| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include "components/ssl_config/ssl_config_service_manager.h" | 4 #include "components/ssl_config/ssl_config_service_manager.h" |
| 5 | 5 |
| 6 #include <stdint.h> | 6 #include <stdint.h> |
| 7 | 7 |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 166 // Processes changes to the disabled cipher suites preference, updating the | 166 // Processes changes to the disabled cipher suites preference, updating the |
| 167 // cached list of parsed SSL/TLS cipher suites that are disabled. | 167 // cached list of parsed SSL/TLS cipher suites that are disabled. |
| 168 void OnDisabledCipherSuitesChange(PrefService* local_state); | 168 void OnDisabledCipherSuitesChange(PrefService* local_state); |
| 169 | 169 |
| 170 PrefChangeRegistrar local_state_change_registrar_; | 170 PrefChangeRegistrar local_state_change_registrar_; |
| 171 | 171 |
| 172 // The local_state prefs (should only be accessed from UI thread) | 172 // The local_state prefs (should only be accessed from UI thread) |
| 173 BooleanPrefMember rev_checking_enabled_; | 173 BooleanPrefMember rev_checking_enabled_; |
| 174 BooleanPrefMember rev_checking_required_local_anchors_; | 174 BooleanPrefMember rev_checking_required_local_anchors_; |
| 175 BooleanPrefMember sha1_local_anchors_enabled_; | 175 BooleanPrefMember sha1_local_anchors_enabled_; |
| 176 BooleanPrefMember common_name_fallback_local_anchors_enabled_; |
| 176 StringPrefMember ssl_version_min_; | 177 StringPrefMember ssl_version_min_; |
| 177 StringPrefMember ssl_version_max_; | 178 StringPrefMember ssl_version_max_; |
| 178 | 179 |
| 179 // The cached list of disabled SSL cipher suites. | 180 // The cached list of disabled SSL cipher suites. |
| 180 std::vector<uint16_t> disabled_cipher_suites_; | 181 std::vector<uint16_t> disabled_cipher_suites_; |
| 181 | 182 |
| 182 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 183 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
| 183 | 184 |
| 184 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; | 185 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_; |
| 185 | 186 |
| (...skipping 18 matching lines...) Expand all Loading... |
| 204 base::Unretained(this), local_state); | 205 base::Unretained(this), local_state); |
| 205 | 206 |
| 206 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, | 207 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, |
| 207 local_state, local_state_callback); | 208 local_state, local_state_callback); |
| 208 rev_checking_required_local_anchors_.Init( | 209 rev_checking_required_local_anchors_.Init( |
| 209 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, | 210 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, |
| 210 local_state, local_state_callback); | 211 local_state, local_state_callback); |
| 211 sha1_local_anchors_enabled_.Init( | 212 sha1_local_anchors_enabled_.Init( |
| 212 ssl_config::prefs::kCertEnableSha1LocalAnchors, local_state, | 213 ssl_config::prefs::kCertEnableSha1LocalAnchors, local_state, |
| 213 local_state_callback); | 214 local_state_callback); |
| 215 common_name_fallback_local_anchors_enabled_.Init( |
| 216 ssl_config::prefs::kCertEnableCommonNameFallbackLocalAnchors, local_state, |
| 217 local_state_callback); |
| 214 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, | 218 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, |
| 215 local_state_callback); | 219 local_state_callback); |
| 216 ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state, | 220 ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state, |
| 217 local_state_callback); | 221 local_state_callback); |
| 218 | 222 |
| 219 local_state_change_registrar_.Init(local_state); | 223 local_state_change_registrar_.Init(local_state); |
| 220 local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist, | 224 local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist, |
| 221 local_state_callback); | 225 local_state_callback); |
| 222 | 226 |
| 223 OnDisabledCipherSuitesChange(local_state); | 227 OnDisabledCipherSuitesChange(local_state); |
| 224 | 228 |
| 225 // Initialize from UI thread. This is okay as there shouldn't be anything on | 229 // Initialize from UI thread. This is okay as there shouldn't be anything on |
| 226 // the IO thread trying to access it yet. | 230 // the IO thread trying to access it yet. |
| 227 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 231 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
| 228 } | 232 } |
| 229 | 233 |
| 230 // static | 234 // static |
| 231 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { | 235 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
| 232 net::SSLConfig default_config; | 236 net::SSLConfig default_config; |
| 233 registry->RegisterBooleanPref( | 237 registry->RegisterBooleanPref( |
