Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(294)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/net/ssl_config_service_manager_pref.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: rebase Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/browser/prefs/command_line_pref_store.cc » ('j') | net/socket/ssl_client_socket_openssl.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 #include "chrome/browser/net/ssl_config_service_manager.h" 4 #include "chrome/browser/net/ssl_config_service_manager.h"
5 5
6 #include <algorithm> 6 #include <algorithm>
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after
151 void OnDisabledCipherSuitesChange(PrefService* local_state); 151 void OnDisabledCipherSuitesChange(PrefService* local_state);
152 152
153 PrefChangeRegistrar local_state_change_registrar_; 153 PrefChangeRegistrar local_state_change_registrar_;
154 154
155 // The local_state prefs (should only be accessed from UI thread) 155 // The local_state prefs (should only be accessed from UI thread)
156 BooleanPrefMember rev_checking_enabled_; 156 BooleanPrefMember rev_checking_enabled_;
157 BooleanPrefMember rev_checking_required_local_anchors_; 157 BooleanPrefMember rev_checking_required_local_anchors_;
158 StringPrefMember ssl_version_min_; 158 StringPrefMember ssl_version_min_;
159 StringPrefMember ssl_version_max_; 159 StringPrefMember ssl_version_max_;
160 StringPrefMember ssl_version_fallback_min_; 160 StringPrefMember ssl_version_fallback_min_;
161 BooleanPrefMember token_binding_enabled_;
161 162
162 // The cached list of disabled SSL cipher suites. 163 // The cached list of disabled SSL cipher suites.
163 std::vector<uint16> disabled_cipher_suites_; 164 std::vector<uint16> disabled_cipher_suites_;
164 165
165 scoped_refptr<SSLConfigServicePref> ssl_config_service_; 166 scoped_refptr<SSLConfigServicePref> ssl_config_service_;
166 167
167 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); 168 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
168 }; 169 };
169 170
170 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( 171 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
(...skipping 11 matching lines...) Expand all
182 rev_checking_required_local_anchors_.Init( 183 rev_checking_required_local_anchors_.Init(
183 prefs::kCertRevocationCheckingRequiredLocalAnchors, 184 prefs::kCertRevocationCheckingRequiredLocalAnchors,
184 local_state, 185 local_state,
185 local_state_callback); 186 local_state_callback);
186 ssl_version_min_.Init( 187 ssl_version_min_.Init(
187 prefs::kSSLVersionMin, local_state, local_state_callback); 188 prefs::kSSLVersionMin, local_state, local_state_callback);
188 ssl_version_max_.Init( 189 ssl_version_max_.Init(
189 prefs::kSSLVersionMax, local_state, local_state_callback); 190 prefs::kSSLVersionMax, local_state, local_state_callback);
190 ssl_version_fallback_min_.Init( 191 ssl_version_fallback_min_.Init(
191 prefs::kSSLVersionFallbackMin, local_state, local_state_callback); 192 prefs::kSSLVersionFallbackMin, local_state, local_state_callback);
193 token_binding_enabled_.Init(
194 prefs::kEnableTokenBinding, local_state, local_state_callback);
192 195
193 local_state_change_registrar_.Init(local_state); 196 local_state_change_registrar_.Init(local_state);
194 local_state_change_registrar_.Add( 197 local_state_change_registrar_.Add(
195 prefs::kCipherSuiteBlacklist, local_state_callback); 198 prefs::kCipherSuiteBlacklist, local_state_callback);
196 199
197 OnDisabledCipherSuitesChange(local_state); 200 OnDisabledCipherSuitesChange(local_state);
198 201
199 // Initialize from UI thread. This is okay as there shouldn't be anything on 202 // Initialize from UI thread. This is okay as there shouldn't be anything on
200 // the IO thread trying to access it yet. 203 // the IO thread trying to access it yet.
