Index: chrome/browser/net/ssl_config_service_manager_pref.cc |
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc |
index f419580269d767a52529adef0e3fd74f703a8798..941a0cb355dac152a61bb0bd4ff22030ffbf5f53 100644 |
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc |
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc |
@@ -160,6 +160,7 @@ class SSLConfigServiceManagerPref |
StringPrefMember ssl_version_max_; |
StringPrefMember ssl_version_fallback_min_; |
BooleanPrefMember ssl_record_splitting_disabled_; |
+ BooleanPrefMember token_binding_enabled_; |
// The cached list of disabled SSL cipher suites. |
std::vector<uint16> disabled_cipher_suites_; |
@@ -193,6 +194,8 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
prefs::kSSLVersionFallbackMin, local_state, local_state_callback); |
ssl_record_splitting_disabled_.Init( |
prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); |
+ token_binding_enabled_.Init( |
+ prefs::kEnableTokenBinding, local_state, local_state_callback); |
local_state_change_registrar_.Init(local_state); |
local_state_change_registrar_.Add( |
@@ -218,6 +221,8 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); |
registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, |
!default_config.false_start_enabled); |
+ registry->RegisterBooleanPref(prefs::kEnableTokenBinding, |
+ default_config.token_binding_params.size() > 0); |
davidben
2015/09/25 21:51:50
This is sort of weird. We're pulling information f
nharper
2015/09/28 21:43:38
I changed this to use the size == 1 && params[0] =
|
registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
} |
@@ -280,6 +285,10 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( |
config->disabled_cipher_suites = disabled_cipher_suites_; |
// disabling False Start also happens to disable record splitting. |
config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); |
+ if (token_binding_enabled_.GetValue()) { |
+ config->token_binding_params.clear(); |
+ config->token_binding_params.push_back(net::TB_PARAM_ECDSAP256_SHA256); |
+ } |
} |
void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |