Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(803)

Side by Side Diff: chrome/browser/net/ssl_config_service_manager_pref.cc

Issue 14125003: Do not roll back to SSL 3.0 for Google properties. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Cleanup. Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/browser/net/ssl_config_service_manager_pref_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 #include "chrome/browser/net/ssl_config_service_manager.h" 4 #include "chrome/browser/net/ssl_config_service_manager.h"
5 5
6 #include <algorithm> 6 #include <algorithm>
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after
173 173
174 PrefChangeRegistrar local_state_change_registrar_; 174 PrefChangeRegistrar local_state_change_registrar_;
175 PrefChangeRegistrar user_prefs_change_registrar_; 175 PrefChangeRegistrar user_prefs_change_registrar_;
176 176
177 // The local_state prefs (should only be accessed from UI thread) 177 // The local_state prefs (should only be accessed from UI thread)
178 BooleanPrefMember rev_checking_enabled_; 178 BooleanPrefMember rev_checking_enabled_;
179 StringPrefMember ssl_version_min_; 179 StringPrefMember ssl_version_min_;
180 StringPrefMember ssl_version_max_; 180 StringPrefMember ssl_version_max_;
181 BooleanPrefMember channel_id_enabled_; 181 BooleanPrefMember channel_id_enabled_;
182 BooleanPrefMember ssl_record_splitting_disabled_; 182 BooleanPrefMember ssl_record_splitting_disabled_;
183 BooleanPrefMember unrestricted_ssl3_fallback_enabled_;
183 184
184 // The cached list of disabled SSL cipher suites. 185 // The cached list of disabled SSL cipher suites.
185 std::vector<uint16> disabled_cipher_suites_; 186 std::vector<uint16> disabled_cipher_suites_;
186 187
187 // The user_prefs prefs (should only be accessed from UI thread). 188 // The user_prefs prefs (should only be accessed from UI thread).
188 // |have_user_prefs_| will be false if no user_prefs are associated with this 189 // |have_user_prefs_| will be false if no user_prefs are associated with this
189 // instance. 190 // instance.
190 bool have_user_prefs_; 191 bool have_user_prefs_;
191 BooleanPrefMember block_third_party_cookies_; 192 BooleanPrefMember block_third_party_cookies_;
192 193
(...skipping 19 matching lines...) Expand all
212 rev_checking_enabled_.Init( 213 rev_checking_enabled_.Init(
213 prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback); 214 prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback);
214 ssl_version_min_.Init( 215 ssl_version_min_.Init(
215 prefs::kSSLVersionMin, local_state, local_state_callback); 216 prefs::kSSLVersionMin, local_state, local_state_callback);
216 ssl_version_max_.Init( 217 ssl_version_max_.Init(
217 prefs::kSSLVersionMax, local_state, local_state_callback); 218 prefs::kSSLVersionMax, local_state, local_state_callback);
218 channel_id_enabled_.Init( 219 channel_id_enabled_.Init(
219 prefs::kEnableOriginBoundCerts, local_state, local_state_callback); 220 prefs::kEnableOriginBoundCerts, local_state, local_state_callback);
220 ssl_record_splitting_disabled_.Init( 221 ssl_record_splitting_disabled_.Init(
221 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); 222 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
223 unrestricted_ssl3_fallback_enabled_.Init(
224 prefs::kEnableUnrestrictedSSL3Fallback, local_state,
225 local_state_callback);
222 226
223 local_state_change_registrar_.Init(local_state); 227 local_state_change_registrar_.Init(local_state);
224 local_state_change_registrar_.Add( 228 local_state_change_registrar_.Add(
225 prefs::kCipherSuiteBlacklist, local_state_callback); 229 prefs::kCipherSuiteBlacklist, local_state_callback);
226 230
227 OnDisabledCipherSuitesChange(local_state); 231 OnDisabledCipherSuitesChange(local_state);
228 232
229 if (user_prefs) { 233 if (user_prefs) {
230 PrefChangeRegistrar::NamedChangeCallback user_prefs_callback = base::Bind( 234 PrefChangeRegistrar::NamedChangeCallback user_prefs_callback = base::Bind(
231 &SSLConfigServiceManagerPref::OnPreferenceChanged, 235 &SSLConfigServiceManagerPref::OnPreferenceChanged,
(...skipping 21 matching lines...) Expand all
253 std::string version_min_str = 257 std::string version_min_str =
254 SSLProtocolVersionToString(default_config.version_min); 258 SSLProtocolVersionToString(default_config.version_min);
255 std::string version_max_str = 259 std::string version_max_str =
