1 // Copyright 2014 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/ssl/ssl_config.h" 6 7 #include "net/cert/cert_verifier.h" 8 9 namespace net { 10 11 // Note these lines must be kept in sync with 12 // services/network/public/mojom/ssl_config.mojom. 13 const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1_2; 14 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_3; 15 16 SSLConfig::CertAndStatus::CertAndStatus() = default; CertAndStatus(scoped_refptr<X509Certificate> cert_arg,CertStatus status)17SSLConfig::CertAndStatus::CertAndStatus(scoped_refptr<X509Certificate> cert_arg, 18 CertStatus status) 19 : cert(std::move(cert_arg)), cert_status(status) {} 20 SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) = default; 21 SSLConfig::CertAndStatus::~CertAndStatus() = default; 22 23 SSLConfig::SSLConfig() = default; 24 25 SSLConfig::SSLConfig(const SSLConfig& other) = default; 26 27 SSLConfig::~SSLConfig() = default; 28 IsAllowedBadCert(X509Certificate * cert,CertStatus * cert_status) const29bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 30 CertStatus* cert_status) const { 31 for (const auto& allowed_bad_cert : allowed_bad_certs) { 32 if (cert->EqualsExcludingChain(allowed_bad_cert.cert.get())) { 33 if (cert_status) 34 *cert_status = allowed_bad_cert.cert_status; 35 return true; 36 } 37 } 38 return false; 39 } 40 GetCertVerifyFlags() const41int SSLConfig::GetCertVerifyFlags() const { 42 int flags = 0; 43 if (disable_cert_verification_network_fetches) 44 flags |= CertVerifier::VERIFY_DISABLE_NETWORK_FETCHES; 45 46 return flags; 47 } 48 49 } // namespace net 50