Index: chrome/browser/net/ssl_config_service_manager_pref.cc |
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc |
index 9a400ec275d0dee77974a6f770cad1d94a8c5347..af1fa539f7bd158a4cad75878db861445fcb37b8 100644 |
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc |
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc |
@@ -158,6 +158,7 @@ class SSLConfigServiceManagerPref |
StringPrefMember ssl_version_min_; |
StringPrefMember ssl_version_max_; |
StringPrefMember ssl_version_fallback_min_; |
+ BooleanPrefMember token_binding_enabled_; |
// The cached list of disabled SSL cipher suites. |
std::vector<uint16> disabled_cipher_suites_; |
@@ -189,6 +190,8 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
prefs::kSSLVersionMax, local_state, local_state_callback); |
ssl_version_fallback_min_.Init( |
prefs::kSSLVersionFallbackMin, local_state, local_state_callback); |
+ token_binding_enabled_.Init( |
+ prefs::kEnableTokenBinding, local_state, local_state_callback); |
local_state_change_registrar_.Init(local_state); |
local_state_change_registrar_.Add( |
@@ -212,6 +215,11 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
registry->RegisterStringPref(prefs::kSSLVersionMin, std::string()); |
registry->RegisterStringPref(prefs::kSSLVersionMax, std::string()); |
registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string()); |
+ registry->RegisterBooleanPref( |
+ prefs::kEnableTokenBinding, |
+ default_config.token_binding_params.size() == 1 && |
+ default_config.token_binding_params[0] == |
+ net::TB_PARAM_ECDSAP256_SHA256); |
registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
} |
@@ -272,6 +280,10 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( |
config->version_fallback_min = version_fallback_min; |
} |
config->disabled_cipher_suites = disabled_cipher_suites_; |
+ if (token_binding_enabled_.GetValue()) { |
+ config->token_binding_params.clear(); |
+ config->token_binding_params.push_back(net::TB_PARAM_ECDSAP256_SHA256); |
+ } |
} |
void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |