Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1969)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/ssl_config_service_manager_pref.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: rebase Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/prefs/command_line_pref_store.cc » ('j') | net/socket/ssl_client_socket_openssl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/ssl_config_service_manager_pref.cc
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
index 9a400ec275d0dee77974a6f770cad1d94a8c5347..af1fa539f7bd158a4cad75878db861445fcb37b8 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -158,6 +158,7 @@ class SSLConfigServiceManagerPref
StringPrefMember ssl_version_min_;
StringPrefMember ssl_version_max_;
StringPrefMember ssl_version_fallback_min_;
+ BooleanPrefMember token_binding_enabled_;
// The cached list of disabled SSL cipher suites.
std::vector<uint16> disabled_cipher_suites_;
@@ -189,6 +190,8 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
prefs::kSSLVersionMax, local_state, local_state_callback);
ssl_version_fallback_min_.Init(
prefs::kSSLVersionFallbackMin, local_state, local_state_callback);
+ token_binding_enabled_.Init(
+ prefs::kEnableTokenBinding, local_state, local_state_callback);
local_state_change_registrar_.Init(local_state);
local_state_change_registrar_.Add(
@@ -212,6 +215,11 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
registry->RegisterStringPref(prefs::kSSLVersionMin, std::string());
registry->RegisterStringPref(prefs::kSSLVersionMax, std::string());
registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string());
+ registry->RegisterBooleanPref(
+ prefs::kEnableTokenBinding,
+ default_config.token_binding_params.size() == 1 &&
+ default_config.token_binding_params[0] ==
+ net::TB_PARAM_ECDSAP256_SHA256);
davidben 2015/10/01 16:15:17 Hrm. Both versions are sort of odd, if the default
nharper 2015/10/01 19:12:23 I agree that this check is odd, and when consideri
davidben 2015/10/15 21:52:08 I think we should at least have the DCHECK then, o
nharper 2015/10/20 22:52:18 It sounds to me like this should be removed from t
registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
}
@@ -272,6 +280,10 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
config->version_fallback_min = version_fallback_min;
}
config->disabled_cipher_suites = disabled_cipher_suites_;
+ if (token_binding_enabled_.GetValue()) {
+ config->token_binding_params.clear();
+ config->token_binding_params.push_back(net::TB_PARAM_ECDSAP256_SHA256);
+ }
}
void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
« no previous file with comments | « no previous file | chrome/browser/prefs/command_line_pref_store.cc » ('j') | net/socket/ssl_client_socket_openssl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698