Chromium Code Reviews Chromium Code Reviews
Issue 14125003:
Do not roll back to SSL 3.0 for Google properties. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
| 5 | 5 |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 173 | 173 |
| 174 PrefChangeRegistrar local_state_change_registrar_; | 174 PrefChangeRegistrar local_state_change_registrar_; |
| 175 PrefChangeRegistrar user_prefs_change_registrar_; | 175 PrefChangeRegistrar user_prefs_change_registrar_; |
| 176 | 176 |
| 177 // The local_state prefs (should only be accessed from UI thread) | 177 // The local_state prefs (should only be accessed from UI thread) |
| 178 BooleanPrefMember rev_checking_enabled_; | 178 BooleanPrefMember rev_checking_enabled_; |
| 179 StringPrefMember ssl_version_min_; | 179 StringPrefMember ssl_version_min_; |
| 180 StringPrefMember ssl_version_max_; | 180 StringPrefMember ssl_version_max_; |
| 181 BooleanPrefMember channel_id_enabled_; | 181 BooleanPrefMember channel_id_enabled_; |
| 182 BooleanPrefMember ssl_record_splitting_disabled_; | 182 BooleanPrefMember ssl_record_splitting_disabled_; |
| 183 BooleanPrefMember ssl3_verlback_enabled_; | |
|
wtc
2013/04/18 18:15:34
Typo: ssl3_verlback_enabled_ => ssl3_fallback_enab
| |
| 183 | 184 |
| 184 // The cached list of disabled SSL cipher suites. | 185 // The cached list of disabled SSL cipher suites. |
| 185 std::vector<uint16> disabled_cipher_suites_; | 186 std::vector<uint16> disabled_cipher_suites_; |
| 186 | 187 |
| 187 // The user_prefs prefs (should only be accessed from UI thread). | 188 // The user_prefs prefs (should only be accessed from UI thread). |
| 188 // |have_user_prefs_| will be false if no user_prefs are associated with this | 189 // |have_user_prefs_| will be false if no user_prefs are associated with this |
| 189 // instance. | 190 // instance. |
| 190 bool have_user_prefs_; | 191 bool have_user_prefs_; |
| 191 BooleanPrefMember block_third_party_cookies_; | 192 BooleanPrefMember block_third_party_cookies_; |
| 192 | 193 |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 212 rev_checking_enabled_.Init( | 213 rev_checking_enabled_.Init( |
| 213 prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback); | 214 prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback); |
| 214 ssl_version_min_.Init( | 215 ssl_version_min_.Init( |
| 215 prefs::kSSLVersionMin, local_state, local_state_callback); | 216 prefs::kSSLVersionMin, local_state, local_state_callback); |
| 216 ssl_version_max_.Init( | 217 ssl_version_max_.Init( |
| 217 prefs::kSSLVersionMax, local_state, local_state_callback); | 218 prefs::kSSLVersionMax, local_state, local_state_callback); |
| 218 channel_id_enabled_.Init( | 219 channel_id_enabled_.Init( |
| 219 prefs::kEnableOriginBoundCerts, local_state, local_state_callback); | 220 prefs::kEnableOriginBoundCerts, local_state, local_state_callback); |
| 220 ssl_record_splitting_disabled_.Init( | 221 ssl_record_splitting_disabled_.Init( |
| 221 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); | 222 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); |
| 223 ssl3_versionk_enabled_.Init( | |
|
wtc
2013/04/18 18:15:34
Typo: ssl3_versionk_enabled_ => ssl3_fallback_enab
| |
| 224 prefs::kEnableSSL3Fallback, local_state, local_state_callback); | |
| 222 | 225 |
| 223 local_state_change_registrar_.Init(local_state); | 226 local_state_change_registrar_.Init(local_state); |
| 224 local_state_change_registrar_.Add( | 227 local_state_change_registrar_.Add( |
| 225 prefs::kCipherSuiteBlacklist, local_state_callback); | 228 prefs::kCipherSuiteBlacklist, local_state_callback); |
| 226 | 229 |
| 227 OnDisabledCipherSuitesChange(local_state); | 230 OnDisabledCipherSuitesChange(local_state); |
| 228 | 231 |
| 229 if (user_prefs) { | 232 if (user_prefs) { |
| 230 PrefChangeRegistrar::NamedChangeCallback user_prefs_callback = base::Bind( | 233 PrefChangeRegistrar::NamedChangeCallback user_prefs_callback = base::Bind( |
| 231 &SSLConfigServiceManagerPref::OnPreferenceChanged, | 234 &SSLConfigServiceManagerPref::OnPreferenceChanged, |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 253 std::string version_min_str = | 256 std::string version_min_str = |
| 254 SSLProtocolVersionToString(default_config.version_min); | 257 SSLProtocolVersionToString(default_config.version_min); |
| 255 std::string version_max_str = | 258 std::string version_max_str = |
| 256 SSLProtocolVersionToString(default_config.version_max); | 259 SSLProtocolVersionToString(default_config.version_max); |
