| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
| 5 | 5 |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 167 // cached list of parsed SSL/TLS cipher suites that are disabled. | 167 // cached list of parsed SSL/TLS cipher suites that are disabled. |
| 168 void OnDisabledCipherSuitesChange(PrefService* local_state); | 168 void OnDisabledCipherSuitesChange(PrefService* local_state); |
| 169 | 169 |
| 170 PrefChangeRegistrar local_state_change_registrar_; | 170 PrefChangeRegistrar local_state_change_registrar_; |
| 171 | 171 |
| 172 // The local_state prefs (should only be accessed from UI thread) | 172 // The local_state prefs (should only be accessed from UI thread) |
| 173 BooleanPrefMember rev_checking_enabled_; | 173 BooleanPrefMember rev_checking_enabled_; |
| 174 BooleanPrefMember rev_checking_required_local_anchors_; | 174 BooleanPrefMember rev_checking_required_local_anchors_; |
| 175 StringPrefMember ssl_version_min_; | 175 StringPrefMember ssl_version_min_; |
| 176 StringPrefMember ssl_version_max_; | 176 StringPrefMember ssl_version_max_; |
| 177 StringPrefMember ssl_version_fallback_min_; |
| 177 BooleanPrefMember ssl_record_splitting_disabled_; | 178 BooleanPrefMember ssl_record_splitting_disabled_; |
| 178 | 179 |
| 179 // The cached list of disabled SSL cipher suites. | 180 // The cached list of disabled SSL cipher suites. |
| 180 std::vector<uint16> disabled_cipher_suites_; | 181 std::vector<uint16> disabled_cipher_suites_; |
| 181 | 182 |
| 182 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 183 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
| 183 | 184 |
| 184 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 185 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
| 185 }; | 186 }; |
| 186 | 187 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 197 rev_checking_enabled_.Init( | 198 rev_checking_enabled_.Init( |
| 198 prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback); | 199 prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback); |
| 199 rev_checking_required_local_anchors_.Init( | 200 rev_checking_required_local_anchors_.Init( |
| 200 prefs::kCertRevocationCheckingRequiredLocalAnchors, | 201 prefs::kCertRevocationCheckingRequiredLocalAnchors, |
| 201 local_state, | 202 local_state, |
| 202 local_state_callback); | 203 local_state_callback); |
| 203 ssl_version_min_.Init( | 204 ssl_version_min_.Init( |
| 204 prefs::kSSLVersionMin, local_state, local_state_callback); | 205 prefs::kSSLVersionMin, local_state, local_state_callback); |
| 205 ssl_version_max_.Init( | 206 ssl_version_max_.Init( |
| 206 prefs::kSSLVersionMax, local_state, local_state_callback); | 207 prefs::kSSLVersionMax, local_state, local_state_callback); |
| 208 ssl_version_fallback_min_.Init( |
| 209 prefs::kSSLVersionFallbackMin, local_state, local_state_callback); |
| 207 ssl_record_splitting_disabled_.Init( | 210 ssl_record_splitting_disabled_.Init( |
| 208 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); | 211 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); |
| 209 | 212 |
| 210 local_state_change_registrar_.Init(local_state); | 213 local_state_change_registrar_.Init(local_state); |
| 211 local_state_change_registrar_.Add( | 214 local_state_change_registrar_.Add( |
| 212 prefs::kCipherSuiteBlacklist, local_state_callback); | 215 prefs::kCipherSuiteBlacklist, local_state_callback); |
| 213 | 216 |
| 214 OnDisabledCipherSuitesChange(local_state); | 217 OnDisabledCipherSuitesChange(local_state); |
| 215 | 218 |
| 216 // Initialize from UI thread. This is okay as there shouldn't be anything on | 219 // Initialize from UI thread. This is okay as there shouldn't be anything on |
| 217 // the IO thread trying to access it yet. | 220 // the IO thread trying to access it yet. |
| 218 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 221 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
| 219 } | 222 } |
| 220 | 223 |
| 221 // static | 224 // static |
| 222 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { | 225 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
| 223 net::SSLConfig default_config; | 226 net::SSLConfig default_config; |
| 224 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, | 227 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, |
| 225 default_config.rev_checking_enabled); | 228 default_config.rev_checking_enabled); |
| 226 registry->RegisterBooleanPref( | 229 registry->RegisterBooleanPref( |
| 227 prefs::kCertRevocationCheckingRequiredLocalAnchors, | 230 prefs::kCertRevocationCheckingRequiredLocalAnchors, |
| 228 default_config.rev_checking_required_local_anchors); | 231 default_config.rev_checking_required_local_anchors); |
| 229 std::string version_min_str = | 232 std::string version_min_str = |
| 230 SSLProtocolVersionToString(default_config.version_min); | 233 SSLProtocolVersionToString(default_config.version_min); |
| 231 std::string version_max_str = | 234 std::string version_max_str = |
| 232 SSLProtocolVersionToString(default_config.version_max); | 235 SSLProtocolVersionToString(default_config.version_max); |
| 236 std::string version_fallback_min_str = |
| 237 SSLProtocolVersionToString(default_config.version_fallback_min); |
| 233 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); | 238 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); |
| 234 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); | 239 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); |
| 240 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, |
| 241 version_fallback_min_str); |
| 235 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, | 242 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, |
| 236 !default_config.false_start_enabled); | 243 !default_config.false_start_enabled); |
| 237 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); | 244 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