| 234 ssl_config::prefs::kCertRevocationCheckingEnabled, | 238 ssl_config::prefs::kCertRevocationCheckingEnabled, |
| 235 default_config.rev_checking_enabled); | 239 default_config.rev_checking_enabled); |
| 236 registry->RegisterBooleanPref( | 240 registry->RegisterBooleanPref( |
| 237 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, | 241 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, |
| 238 default_config.rev_checking_required_local_anchors); | 242 default_config.rev_checking_required_local_anchors); |
| 239 registry->RegisterBooleanPref(ssl_config::prefs::kCertEnableSha1LocalAnchors, | 243 registry->RegisterBooleanPref(ssl_config::prefs::kCertEnableSha1LocalAnchors, |
| 240 false); | 244 false); |
| 245 registry->RegisterBooleanPref( |
| 246 ssl_config::prefs::kCertEnableCommonNameFallbackLocalAnchors, false); |
| 241 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin, | 247 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin, |
| 242 std::string()); | 248 std::string()); |
| 243 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax, | 249 registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax, |
| 244 std::string()); | 250 std::string()); |
| 245 registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist); | 251 registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist); |
| 246 } | 252 } |
| 247 | 253 |
| 248 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 254 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
| 249 return ssl_config_service_.get(); | 255 return ssl_config_service_.get(); |
| 250 } | 256 } |
| (...skipping 19 matching lines...) Expand all Loading... |
| 270 net::SSLConfig* config) { | 276 net::SSLConfig* config) { |
| 271 // rev_checking_enabled was formerly a user-settable preference, but now | 277 // rev_checking_enabled was formerly a user-settable preference, but now |
| 272 // it is managed-only. | 278 // it is managed-only. |
| 273 if (rev_checking_enabled_.IsManaged()) | 279 if (rev_checking_enabled_.IsManaged()) |
| 274 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); | 280 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); |
| 275 else | 281 else |
| 276 config->rev_checking_enabled = false; | 282 config->rev_checking_enabled = false; |
| 277 config->rev_checking_required_local_anchors = | 283 config->rev_checking_required_local_anchors = |
| 278 rev_checking_required_local_anchors_.GetValue(); | 284 rev_checking_required_local_anchors_.GetValue(); |
| 279 config->sha1_local_anchors_enabled = sha1_local_anchors_enabled_.GetValue(); | 285 config->sha1_local_anchors_enabled = sha1_local_anchors_enabled_.GetValue(); |
| 286 config->common_name_fallback_local_anchors_enabled = |
| 287 common_name_fallback_local_anchors_enabled_.GetValue(); |
| 280 std::string version_min_str = ssl_version_min_.GetValue(); | 288 std::string version_min_str = ssl_version_min_.GetValue(); |
| 281 std::string version_max_str = ssl_version_max_.GetValue(); | 289 std::string version_max_str = ssl_version_max_.GetValue(); |
| 282 config->version_min = net::kDefaultSSLVersionMin; | 290 config->version_min = net::kDefaultSSLVersionMin; |
| 283 config->version_max = net::kDefaultSSLVersionMax; | 291 config->version_max = net::kDefaultSSLVersionMax; |
| 284 uint16_t version_min = SSLProtocolVersionFromString(version_min_str); | 292 uint16_t version_min = SSLProtocolVersionFromString(version_min_str); |
| 285 uint16_t version_max = SSLProtocolVersionFromString(version_max_str); | 293 uint16_t version_max = SSLProtocolVersionFromString(version_max_str); |
| 286 if (version_min) { | 294 if (version_min) { |
| 287 config->version_min = version_min; | 295 config->version_min = version_min; |
| 288 } | 296 } |
| 289 if (version_max && version_max >= net::SSL_PROTOCOL_VERSION_TLS1_2) { | 297 if (version_max && version_max >= net::SSL_PROTOCOL_VERSION_TLS1_2) { |
| (...skipping 18 matching lines...) Expand all Loading... |
| 308 PrefService* local_state, | 316 PrefService* local_state, |
| 309 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { | 317 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { |
| 310 return new SSLConfigServiceManagerPref(local_state, io_task_runner); | 318 return new SSLConfigServiceManagerPref(local_state, io_task_runner); |
| 311 } | 319 } |
| 312 | 320 |
| 313 // static | 321 // static |
| 314 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 322 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
| 315 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 323 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
| 316 } | 324 } |
| 317 } // namespace ssl_config | 325 } // namespace ssl_config |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2735733003:
Disable commonName matching for certificates (Closed)
