Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/base/sslidentity.h

Issue 1683193003: Implement certificate lifetime parameter as required by WebRTC RFC. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Address hbos' feedback Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« webrtc/base/opensslidentity.cc ('K') | « webrtc/base/opensslidentity.cc ('k') | webrtc/base/sslidentity.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/base/sslidentity.h
diff --git a/webrtc/base/sslidentity.h b/webrtc/base/sslidentity.h
index a143ee4108bc4585174e2a19838133273751a5d9..8acee01dfc9f5cb24c39058325a598a5b4745a18 100644
--- a/webrtc/base/sslidentity.h
+++ b/webrtc/base/sslidentity.h
@@ -125,6 +125,12 @@ static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537
static const int kRsaMinModSize = 1024;
static const int kRsaMaxModSize = 8192;
+// Certificate default validity lifetime.
+static const int CERTIFICATE_LIFETIME = 60*60*24*30; // 30 days, arbitrarily
tommi 2016/02/11 16:59:30 spaces around operators. Also, this should be kCer
torbjorng (webrtc) 2016/02/12 10:54:32 Done.
+// Certificate validity window.
+// This is to compensate for slightly incorrect system clocks.
+static const int CERTIFICATE_WINDOW = -60*60*24;
tommi 2016/02/11 16:59:30 same thing here
torbjorng (webrtc) 2016/02/12 10:54:32 Done.
+
struct RSAParams {
unsigned int mod_size;
unsigned int pub_exp;
@@ -189,13 +195,20 @@ class SSLIdentity {
// Returns NULL on failure.
// Caller is responsible for freeing the returned object.
static SSLIdentity* Generate(const std::string& common_name,
hbos 2016/02/11 16:37:04 Add a comment about |certificate_lifetime| and say
tommi 2016/02/11 16:59:30 having dchecks for the expected valid values, help
torbjorng (webrtc) 2016/02/12 10:54:32 Done.
- const KeyParams& key_param);
+ const KeyParams& key_param,
+ time_t certificate_lifetime);
+ static SSLIdentity* Generate(const std::string& common_name,
+ const KeyParams& key_param) {
+ return Generate(common_name, key_param, CERTIFICATE_LIFETIME);
+ }
static SSLIdentity* Generate(const std::string& common_name,
KeyType key_type) {
return Generate(common_name, KeyParams(key_type));
}
// Generates an identity with the specified validity period.
+ // TODO(torbjorng): Now that Generate() accepts relevant params, make tests
+ // use that instead of this function.
static SSLIdentity* GenerateForTest(const SSLIdentityParams& params);
// Construct an identity from a private key and a certificate.
« webrtc/base/opensslidentity.cc ('K') | « webrtc/base/opensslidentity.cc ('k') | webrtc/base/sslidentity.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698