Make SSLConfigManager notify clients if the SHA-1 policy changes

Make SSLConfigManager notify clients if the SHA-1 policy changes

An oversight in the comparator for the SSLConfigManager that handles
the logic for determining when an SSLConfig is "new" (and thus
should invalidate all existing SSLConfigs) meant that changes to the
SHA-1 policy for local anchors wouldn't be immediately propagated.

BUG=697154
Review-Url: https://codereview.chromium.org/2723783002
Cr-Commit-Position: refs/heads/master@{#453772}
Committed: https://chromium.googlesource.com/chromium/src/+/39f9eb3f5301f73d385c6d65601c60dba4fae63e

[Ryan Sleevi, 2017-02-28 20:06:40]

rsleevi@chromium.org changed reviewers:
+ mattm@chromium.org

[Ryan Sleevi, 2017-02-28 20:06:41]

Matt: Easy review

[mattm, 2017-02-28 21:22:45]

https://codereview.chromium.org/2723783002/diff/20001/net/ssl/ssl_config_serv...
File net/ssl/ssl_config_service.cc (left):

https://codereview.chromium.org/2723783002/diff/20001/net/ssl/ssl_config_serv...
net/ssl/ssl_config_service.cc:96: (orig_config.require_ecdhe !=
new_config.require_ecdhe);
require_ecdhe was removed, because nothing updates it dynamically?

[Ryan Sleevi, 2017-02-28 22:24:35]

https://codereview.chromium.org/2723783002/diff/20001/net/ssl/ssl_config_serv...
File net/ssl/ssl_config_service.cc (left):

https://codereview.chromium.org/2723783002/diff/20001/net/ssl/ssl_config_serv...
net/ssl/ssl_config_service.cc:96: (orig_config.require_ecdhe !=
new_config.require_ecdhe);
On 2017/02/28 21:22:45, mattm wrote:
> require_ecdhe was removed, because nothing updates it dynamically?

Nope, it's because I'm awful (and because there were no tests)

Fixed both :)

[Ryan Sleevi, 2017-02-28 22:26:33]

The CQ bit was checked by rsleevi@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-28 22:27:27]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[mattm, 2017-02-28 22:32:02]

lgtm

[commit-bot: I haz the power, 2017-02-28 23:05:45]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-28 23:05:46]

Dry run: Try jobs failed on following builders:
  android_arm64_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm6...)

[Ryan Sleevi, 2017-02-28 23:47:58]

The CQ bit was checked by rsleevi@chromium.org

[commit-bot: I haz the power, 2017-02-28 23:49:00]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-01 00:31:57]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1488325678087130,
"parent_rev": "918bb2c91f07a2cce51cea68554bd56566dec0dc", "commit_rev":
"39f9eb3f5301f73d385c6d65601c60dba4fae63e"}

[commit-bot: I haz the power, 2017-03-01 00:45:40]

Description was changed from

==========
Make SSLConfigManager notify clients if the SHA-1 policy changes

An oversight in the comparator for the SSLConfigManager that handles
the logic for determining when an SSLConfig is "new" (and thus
should invalidate all existing SSLConfigs) meant that changes to the
SHA-1 policy for local anchors wouldn't be immediately propagated.

BUG=697154
==========

to

==========
Make SSLConfigManager notify clients if the SHA-1 policy changes

An oversight in the comparator for the SSLConfigManager that handles
the logic for determining when an SSLConfig is "new" (and thus
should invalidate all existing SSLConfigs) meant that changes to the
SHA-1 policy for local anchors wouldn't be immediately propagated.

BUG=697154

Review-Url: https://codereview.chromium.org/2723783002
Cr-Commit-Position: refs/heads/master@{#453772}
Committed:
https://chromium.googlesource.com/chromium/src/+/39f9eb3f5301f73d385c6d65601c...
==========

[commit-bot: I haz the power, 2017-03-01 00:45:41]

Committed patchset #3 (id:40001) as
https://chromium.googlesource.com/chromium/src/+/39f9eb3f5301f73d385c6d65601c...