OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #include "components/ssl_config/ssl_config_service_manager.h" | 4 #include "components/ssl_config/ssl_config_service_manager.h" |
5 | 5 |
6 #include <stdint.h> | 6 #include <stdint.h> |
7 | 7 |
8 #include <algorithm> | 8 #include <algorithm> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
190 PrefService* local_state, | 190 PrefService* local_state, |
191 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) | 191 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) |
192 : ssl_config_service_(new SSLConfigServicePref(io_task_runner)), | 192 : ssl_config_service_(new SSLConfigServicePref(io_task_runner)), |
193 io_task_runner_(io_task_runner) { | 193 io_task_runner_(io_task_runner) { |
194 DCHECK(local_state); | 194 DCHECK(local_state); |
195 | 195 |
196 local_state->SetDefaultPrefValue( | 196 local_state->SetDefaultPrefValue( |
197 ssl_config::prefs::kRC4Enabled, | 197 ssl_config::prefs::kRC4Enabled, |
198 new base::FundamentalValue(IsRC4EnabledByDefault())); | 198 new base::FundamentalValue(IsRC4EnabledByDefault())); |
199 | 199 |
200 // TODO(davidben): Remove this when the fallback removal has succeeded. | |
Alexei Svitkine (slow)
2016/02/11 16:24:06
Nit: Can you make the comment reference a crbug?
davidben
2016/02/11 21:53:14
Done.
| |
201 local_state->SetDefaultPrefValue( | |
202 ssl_config::prefs::kSSLVersionFallbackMin, | |
203 new base::StringValue( | |
204 base::FieldTrialList::FindFullName("SSLVersionFallbackMin"))); | |
davidben
2016/02/10 22:14:29
+asvitkine, could you confirm that this works for
Alexei Svitkine (slow)
2016/02/11 16:24:06
Yes this should work. However, I think it would be
davidben
2016/02/11 21:53:14
Hrm. Are you suggesting I instead do something lik
Alexei Svitkine (slow)
2016/02/11 22:02:40
If it's just a boolean, I would indeed suggest usi
| |
205 | |
200 PrefChangeRegistrar::NamedChangeCallback local_state_callback = | 206 PrefChangeRegistrar::NamedChangeCallback local_state_callback = |
201 base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged, | 207 base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged, |
202 base::Unretained(this), local_state); | 208 base::Unretained(this), local_state); |
203 | 209 |
204 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, | 210 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, |
205 local_state, local_state_callback); | 211 local_state, local_state_callback); |
206 rev_checking_required_local_anchors_.Init( | 212 rev_checking_required_local_anchors_.Init( |
207 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, | 213 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, |
208 local_state, local_state_callback); | 214 local_state, local_state_callback); |
209 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, | 215 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
287 uint16_t version_max = SSLProtocolVersionFromString(version_max_str); | 293 uint16_t version_max = SSLProtocolVersionFromString(version_max_str); |
288 uint16_t version_fallback_min = | 294 uint16_t version_fallback_min = |
289 SSLProtocolVersionFromString(version_fallback_min_str); | 295 SSLProtocolVersionFromString(version_fallback_min_str); |
290 if (version_min) { | 296 if (version_min) { |
291 config->version_min = version_min; | 297 config->version_min = version_min; |
292 } | 298 } |
293 if (version_max) { | 299 if (version_max) { |
294 uint16_t supported_version_max = config->version_max; | 300 uint16_t supported_version_max = config->version_max; |
295 config->version_max = std::min(supported_version_max, version_max); | 301 config->version_max = std::min(supported_version_max, version_max); |
296 } | 302 } |
297 if (version_fallback_min) { | 303 // Values below TLS 1.1 are invalid. |
304 if (version_fallback_min && | |
305 version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) { | |
298 config->version_fallback_min = version_fallback_min; | 306 config->version_fallback_min = version_fallback_min; |
299 } | 307 } |
300 config->disabled_cipher_suites = disabled_cipher_suites_; | 308 config->disabled_cipher_suites = disabled_cipher_suites_; |
301 config->rc4_enabled = rc4_enabled_.GetValue(); | 309 config->rc4_enabled = rc4_enabled_.GetValue(); |
302 } | 310 } |
303 | 311 |
304 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 312 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
305 PrefService* local_state) { | 313 PrefService* local_state) { |
306 const base::ListValue* value = | 314 const base::ListValue* value = |
307 local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist); | 315 local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist); |
308 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 316 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
309 } | 317 } |
310 | 318 |
311 //////////////////////////////////////////////////////////////////////////////// | 319 //////////////////////////////////////////////////////////////////////////////// |
312 // SSLConfigServiceManager | 320 // SSLConfigServiceManager |
313 | 321 |
314 namespace ssl_config { | 322 namespace ssl_config { |
315 // static | 323 // static |
316 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 324 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
317 PrefService* local_state, | 325 PrefService* local_state, |
318 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { | 326 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { |
319 return new SSLConfigServiceManagerPref(local_state, io_task_runner); | 327 return new SSLConfigServiceManagerPref(local_state, io_task_runner); |
320 } | 328 } |
321 | 329 |
322 // static | 330 // static |
323 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 331 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
324 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 332 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
325 } | 333 } |
326 } // namespace ssl_config | 334 } // namespace ssl_config |
OLD | NEW |