diff options
Diffstat (limited to 'chromium/net/socket/ssl_client_socket.h')
| -rw-r--r-- | chromium/net/socket/ssl_client_socket.h | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/chromium/net/socket/ssl_client_socket.h b/chromium/net/socket/ssl_client_socket.h index 41ee0873347..410062dc5a9 100644 --- a/chromium/net/socket/ssl_client_socket.h +++ b/chromium/net/socket/ssl_client_socket.h @@ -7,6 +7,7 @@ #include <string> +#include "base/gtest_prod_util.h" #include "net/base/completion_callback.h" #include "net/base/load_flags.h" #include "net/base/net_errors.h" @@ -16,8 +17,10 @@ namespace net { class CertVerifier; +class CTVerifier; class ServerBoundCertService; class SSLCertRequestInfo; +struct SSLConfig; class SSLInfo; class TransportSecurityState; @@ -27,20 +30,24 @@ struct SSLClientSocketContext { SSLClientSocketContext() : cert_verifier(NULL), server_bound_cert_service(NULL), - transport_security_state(NULL) {} + transport_security_state(NULL), + cert_transparency_verifier(NULL) {} SSLClientSocketContext(CertVerifier* cert_verifier_arg, ServerBoundCertService* server_bound_cert_service_arg, TransportSecurityState* transport_security_state_arg, + CTVerifier* cert_transparency_verifier_arg, const std::string& ssl_session_cache_shard_arg) : cert_verifier(cert_verifier_arg), server_bound_cert_service(server_bound_cert_service_arg), transport_security_state(transport_security_state_arg), + cert_transparency_verifier(cert_transparency_verifier_arg), ssl_session_cache_shard(ssl_session_cache_shard_arg) {} CertVerifier* cert_verifier; ServerBoundCertService* server_bound_cert_service; TransportSecurityState* transport_security_state; + CTVerifier* cert_transparency_verifier; // ssl_session_cache_shard is an opaque string that identifies a shard of the // SSL session cache. SSL sockets with the same ssl_session_cache_shard may // resume each other's SSL sessions but we'll never sessions between shards. @@ -121,11 +128,41 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { // This may be useful for protocols, like SPDY, which allow the same // connection to be shared between multiple domains, each of which need // a channel ID. + // + // Public for ssl_client_socket_openssl_unittest.cc. virtual bool WasChannelIDSent() const; + protected: virtual void set_channel_id_sent(bool channel_id_sent); + virtual void set_signed_cert_timestamps_received( + bool signed_cert_timestamps_received); + + virtual void set_stapled_ocsp_response_received( + bool stapled_ocsp_response_received); + + // Records histograms for channel id support during full handshakes - resumed + // handshakes are ignored. + static void RecordChannelIDSupport( + ServerBoundCertService* server_bound_cert_service, + bool negotiated_channel_id, + bool channel_id_enabled, + bool supports_ecc); + + // Returns whether TLS channel ID is enabled. + static bool IsChannelIDEnabled( + const SSLConfig& ssl_config, + ServerBoundCertService* server_bound_cert_service); + private: + // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_. + FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, + ConnectSignedCertTimestampsEnabledTLSExtension); + FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, + ConnectSignedCertTimestampsEnabledOCSP); + FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, + ConnectSignedCertTimestampsDisabled); + // True if NPN was responded to, independent of selecting SPDY or HTTP. bool was_npn_negotiated_; // True if NPN successfully negotiated SPDY. @@ -134,6 +171,10 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { NextProto protocol_negotiated_; // True if a channel ID was sent. bool channel_id_sent_; + // True if SCTs were received via a TLS extension. + bool signed_cert_timestamps_received_; + // True if a stapled OCSP response was received. + bool stapled_ocsp_response_received_; }; } // namespace net |