Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(191)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service_mac.cc

Issue 4091005: Remove SSL 2.0 support. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Sync with ToT Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_config_service_mac.h ('k') | net/base/ssl_config_service_mac_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/ssl_config_service_mac.h" 5 #include "net/base/ssl_config_service_mac.h"
6 6
7 #include <CoreFoundation/CoreFoundation.h> 7 #include <CoreFoundation/CoreFoundation.h>
8 8
9 #include "base/mac/scoped_cftyperef.h" 9 #include "base/mac/scoped_cftyperef.h"
10 10
11 using base::TimeDelta; 11 using base::TimeDelta;
12 using base::TimeTicks; 12 using base::TimeTicks;
13 13
14 namespace net { 14 namespace net {
15 15
16 namespace { 16 namespace {
17 17
18 static const int kConfigUpdateInterval = 10; // seconds 18 static const int kConfigUpdateInterval = 10; // seconds
19 19
20 static const bool kSSL2EnabledDefaultValue = false;
21 static const bool kSSL3EnabledDefaultValue = true; 20 static const bool kSSL3EnabledDefaultValue = true;
22 static const bool kTLS1EnabledDefaultValue = true; 21 static const bool kTLS1EnabledDefaultValue = true;
23 22
24 static CFStringRef kRevocationPreferencesIdentifier = 23 static CFStringRef kRevocationPreferencesIdentifier =
25 CFSTR("com.apple.security.revocation"); 24 CFSTR("com.apple.security.revocation");
26 static CFStringRef kOCSPStyleKey = CFSTR("OCSPStyle"); 25 static CFStringRef kOCSPStyleKey = CFSTR("OCSPStyle");
27 static CFStringRef kCRLStyleKey = CFSTR("CRLStyle"); 26 static CFStringRef kCRLStyleKey = CFSTR("CRLStyle");
28 static CFStringRef kNoneRevocationValue = CFSTR("None"); 27 static CFStringRef kNoneRevocationValue = CFSTR("None");
29 static CFStringRef kBestAttemptRevocationValue = CFSTR("BestAttempt"); 28 static CFStringRef kBestAttemptRevocationValue = CFSTR("BestAttempt");
30 static CFStringRef kSSL2EnabledKey = CFSTR("org.chromium.ssl.ssl2");
31 static CFStringRef kSSL3EnabledKey = CFSTR("org.chromium.ssl.ssl3"); 29 static CFStringRef kSSL3EnabledKey = CFSTR("org.chromium.ssl.ssl3");
32 static CFStringRef kTLS1EnabledKey = CFSTR("org.chromium.ssl.tls1"); 30 static CFStringRef kTLS1EnabledKey = CFSTR("org.chromium.ssl.tls1");
33 31
34 bool RevocationStyleIsEnabled(CFStringRef key) { 32 bool RevocationStyleIsEnabled(CFStringRef key) {
35 CFPropertyListRef plist_ref = CFPreferencesCopyValue(key, 33 CFPropertyListRef plist_ref = CFPreferencesCopyValue(key,
36 kRevocationPreferencesIdentifier, kCFPreferencesCurrentUser, 34 kRevocationPreferencesIdentifier, kCFPreferencesCurrentUser,
37 kCFPreferencesAnyHost); 35 kCFPreferencesAnyHost);
38 if (plist_ref) { 36 if (plist_ref) {
39 base::mac::ScopedCFTypeRef<CFPropertyListRef> scoped_plist_ref(plist_ref); 37 base::mac::ScopedCFTypeRef<CFPropertyListRef> scoped_plist_ref(plist_ref);
40 if (CFGetTypeID(plist_ref) == CFStringGetTypeID()) { 38 if (CFGetTypeID(plist_ref) == CFStringGetTypeID()) {
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
82 // - None (i.e., disabled, the default) 80 // - None (i.e., disabled, the default)
83 // - BestAttempt 81 // - BestAttempt
84 // - RequireIfPresent 82 // - RequireIfPresent
85 // - RequireForall 83 // - RequireForall
86 // Mac OS X also breaks down revocation check for both CRLs and OCSP. We 84 // Mac OS X also breaks down revocation check for both CRLs and OCSP. We
87 // set our revocation flag if the system-wide settings for either OCSP 85 // set our revocation flag if the system-wide settings for either OCSP
88 // or CRLs is anything other than None. 86 // or CRLs is anything other than None.
