Index: chrome/browser/ui/browser.cc |
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc |
index 9512433473b7a625f4b34d7545c992ed58b4836f..d4bac85b5a6631b3c340a4f6e67a629a0015faa3 100644 |
--- a/chrome/browser/ui/browser.cc |
+++ b/chrome/browser/ui/browser.cc |
@@ -9,6 +9,7 @@ |
#include <algorithm> |
#include <string> |
#include <utility> |
+#include <vector> |
#include "base/base_paths.h" |
#include "base/bind.h" |
@@ -20,6 +21,7 @@ |
#include "base/process/process_info.h" |
#include "base/profiler/scoped_tracker.h" |
#include "base/single_thread_task_runner.h" |
+#include "base/strings/string16.h" |
#include "base/strings/string_number_conversions.h" |
#include "base/strings/string_util.h" |
#include "base/strings/stringprintf.h" |
@@ -209,6 +211,8 @@ |
#include "net/base/filename_util.h" |
#include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
#include "net/cookies/cookie_monster.h" |
+#include "net/ssl/ssl_cipher_suite_names.h" |
+#include "net/ssl/ssl_connection_status_flags.h" |
#include "net/url_request/url_request_context.h" |
#include "third_party/WebKit/public/web/WebWindowFeatures.h" |
#include "ui/base/l10n/l10n_util.h" |
@@ -1403,12 +1407,68 @@ content::SecurityStyle Browser::GetSecurityStyle( |
} |
} |
- if (security_info.is_secure_protocol_and_ciphersuite) { |
+ int ssl_version = |
+ net::SSLConnectionStatusToVersion(security_info.connection_status); |
+ const char* protocol; |
+ net::SSLVersionToString(&protocol, ssl_version); |
+ |
+ const char* key_exchange; |
+ const char* cipher; |
+ const char* mac; |
+ bool is_aead; |
+ uint16_t cipher_suite = |
+ net::SSLConnectionStatusToCipherSuite(security_info.connection_status); |
+ net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, |
+ cipher_suite); |
+ |
+ base::string16 protocol_name = base::ASCIIToUTF16(protocol); |
+ base::string16 key_exchange_name = base::ASCIIToUTF16(key_exchange); |
+ const base::string16 cipher_name = |
+ (mac == NULL) ? base::ASCIIToUTF16(cipher) |
+ : l10n_util::GetStringFUTF16(IDS_CIPHER_WITH_MAC, |
+ base::ASCIIToUTF16(cipher), |
+ base::ASCIIToUTF16(mac)); |
+ |
+ if (security_info.obsolete_ssl_status == net::OBSOLETE_SSL_NONE) { |
security_style_explanations->secure_explanations.push_back( |
content::SecurityStyleExplanation( |
- l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
- l10n_util::GetStringUTF8( |
- IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION))); |
+ l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), |
+ l10n_util::GetStringFUTF8(IDS_STRONG_SSL_DESCRIPTION, protocol_name, |
+ key_exchange_name, cipher_name))); |
+ } else { |
+ // We avoid trying to show TLS details when we couldn't even establish a TLS |
+ // connection (e.g. for net errors). We check the cert_id to see if there |
+ // was a connection. |
+ if (security_info.cert_id != 0) { |
+ std::vector<base::string16> description_replacements; |
+ int status = security_info.obsolete_ssl_status; |
+ int str_id; |
+ |
+ str_id = (status & net::OBSOLETE_SSL_MASK_PROTOCOL) |
+ ? IDS_SSL_AN_OBSOLETE_PROTOCOL |
+ : IDS_SSL_A_STRONG_PROTOCOL; |
+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); |
+ description_replacements.push_back(protocol_name); |
+ |
+ str_id = (status & net::OBSOLETE_SSL_MASK_KEY_EXCHANGE) |
+ ? IDS_SSL_AN_OBSOLETE_KEY_EXCHANGE |
+ : IDS_SSL_A_STRONG_KEY_EXCHANGE; |
+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); |
+ description_replacements.push_back(key_exchange_name); |
+ |
+ str_id = (status & net::OBSOLETE_SSL_MASK_CIPHER) |
+ ? IDS_SSL_AN_OBSOLETE_CIPHER |
+ : IDS_SSL_A_STRONG_CIPHER; |
+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); |
+ description_replacements.push_back(cipher_name); |
+ |
+ security_style_explanations->info_explanations.push_back( |
+ content::SecurityStyleExplanation( |
+ l10n_util::GetStringUTF8(IDS_OBSOLETE_SSL_SUMMARY), |
+ base::UTF16ToUTF8(l10n_util::GetStringFUTF16( |
+ IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, |
+ nullptr)))); |
+ } |
} |
return security_style; |