Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_config_service.cc

Issue 14125003: Do not roll back to SSL 3.0 for Google properties. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix a bug that prevents TLS 1.1 -> TLS 1.0 fallback. Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/ssl/ssl_config_service.h ('K') | « net/ssl/ssl_config_service.h ('k') | net/ssl/ssl_config_service_unittest.cc » ('j') | net/ssl/ssl_config_service_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_config_service.h" 5 #include "net/ssl/ssl_config_service.h"
6 6
7 #include "base/lazy_instance.h" 7 #include "base/lazy_instance.h"
8 #include "base/memory/ref_counted.h" 8 #include "base/memory/ref_counted.h"
9 #include "base/synchronization/lock.h" 9 #include "base/synchronization/lock.h"
10 #include "net/cert/crl_set.h" 10 #include "net/cert/crl_set.h"
(...skipping 22 matching lines...) Expand all
33 33
34 SSLConfig::CertAndStatus::~CertAndStatus() {} 34 SSLConfig::CertAndStatus::~CertAndStatus() {}
35 35
36 SSLConfig::SSLConfig() 36 SSLConfig::SSLConfig()
37 : rev_checking_enabled(false), 37 : rev_checking_enabled(false),
38 version_min(g_default_version_min), 38 version_min(g_default_version_min),
39 version_max(g_default_version_max), 39 version_max(g_default_version_max),
40 cached_info_enabled(false), 40 cached_info_enabled(false),
41 channel_id_enabled(true), 41 channel_id_enabled(true),
42 false_start_enabled(true), 42 false_start_enabled(true),
43 ssl3_fallback_enabled(false),
43 send_client_cert(false), 44 send_client_cert(false),
44 verify_ev_cert(false), 45 verify_ev_cert(false),
45 version_fallback(false), 46 version_fallback(false),
46 cert_io_enabled(true) { 47 cert_io_enabled(true) {
47 } 48 }
48 49
49 SSLConfig::~SSLConfig() { 50 SSLConfig::~SSLConfig() {
50 } 51 }
51 52
52 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert, 53 bool SSLConfig::IsAllowedBadCert(X509Certificate* cert,
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
147 ssl_config->cached_info_enabled = g_cached_info_enabled; 148 ssl_config->cached_info_enabled = g_cached_info_enabled;
148 } 149 }
149 150
150 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, 151 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
151 const SSLConfig& new_config) { 152 const SSLConfig& new_config) {
152 bool config_changed = 153 bool config_changed =
153 (orig_config.rev_checking_enabled != new_config.rev_checking_enabled) || 154 (orig_config.rev_checking_enabled != new_config.rev_checking_enabled) ||
154 (orig_config.version_min != new_config.version_min) || 155 (orig_config.version_min != new_config.version_min) ||
155 (orig_config.version_max != new_config.version_max) || 156 (orig_config.version_max != new_config.version_max) ||
156 (orig_config.disabled_cipher_suites != 157 (orig_config.disabled_cipher_suites !=
157 new_config.disabled_cipher_suites) || 158 new_config.disabled_cipher_suites) ||
158 (orig_config.channel_id_enabled != new_config.channel_id_enabled) || 159 (orig_config.channel_id_enabled != new_config.channel_id_enabled) ||
160 (orig_config.ssl3_fallback_enabled !=
161 new_config.ssl3_fallback_enabled) ||
wtc 2013/04/18 18:15:34 Please add this test after the false_start_enabled
159 (orig_config.false_start_enabled != new_config.false_start_enabled); 162 (orig_config.false_start_enabled != new_config.false_start_enabled);
160 163
161 if (config_changed) 164 if (config_changed)
162 NotifySSLConfigChange(); 165 NotifySSLConfigChange();
163 } 166 }
164 167
165 // static 168 // static
166 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { 169 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) {
167 if (!service) 170 if (!service)
168 return false; 171 return false;
169 172
170 SSLConfig ssl_config; 173 SSLConfig ssl_config;
171 service->GetSSLConfig(&ssl_config); 174 service->GetSSLConfig(&ssl_config);
172 return ssl_config.version_max >= SSL_PROTOCOL_VERSION_TLS1; 175 return ssl_config.version_max >= SSL_PROTOCOL_VERSION_TLS1;
173 } 176 }
174 177
175 } // namespace net 178 } // namespace net
OLDNEW
« net/ssl/ssl_config_service.h ('K') | « net/ssl/ssl_config_service.h ('k') | net/ssl/ssl_config_service_unittest.cc » ('j') | net/ssl/ssl_config_service_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698