| 238 } | 245 } |
| 239 | 246 |
| 240 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 247 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
| 241 return ssl_config_service_.get(); | 248 return ssl_config_service_.get(); |
| 242 } | 249 } |
| 243 | 250 |
| 244 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 251 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
| (...skipping 23 matching lines...) Expand all Loading... |
| 268 // rev_checking_enabled was formerly a user-settable preference, but now | 275 // rev_checking_enabled was formerly a user-settable preference, but now |
| 269 // it is managed-only. | 276 // it is managed-only. |
| 270 if (rev_checking_enabled_.IsManaged()) | 277 if (rev_checking_enabled_.IsManaged()) |
| 271 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); | 278 config->rev_checking_enabled = rev_checking_enabled_.GetValue(); |
| 272 else | 279 else |
| 273 config->rev_checking_enabled = false; | 280 config->rev_checking_enabled = false; |
| 274 config->rev_checking_required_local_anchors = | 281 config->rev_checking_required_local_anchors = |
| 275 rev_checking_required_local_anchors_.GetValue(); | 282 rev_checking_required_local_anchors_.GetValue(); |
| 276 std::string version_min_str = ssl_version_min_.GetValue(); | 283 std::string version_min_str = ssl_version_min_.GetValue(); |
| 277 std::string version_max_str = ssl_version_max_.GetValue(); | 284 std::string version_max_str = ssl_version_max_.GetValue(); |
| 285 std::string version_fallback_min_str = ssl_version_fallback_min_.GetValue(); |
| 278 config->version_min = net::kDefaultSSLVersionMin; | 286 config->version_min = net::kDefaultSSLVersionMin; |
| 279 config->version_max = net::kDefaultSSLVersionMax; | 287 config->version_max = net::kDefaultSSLVersionMax; |
| 288 config->version_fallback_min = net::kDefaultSSLVersionFallbackMin; |
| 280 uint16 version_min = SSLProtocolVersionFromString(version_min_str); | 289 uint16 version_min = SSLProtocolVersionFromString(version_min_str); |
| 281 uint16 version_max = SSLProtocolVersionFromString(version_max_str); | 290 uint16 version_max = SSLProtocolVersionFromString(version_max_str); |
| 291 uint16 version_fallback_min = |
| 292 SSLProtocolVersionFromString(version_fallback_min_str); |
| 282 if (version_min) { | 293 if (version_min) { |
| 283 // TODO(wtc): get the minimum SSL protocol version supported by the | 294 // TODO(wtc): get the minimum SSL protocol version supported by the |
| 284 // SSLClientSocket class. Right now it happens to be the same as the | 295 // SSLClientSocket class. Right now it happens to be the same as the |
| 285 // default minimum SSL protocol version because we enable all supported | 296 // default minimum SSL protocol version because we enable all supported |
| 286 // versions by default. | 297 // versions by default. |
| 287 uint16 supported_version_min = config->version_min; | 298 uint16 supported_version_min = config->version_min; |
| 288 config->version_min = std::max(supported_version_min, version_min); | 299 config->version_min = std::max(supported_version_min, version_min); |
| 289 } | 300 } |
| 290 if (version_max) { | 301 if (version_max) { |
| 291 // TODO(wtc): get the maximum SSL protocol version supported by the | 302 // TODO(wtc): get the maximum SSL protocol version supported by the |
| 292 // SSLClientSocket class. | 303 // SSLClientSocket class. |
| 293 uint16 supported_version_max = config->version_max; | 304 uint16 supported_version_max = config->version_max; |
| 294 config->version_max = std::min(supported_version_max, version_max); | 305 config->version_max = std::min(supported_version_max, version_max); |
| 295 } | 306 } |
| 307 if (version_fallback_min) { |
| 308 config->version_fallback_min = version_fallback_min; |
| 309 } |
| 296 config->disabled_cipher_suites = disabled_cipher_suites_; | 310 config->disabled_cipher_suites = disabled_cipher_suites_; |
| 297 // disabling False Start also happens to disable record splitting. | 311 // disabling False Start also happens to disable record splitting. |
| 298 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); | 312 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); |
| 299 } | 313 } |
| 300 | 314 |
| 301 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 315 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
| 302 PrefService* local_state) { | 316 PrefService* local_state) { |
| 303 const base::ListValue* value = | 317 const base::ListValue* value = |
| 304 local_state->GetList(prefs::kCipherSuiteBlacklist); | 318 local_state->GetList(prefs::kCipherSuiteBlacklist); |
| 305 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 319 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
| 306 } | 320 } |
| 307 | 321 |
| 308 //////////////////////////////////////////////////////////////////////////////// | 322 //////////////////////////////////////////////////////////////////////////////// |
| 309 // SSLConfigServiceManager | 323 // SSLConfigServiceManager |
| 310 | 324 |
| 311 // static | 325 // static |
| 312 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 326 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
| 313 PrefService* local_state) { | 327 PrefService* local_state) { |
| 314 return new SSLConfigServiceManagerPref(local_state); | 328 return new SSLConfigServiceManagerPref(local_state); |
| 315 } | 329 } |
| 316 | 330 |
| 317 // static | 331 // static |
| 318 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 332 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
| 319 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 333 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
| 320 } | 334 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 619463002:
net: disable SSLv3 fallback. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master