diff options
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/ssl_config_service.h | 5 | ||||
| -rw-r--r-- | net/base/ssl_connection_status_flags.h | 31 | ||||
| -rw-r--r-- | net/base/ssl_info.h | 9 |
3 files changed, 42 insertions, 3 deletions
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index d195039..3f0f479 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -18,7 +18,8 @@ struct SSLConfig { // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. SSLConfig() : rev_checking_enabled(true), ssl2_enabled(false), ssl3_enabled(true), - tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) { + tls1_enabled(true), ssl3_fallback(false), send_client_cert(false), + verify_ev_cert(false) { } bool rev_checking_enabled; // True if server certificate revocation @@ -26,6 +27,8 @@ struct SSLConfig { bool ssl2_enabled; // True if SSL 2.0 is enabled. bool ssl3_enabled; // True if SSL 3.0 is enabled. bool tls1_enabled; // True if TLS 1.0 is enabled. + bool ssl3_fallback; // True if we are falling back to SSL 3.0 (one still + // needs to clear tls1_enabled). // TODO(wtc): move the following members to a new SSLParams structure. They // are not SSL configuration settings. diff --git a/net/base/ssl_connection_status_flags.h b/net/base/ssl_connection_status_flags.h new file mode 100644 index 0000000..2618f57 --- /dev/null +++ b/net/base/ssl_connection_status_flags.h @@ -0,0 +1,31 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_BASE_SSL_CONNECTION_STATUS_FLAGS_H_ +#define NET_BASE_SSL_CONNECTION_STATUS_FLAGS_H_ + +namespace net { + +// Status flags for SSLInfo::connection_status. +enum { + // The lower 16 bits are reserved for the TLS ciphersuite id. + SSL_CONNECTION_CIPHERSUITE_SHIFT = 0, + SSL_CONNECTION_CIPHERSUITE_MASK = 0xffff, + + // The next two bits are reserved for the compression used. + SSL_CONNECTION_COMPRESSION_SHIFT = 16, + SSL_CONNECTION_COMPRESSION_MASK = 3, + + // We fell back to SSLv3 for this connection. + SSL_CONNECTION_SSL3_FALLBACK = 1 << 18, + // The server doesn't support the renegotiation_info extension. + SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION = 1 << 19, + + // 1 << 31 (the sign bit) is reserved so that the SSL connection status will + // never be negative. +}; + +} // namespace net + +#endif // NET_BASE_SSL_CONNECTION_STATUS_FLAGS_H_ diff --git a/net/base/ssl_info.h b/net/base/ssl_info.h index 3fe0ce4..280b497 100644 --- a/net/base/ssl_info.h +++ b/net/base/ssl_info.h @@ -16,12 +16,13 @@ namespace net { // This is really a struct. All members are public. class SSLInfo { public: - SSLInfo() : cert_status(0), security_bits(-1) { } + SSLInfo() : cert_status(0), security_bits(-1), connection_status(0) { } void Reset() { cert = NULL; - security_bits = -1; cert_status = 0; + security_bits = -1; + connection_status = 0; } bool is_valid() const { return cert != NULL; } @@ -43,6 +44,10 @@ class SSLInfo { // 0 means the connection is not encrypted. // -1 means the security strength is unknown. int security_bits; + + // Bitmask of information about the SSL connection itself. See + // ssl_connection_status_flags.h for values. + int connection_status; }; } // namespace net |