1*6777b538SAndroid Build Coastguard Worker // Copyright 2014 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #include "net/ssl/ssl_config.h" 6*6777b538SAndroid Build Coastguard Worker 7*6777b538SAndroid Build Coastguard Worker #include "net/cert/cert_verifier.h" 8*6777b538SAndroid Build Coastguard Worker 9*6777b538SAndroid Build Coastguard Worker namespace net { 10*6777b538SAndroid Build Coastguard Worker 11*6777b538SAndroid Build Coastguard Worker // Note these lines must be kept in sync with 12*6777b538SAndroid Build Coastguard Worker // services/network/public/mojom/ssl_config.mojom. 13*6777b538SAndroid Build Coastguard Worker const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1_2; 14*6777b538SAndroid Build Coastguard Worker const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_3; 15*6777b538SAndroid Build Coastguard Worker 16*6777b538SAndroid Build Coastguard Worker SSLConfig::CertAndStatus::CertAndStatus() = default; CertAndStatus(scoped_refptr<X509Certificate> cert_arg,CertStatus status)17*6777b538SAndroid Build Coastguard WorkerSSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg, 18*6777b538SAndroid Build Coastguard Worker CertStatus status) 19*6777b538SAndroid Build Coastguard Worker : cert(std::move(cert_arg)), cert_status(status) {} 20*6777b538SAndroid Build Coastguard Worker SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) = default; 21*6777b538SAndroid Build Coastguard Worker SSLConfig::CertAndStatus::~CertAndStatus() = default; 22*6777b538SAndroid Build Coastguard Worker 23*6777b538SAndroid Build Coastguard Worker SSLConfig::SSLConfig() = default; 24*6777b538SAndroid Build Coastguard Worker 25*6777b538SAndroid Build Coastguard Worker SSLConfig::SSLConfig(const SSLConfig& other) = default; 26*6777b538SAndroid Build Coastguard Worker 27*6777b538SAndroid Build Coastguard Worker SSLConfig::~SSLConfig() = default; 28*6777b538SAndroid Build Coastguard Worker IsAllowedBadCert(X509Certificate * cert,CertStatus * cert_status) const29*6777b538SAndroid Build Coastguard Workerbool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 30*6777b538SAndroid Build Coastguard Worker CertStatus* cert_status) const { 31*6777b538SAndroid Build Coastguard Worker for (const auto& allowed_bad_cert : allowed_bad_certs) { 32*6777b538SAndroid Build Coastguard Worker if (cert->EqualsExcludingChain(allowed_bad_cert.cert.get())) { 33*6777b538SAndroid Build Coastguard Worker if (cert_status) 34*6777b538SAndroid Build Coastguard Worker *cert_status = allowed_bad_cert.cert_status; 35*6777b538SAndroid Build Coastguard Worker return true; 36*6777b538SAndroid Build Coastguard Worker } 37*6777b538SAndroid Build Coastguard Worker } 38*6777b538SAndroid Build Coastguard Worker return false; 39*6777b538SAndroid Build Coastguard Worker } 40*6777b538SAndroid Build Coastguard Worker GetCertVerifyFlags() const41*6777b538SAndroid Build Coastguard Workerint SSLConfig::GetCertVerifyFlags() const { 42*6777b538SAndroid Build Coastguard Worker int flags = 0; 43*6777b538SAndroid Build Coastguard Worker if (disable_cert_verification_network_fetches) 44*6777b538SAndroid Build Coastguard Worker flags |= CertVerifier::VERIFY_DISABLE_NETWORK_FETCHES; 45*6777b538SAndroid Build Coastguard Worker 46*6777b538SAndroid Build Coastguard Worker return flags; 47*6777b538SAndroid Build Coastguard Worker } 48*6777b538SAndroid Build Coastguard Worker 49*6777b538SAndroid Build Coastguard Worker } // namespace net 50