201 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); 204 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_);
202 } 205 }
203 206
204 // static 207 // static
205 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { 208 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
206 net::SSLConfig default_config; 209 net::SSLConfig default_config;
207 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, 210 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
208 default_config.rev_checking_enabled); 211 default_config.rev_checking_enabled);
209 registry->RegisterBooleanPref( 212 registry->RegisterBooleanPref(
210 prefs::kCertRevocationCheckingRequiredLocalAnchors, 213 prefs::kCertRevocationCheckingRequiredLocalAnchors,
211 default_config.rev_checking_required_local_anchors); 214 default_config.rev_checking_required_local_anchors);
212 registry->RegisterStringPref(prefs::kSSLVersionMin, std::string()); 215 registry->RegisterStringPref(prefs::kSSLVersionMin, std::string());
213 registry->RegisterStringPref(prefs::kSSLVersionMax, std::string()); 216 registry->RegisterStringPref(prefs::kSSLVersionMax, std::string());
214 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); 217 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string());
218 registry->RegisterBooleanPref(
219 prefs::kEnableTokenBinding,
220 default_config.token_binding_params.size() == 1 &&
221 default_config.token_binding_params[0] ==
222 net::TB_PARAM_ECDSAP256_SHA256);
davidben 2015/10/01 16:15:17 Hrm. Both versions are sort of odd, if the default
nharper 2015/10/01 19:12:23 I agree that this check is odd, and when consideri
davidben 2015/10/15 21:52:08 I think we should at least have the DCHECK then, o
nharper 2015/10/20 22:52:18 It sounds to me like this should be removed from t
215 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); 223 registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
216 } 224 }
217 225
218 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { 226 net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
219 return ssl_config_service_.get(); 227 return ssl_config_service_.get();
220 } 228 }
221 229
222 void SSLConfigServiceManagerPref::OnPreferenceChanged( 230 void SSLConfigServiceManagerPref::OnPreferenceChanged(
223 PrefService* prefs, 231 PrefService* prefs,
224 const std::string& pref_name_in) { 232 const std::string& pref_name_in) {
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
265 config->version_min = version_min; 273 config->version_min = version_min;
266 } 274 }
267 if (version_max) { 275 if (version_max) {
268 uint16 supported_version_max = config->version_max; 276 uint16 supported_version_max = config->version_max;
269 config->version_max = std::min(supported_version_max, version_max); 277 config->version_max = std::min(supported_version_max, version_max);
270 } 278 }
271 if (version_fallback_min) { 279 if (version_fallback_min) {
272 config->version_fallback_min = version_fallback_min; 280 config->version_fallback_min = version_fallback_min;
273 } 281 }
274 config->disabled_cipher_suites = disabled_cipher_suites_; 282 config->disabled_cipher_suites = disabled_cipher_suites_;
283 if (token_binding_enabled_.GetValue()) {
284 config->token_binding_params.clear();
285 config->token_binding_params.push_back(net::TB_PARAM_ECDSAP256_SHA256);
286 }
275 } 287 }
276 288
277 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( 289 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
278 PrefService* local_state) { 290 PrefService* local_state) {
279 const base::ListValue* value = 291 const base::ListValue* value =
280 local_state->GetList(prefs::kCipherSuiteBlacklist); 292 local_state->GetList(prefs::kCipherSuiteBlacklist);
281 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); 293 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
282 } 294 }
283 295
284 //////////////////////////////////////////////////////////////////////////////// 296 ////////////////////////////////////////////////////////////////////////////////
285 // SSLConfigServiceManager 297 // SSLConfigServiceManager
286 298
287 // static 299 // static
288 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( 300 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
289 PrefService* local_state) { 301 PrefService* local_state) {
290 return new SSLConfigServiceManagerPref(local_state); 302 return new SSLConfigServiceManagerPref(local_state);
291 } 303 }
292 304
293 // static 305 // static
294 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { 306 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
295 SSLConfigServiceManagerPref::RegisterPrefs(registry); 307 SSLConfigServiceManagerPref::RegisterPrefs(registry);
296 } 308 }
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/prefs/command_line_pref_store.cc » ('j') | net/socket/ssl_client_socket_openssl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698