Add a preference for enabling the TLS origin-bound certificates extension.

net/base/ssl_config_service.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/ssl_config_service.h"
 
 #include "base/lazy_instance.h"
 #include "base/memory/ref_counted.h"
 #include "net/base/crl_set.h"
 #include "net/base/ssl_config_service_defaults.h"
@@ skipping 41 matching lines @@
     : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) {
 }
 
 // static
 bool SSLConfigService::IsKnownFalseStartIncompatibleServer(
     const std::string& hostname) {
   return SSLFalseStartBlacklist::IsMember(hostname);
 }
 
 static bool g_cached_info_enabled = false;
-static bool g_origin_bound_certs_enabled = false;
 static bool g_false_start_enabled = true;
 static bool g_dns_cert_provenance_checking = false;
 base::LazyInstance<scoped_refptr<CRLSet>,
                    base::LeakyLazyInstanceTraits<scoped_refptr<CRLSet> > >
     g_crl_set = LAZY_INSTANCE_INITIALIZER;
 
 // static
 void SSLConfigService::DisableFalseStart() {
   g_false_start_enabled = false;
 }
@@ skipping 25 matching lines @@
 
 void SSLConfigService::EnableCachedInfo() {
   g_cached_info_enabled = true;
 }
 
 // static
 bool SSLConfigService::cached_info_enabled() {
   return g_cached_info_enabled;
 }
 
-// static
-void SSLConfigService::EnableOriginBoundCerts() {
-  g_origin_bound_certs_enabled = true;
-}
-
-// static
-bool SSLConfigService::origin_bound_certs_enabled() {
-  return g_origin_bound_certs_enabled;
-}
-
 void SSLConfigService::AddObserver(Observer* observer) {
   observer_list_.AddObserver(observer);
 }
 
 void SSLConfigService::RemoveObserver(Observer* observer) {
   observer_list_.RemoveObserver(observer);
 }
 
 SSLConfigService::~SSLConfigService() {
 }
 
 // static
 void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) {
   ssl_config->false_start_enabled = g_false_start_enabled;
   ssl_config->dns_cert_provenance_checking_enabled =
       g_dns_cert_provenance_checking;
   ssl_config->cached_info_enabled = g_cached_info_enabled;
-  ssl_config->origin_bound_certs_enabled = g_origin_bound_certs_enabled;
 }
 
 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
                                            const SSLConfig& new_config) {
   bool config_changed =
       (orig_config.rev_checking_enabled != new_config.rev_checking_enabled) ||
       (orig_config.ssl3_enabled != new_config.ssl3_enabled) ||
       (orig_config.tls1_enabled != new_config.tls1_enabled) ||
       (orig_config.disabled_cipher_suites !=
-       new_config.disabled_cipher_suites);
+       new_config.disabled_cipher_suites) ||
+      (orig_config.origin_bound_certs_enabled !=
+       new_config.origin_bound_certs_enabled);
 
   if (config_changed)
     FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged());
 }
 
 // static
 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) {
   if (!service)
     return false;
 
   SSLConfig ssl_config;
   service->GetSSLConfig(&ssl_config);
   return ssl_config.tls1_enabled;
 }
 
 }  // namespace net