Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(107)

Unified Diff: net/base/ssl_cert_request_info.h

Issue 11458012: SSLCertRequestInfo: Add |valid_cas| and |valid_key_types| (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: trivial fix for Linux build Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/base/ssl_cert_request_info.h
diff --git a/net/base/ssl_cert_request_info.h b/net/base/ssl_cert_request_info.h
index 3be3b94259b892cac7ce4a2b796f2de27e388143..46dc3864b4a7ab82c4653dd36152dbd267ebf668 100644
--- a/net/base/ssl_cert_request_info.h
+++ b/net/base/ssl_cert_request_info.h
@@ -10,6 +10,7 @@
#include "base/memory/ref_counted.h"
#include "net/base/net_export.h"
+#include "net/base/ssl_client_cert_type.h"
namespace net {
@@ -31,6 +32,12 @@ class NET_EXPORT SSLCertRequestInfo
// the request. False, if the server was the origin server.
bool is_proxy;
+ // True if |client_certs| is always empty because it is not possible
+ // to generate the list of compatible client certificates before
+ // prompting the user. This happens on Android. In this case, the values
+ // of |valid_cas| and |valid_key_types| must be used instead.
+ bool no_client_certs;
wtc1 2012/12/15 00:56:18 (I didn't read the previous discussions in this co
digit1 2012/12/18 15:19:15 Yes, this is now the plan, first patch to achieve
+
// A list of client certificates that match the server's criteria in the
// SSL CertificateRequest message. In TLS 1.0, the CertificateRequest
// message is defined as:
@@ -47,6 +54,16 @@ class NET_EXPORT SSLCertRequestInfo
// } CertificateRequest;
std::vector<scoped_refptr<X509Certificate> > client_certs;
+#if defined(USE_OPENSSL)
+ // The list of valid certificate authorities the server recognizes.
+ // Each item is a DER-encoded X.509 DistinguishedName.
+ std::vector<std::string> valid_cas;
+
+ // The list of certificate signing key types that the server
+ // supports.
+ std::vector<SSLClientCertType> valid_key_types;
wtc1 2012/12/15 00:56:18 I suggest using the names from the TLS protocol (s
digit1 2012/12/18 15:19:15 I agree, I wasn't really satisfied with these name
+#endif
+
private:
friend class base::RefCountedThreadSafe<SSLCertRequestInfo>;

Powered by Google App Engine
This is Rietveld 408576698