test_server.cc index 3b06a0a..ac37c70 100644 --- a/net/test/spawned_test_server/base_test_server.cc +++ b/net/test/spawned_test_server/base_test_server.cc @@ -61,7 +61,8 @@ BaseTestServer::SSLOptions::SSLOptions() bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), record_resume(false), tls_intolerant(TLS_INTOLERANT_NONE), - fallback_scsv_enabled(false) {} + fallback_scsv_enabled(false), + staple_ocsp_response(false) {} BaseTestServer::SSLOptions::SSLOptions( BaseTestServer::SSLOptions::ServerCertificate cert) @@ -72,7 +73,8 @@ BaseTestServer::SSLOptions::SSLOptions( bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), record_resume(false), tls_intolerant(TLS_INTOLERANT_NONE), - fallback_scsv_enabled(false) {} + fallback_scsv_enabled(false), + staple_ocsp_response(false) {} BaseTestServer::SSLOptions::~SSLOptions() {} @@ -400,11 +402,14 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { } if (ssl_options_.fallback_scsv_enabled) arguments->Set("fallback-scsv", base::Value::CreateNullValue()); - if (!ssl_options_.signed_cert_timestamps.empty()) { - std::string b64_scts; - base::Base64Encode(ssl_options_.signed_cert_timestamps, &b64_scts); - arguments->SetString("signed-cert-timestamps", b64_scts); + if (!ssl_options_.signed_cert_timestamps_tls_ext.empty()) { + std::string b64_scts_tls_ext; + base::Base64Encode(ssl_options_.signed_cert_timestamps_tls_ext, + &b64_scts_tls_ext); + arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext); } + if (ssl_options_.staple_ocsp_response) + arguments->Set("staple-ocsp-response", base::Value::CreateNullValue()); } return GenerateAdditionalArguments(arguments); diff --git a/net/test/spawned_test_server/base_test_server.h b/net/test/spawned_test_server/base_test_server.h index bb82ed0..fb8d6ed 100644 --- a/net/test/spawned_test_server/base_test_server.h +++ b/net/test/spawned_test_server/base_test_server.h @@ -155,13 +155,16 @@ class BaseTestServer { // connections. bool fallback_scsv_enabled; - // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in - // a TLS extension. // Temporary glue for testing: validation of SCTs is application-controlled // and can be appropriately mocked out, so sending fake data here does not // affect handshaking behaviour. // TODO(ekasper): replace with valid SCT files for test certs. - std::string signed_cert_timestamps; + // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in + // a TLS extension. + std::string signed_cert_timestamps_tls_ext; + + // Whether to staple the OCSP response. + bool staple_ocsp_response; }; // Pass as the 'host' parameter during construction to server on 127.0.0.1 |