89 config->rev_checking_enabled = (RevocationStyleIsEnabled(kOCSPStyleKey) || 87 config->rev_checking_enabled = (RevocationStyleIsEnabled(kOCSPStyleKey) ||
90 RevocationStyleIsEnabled(kCRLStyleKey)); 88 RevocationStyleIsEnabled(kCRLStyleKey));
91 89
92 config->ssl2_enabled = SSLVersionIsEnabled(kSSL2EnabledKey,
93 kSSL2EnabledDefaultValue);
94 config->ssl3_enabled = SSLVersionIsEnabled(kSSL3EnabledKey, 90 config->ssl3_enabled = SSLVersionIsEnabled(kSSL3EnabledKey,
95 kSSL3EnabledDefaultValue); 91 kSSL3EnabledDefaultValue);
96 config->tls1_enabled = SSLVersionIsEnabled(kTLS1EnabledKey, 92 config->tls1_enabled = SSLVersionIsEnabled(kTLS1EnabledKey,
97 kTLS1EnabledDefaultValue); 93 kTLS1EnabledDefaultValue);
98 SSLConfigService::SetSSLConfigFlags(config); 94 SSLConfigService::SetSSLConfigFlags(config);
99 95
100 // TODO(rsleevi): http://crbug.com/58831 - Implement preferences for 96 // TODO(rsleevi): http://crbug.com/58831 - Implement preferences for
101 // disabling cipher suites. 97 // disabling cipher suites.
102 return true; 98 return true;
103 } 99 }
104 100
105 // static 101 // static
106 void SSLConfigServiceMac::SetSSL2Enabled(bool enabled) {
107 CFPreferencesSetAppValue(kSSL2EnabledKey,
108 enabled ? kCFBooleanTrue : kCFBooleanFalse,
109 kCFPreferencesCurrentApplication);
110 CFPreferencesAppSynchronize(kCFPreferencesCurrentApplication);
111 }
112
113 // static
114 void SSLConfigServiceMac::SetSSL3Enabled(bool enabled) { 102 void SSLConfigServiceMac::SetSSL3Enabled(bool enabled) {
115 CFPreferencesSetAppValue(kSSL3EnabledKey, 103 CFPreferencesSetAppValue(kSSL3EnabledKey,
116 enabled ? kCFBooleanTrue : kCFBooleanFalse, 104 enabled ? kCFBooleanTrue : kCFBooleanFalse,
117 kCFPreferencesCurrentApplication); 105 kCFPreferencesCurrentApplication);
118 CFPreferencesAppSynchronize(kCFPreferencesCurrentApplication); 106 CFPreferencesAppSynchronize(kCFPreferencesCurrentApplication);
119 } 107 }
120 108
121 // static 109 // static
122 void SSLConfigServiceMac::SetTLS1Enabled(bool enabled) { 110 void SSLConfigServiceMac::SetTLS1Enabled(bool enabled) {
123 CFPreferencesSetAppValue(kTLS1EnabledKey, 111 CFPreferencesSetAppValue(kTLS1EnabledKey,
(...skipping 20 matching lines...) Expand all
144 void SSLConfigServiceMac::UpdateConfig(TimeTicks now) { 132 void SSLConfigServiceMac::UpdateConfig(TimeTicks now) {
145 SSLConfig orig_config = config_info_; 133 SSLConfig orig_config = config_info_;
146 GetSSLConfigNow(&config_info_); 134 GetSSLConfigNow(&config_info_);
147 if (ever_updated_) 135 if (ever_updated_)
148 ProcessConfigUpdate(orig_config, config_info_); 136 ProcessConfigUpdate(orig_config, config_info_);
149 config_time_ = now; 137 config_time_ = now;
150 ever_updated_ = true; 138 ever_updated_ = true;
151 } 139 }
152 140
153 } // namespace net 141 } // namespace net
OLDNEW
« no previous file with comments | « net/base/ssl_config_service_mac.h ('k') | net/base/ssl_config_service_mac_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698