chrome/browser/ssl/chrome_security_state_model_client.cc - Issue 1727133002: Expose TLS settings in the Security panel overview, and call out individual obsolete settings.

Unified Diff: chrome/browser/ssl/chrome_security_state_model_client.cc

Issue 1727133002: Expose TLS settings in the Security panel overview, and call out individual obsolete settings. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Add some tests. Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/app/generated_resources.grd ('k') | chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc » ('j') | chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/ssl/chrome_security_state_model_client.cc

diff --git a/chrome/browser/ssl/chrome_security_state_model_client.cc b/chrome/browser/ssl/chrome_security_state_model_client.cc

index b5f4014c1a07281159dbd2f1d940d8edab7142d6..db7a6d608c370e99b29ecec3dca65e41beaf4dc2 100644

--- a/chrome/browser/ssl/chrome_security_state_model_client.cc

+++ b/chrome/browser/ssl/chrome_security_state_model_client.cc

@@ -22,6 +22,8 @@

#include "content/public/common/ssl_status.h"

#include "net/base/net_errors.h"

#include "net/cert/x509_certificate.h"

+#include "net/ssl/ssl_cipher_suite_names.h"

+#include "net/ssl/ssl_connection_status_flags.h"

#include "ui/base/l10n/l10n_util.h"

DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromeSecurityStateModelClient);

@@ -77,6 +79,73 @@ content::SecurityStyle SecurityLevelToSecurityStyle(

return content::SECURITY_STYLE_UNKNOWN;

}

+void AddConnectionExplanation(

+ const security_state::SecurityStateModel::SecurityInfo& security_info,

+ content::SecurityStyleExplanations* security_style_explanations) {

+ int ssl_version =

+ net::SSLConnectionStatusToVersion(security_info.connection_status);

+ const char* protocol;

+ net::SSLVersionToString(&protocol, ssl_version);

+ const char* key_exchange;

+ const char* cipher;

+ const char* mac;

+ bool is_aead;

+ uint16_t cipher_suite =

+ net::SSLConnectionStatusToCipherSuite(security_info.connection_status);

+ net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead,

+ cipher_suite);

+ base::string16 protocol_name = base::ASCIIToUTF16(protocol);

+ base::string16 key_exchange_name = base::ASCIIToUTF16(key_exchange);

+ const base::string16 cipher_name =

+ (mac == NULL) ? base::ASCIIToUTF16(cipher)

+ : l10n_util::GetStringFUTF16(IDS_CIPHER_WITH_MAC,

+ base::ASCIIToUTF16(cipher),

+ base::ASCIIToUTF16(mac));

+ if (security_info.obsolete_ssl_status == net::OBSOLETE_SSL_NONE) {

+ security_style_explanations->secure_explanations.push_back(

+ content::SecurityStyleExplanation(

+ l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY),

+ l10n_util::GetStringFUTF8(IDS_STRONG_SSL_DESCRIPTION, protocol_name,

+ key_exchange_name, cipher_name)));

+ return;

+ } else {

estark 2016/06/15 04:46:08 no need for else + indentation after return

lgarron 2016/08/05 23:22:58 Done.

+ // We avoid trying to show TLS details when we couldn't even establish a TLS

estark 2016/06/15 04:46:08 nit: avoid "we" in comments

lgarron 2016/08/05 23:22:58 Done.

+ // connection (e.g. for net errors). We check the cert_id to see if there

estark 2016/06/15 04:46:08 nit: |cert_id|

lgarron 2016/08/05 23:22:58 Done.

+ // was a connection.

+ if (security_info.cert_id != 0) {

estark 2016/06/15 04:46:08 prefer early return: if (security_info.cert_id ==

lgarron 2016/08/05 23:22:58 Done.

+ std::vector<base::string16> description_replacements;

+ int status = security_info.obsolete_ssl_status;

+ int str_id;

+ str_id = (status & net::OBSOLETE_SSL_MASK_PROTOCOL)

+ ? IDS_SSL_AN_OBSOLETE_PROTOCOL

+ : IDS_SSL_A_STRONG_PROTOCOL;

+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id));

+ description_replacements.push_back(protocol_name);

+ str_id = (status & net::OBSOLETE_SSL_MASK_KEY_EXCHANGE)

+ ? IDS_SSL_AN_OBSOLETE_KEY_EXCHANGE

+ : IDS_SSL_A_STRONG_KEY_EXCHANGE;

+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id));

+ description_replacements.push_back(key_exchange_name);

+ str_id = (status & net::OBSOLETE_SSL_MASK_CIPHER)

+ ? IDS_SSL_AN_OBSOLETE_CIPHER

+ : IDS_SSL_A_STRONG_CIPHER;

+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id));

+ description_replacements.push_back(cipher_name);

+ security_style_explanations->info_explanations.push_back(

+ content::SecurityStyleExplanation(

+ l10n_util::GetStringUTF8(IDS_OBSOLETE_SSL_SUMMARY),

+ base::UTF16ToUTF8(l10n_util::GetStringFUTF16(

+ IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements,

+ nullptr))));

+ return;

estark 2016/06/15 04:46:08 no return necessary here

lgarron 2016/08/05 23:22:58 Done.

+ }

} // namespace

ChromeSecurityStateModelClient::ChromeSecurityStateModelClient(

@@ -172,13 +241,7 @@ content::SecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(

}

- if (security_info.is_secure_protocol_and_ciphersuite) {

- security_style_explanations->secure_explanations.push_back(

- content::SecurityStyleExplanation(

- l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE),

- l10n_util::GetStringUTF8(

- IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION)));

- }

+ AddConnectionExplanation(security_info, security_style_explanations);

return security_style;

}