| 257 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); | 260 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); |
| 258 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); | 261 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); |
| 259 registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts, | 262 registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts, |
| 260 default_config.channel_id_enabled); | 263 default_config.channel_id_enabled); |
| 261 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, | 264 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, |
| 262 !default_config.false_start_enabled); | 265 !default_config.false_start_enabled); |
| 266 registry->RegisterBooleanPref( | |
| 267 prefs::kEnableSSL3Fallback, | |
| 268 default_config.ssl3_fallback_enabled); | |
|
wtc
2013/04/18 18:15:34
Nit: you may be able to format this call in two li
| |
| 263 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); | 269 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
| 264 } | 270 } |
| 265 | 271 |
| 266 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 272 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
| 267 return ssl_config_service_; | 273 return ssl_config_service_; |
| 268 } | 274 } |
| 269 | 275 |
| 270 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 276 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
| 271 PrefService* prefs, | 277 PrefService* prefs, |
| 272 const std::string& pref_name_in) { | 278 const std::string& pref_name_in) { |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 314 uint16 supported_version_max = config->version_max; | 320 uint16 supported_version_max = config->version_max; |
| 315 config->version_max = std::min(supported_version_max, version_max); | 321 config->version_max = std::min(supported_version_max, version_max); |
| 316 } | 322 } |
| 317 config->disabled_cipher_suites = disabled_cipher_suites_; | 323 config->disabled_cipher_suites = disabled_cipher_suites_; |
| 318 config->channel_id_enabled = channel_id_enabled_.GetValue(); | 324 config->channel_id_enabled = channel_id_enabled_.GetValue(); |
| 319 if (have_user_prefs_ && | 325 if (have_user_prefs_ && |
| 320 (cookies_disabled_ || block_third_party_cookies_.GetValue())) | 326 (cookies_disabled_ || block_third_party_cookies_.GetValue())) |
| 321 config->channel_id_enabled = false; | 327 config->channel_id_enabled = false; |
| 322 // disabling False Start also happens to disable record splitting. | 328 // disabling False Start also happens to disable record splitting. |
| 323 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); | 329 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); |
| 330 config->ssl3_fallback_enabled = | |
| 331 ssl3_fallback_enabled_.GetValue(); | |
|
wtc
2013/04/18 18:15:34
This should fit on one line now:
config->ssl3_fa
| |
| 324 SSLConfigServicePref::SetSSLConfigFlags(config); | 332 SSLConfigServicePref::SetSSLConfigFlags(config); |
| 325 } | 333 } |
| 326 | 334 |
| 327 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 335 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
| 328 PrefService* local_state) { | 336 PrefService* local_state) { |
| 329 const ListValue* value = local_state->GetList(prefs::kCipherSuiteBlacklist); | 337 const ListValue* value = local_state->GetList(prefs::kCipherSuiteBlacklist); |
| 330 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 338 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
| 331 } | 339 } |
| 332 | 340 |
| 333 void SSLConfigServiceManagerPref::OnDefaultContentSettingsChange( | 341 void SSLConfigServiceManagerPref::OnDefaultContentSettingsChange( |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 349 // static | 357 // static |
| 350 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 358 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
| 351 PrefService* local_state, PrefService* user_prefs) { | 359 PrefService* local_state, PrefService* user_prefs) { |
| 352 return new SSLConfigServiceManagerPref(local_state, user_prefs); | 360 return new SSLConfigServiceManagerPref(local_state, user_prefs); |
| 353 } | 361 } |
| 354 | 362 |
| 355 // static | 363 // static |
| 356 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 364 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
| 357 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 365 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
| 358 } | 366 } |
| OLD | NEW |