256 SSLProtocolVersionToString(default_config.version_max); 260 SSLProtocolVersionToString(default_config.version_max);
257 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); 261 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str);
258 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); 262 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str);
259 registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts, 263 registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts,
260 default_config.channel_id_enabled); 264 default_config.channel_id_enabled);
261 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, 265 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
262 !default_config.false_start_enabled); 266 !default_config.false_start_enabled);
267 registry->RegisterBooleanPref(prefs::kEnableUnrestrictedSSL3Fallback,
268 default_config.unrestricted_ssl3_fallback_enabled);
263 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); 269 registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
264 } 270 }
265 271
266 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { 272 net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
267 return ssl_config_service_; 273 return ssl_config_service_;
268 } 274 }
269 275
270 void SSLConfigServiceManagerPref::OnPreferenceChanged( 276 void SSLConfigServiceManagerPref::OnPreferenceChanged(
271 PrefService* prefs, 277 PrefService* prefs,
272 const std::string& pref_name_in) { 278 const std::string& pref_name_in) {
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
314 uint16 supported_version_max = config->version_max; 320 uint16 supported_version_max = config->version_max;
315 config->version_max = std::min(supported_version_max, version_max); 321 config->version_max = std::min(supported_version_max, version_max);
316 } 322 }
317 config->disabled_cipher_suites = disabled_cipher_suites_; 323 config->disabled_cipher_suites = disabled_cipher_suites_;
318 config->channel_id_enabled = channel_id_enabled_.GetValue(); 324 config->channel_id_enabled = channel_id_enabled_.GetValue();
319 if (have_user_prefs_ && 325 if (have_user_prefs_ &&
320 (cookies_disabled_ || block_third_party_cookies_.GetValue())) 326 (cookies_disabled_ || block_third_party_cookies_.GetValue()))
321 config->channel_id_enabled = false; 327 config->channel_id_enabled = false;
322 // disabling False Start also happens to disable record splitting. 328 // disabling False Start also happens to disable record splitting.
323 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); 329 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
330 config->unrestricted_ssl3_fallback_enabled =
331 unrestricted_ssl3_fallback_enabled_.GetValue();
324 SSLConfigServicePref::SetSSLConfigFlags(config); 332 SSLConfigServicePref::SetSSLConfigFlags(config);
325 } 333 }
326 334
327 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( 335 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
328 PrefService* local_state) { 336 PrefService* local_state) {
329 const ListValue* value = local_state->GetList(prefs::kCipherSuiteBlacklist); 337 const ListValue* value = local_state->GetList(prefs::kCipherSuiteBlacklist);
330 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); 338 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
331 } 339 }
332 340
333 void SSLConfigServiceManagerPref::OnDefaultContentSettingsChange( 341 void SSLConfigServiceManagerPref::OnDefaultContentSettingsChange(
(...skipping 15 matching lines...) Expand all
349 // static 357 // static
350 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( 358 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
351 PrefService* local_state, PrefService* user_prefs) { 359 PrefService* local_state, PrefService* user_prefs) {
352 return new SSLConfigServiceManagerPref(local_state, user_prefs); 360 return new SSLConfigServiceManagerPref(local_state, user_prefs);
353 } 361 }
354 362
355 // static 363 // static
356 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { 364 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
357 SSLConfigServiceManagerPref::RegisterPrefs(registry); 365 SSLConfigServiceManagerPref::RegisterPrefs(registry);
358 } 366 }
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/net/ssl_config_service_manager_pref_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698