OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
5 | 5 |
6 #include <algorithm> | 6 #include <algorithm> |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/metrics/field_trial.h" | |
12 #include "base/prefs/pref_change_registrar.h" | 13 #include "base/prefs/pref_change_registrar.h" |
13 #include "base/prefs/pref_member.h" | 14 #include "base/prefs/pref_member.h" |
14 #include "base/prefs/pref_registry_simple.h" | 15 #include "base/prefs/pref_registry_simple.h" |
15 #include "base/prefs/pref_service.h" | 16 #include "base/prefs/pref_service.h" |
16 #include "chrome/browser/chrome_notification_types.h" | 17 #include "chrome/browser/chrome_notification_types.h" |
18 #include "chrome/common/chrome_switches.h" | |
17 #include "chrome/common/pref_names.h" | 19 #include "chrome/common/pref_names.h" |
18 #include "components/content_settings/core/browser/content_settings_utils.h" | 20 #include "components/content_settings/core/browser/content_settings_utils.h" |
19 #include "components/content_settings/core/common/content_settings.h" | 21 #include "components/content_settings/core/common/content_settings.h" |
20 #include "content/public/browser/browser_thread.h" | 22 #include "content/public/browser/browser_thread.h" |
21 #include "net/ssl/ssl_cipher_suite_names.h" | 23 #include "net/ssl/ssl_cipher_suite_names.h" |
22 #include "net/ssl/ssl_config_service.h" | 24 #include "net/ssl/ssl_config_service.h" |
23 | 25 |
24 using content::BrowserThread; | 26 using content::BrowserThread; |
25 | 27 |
26 namespace { | 28 namespace { |
(...skipping 28 matching lines...) Expand all Loading... | |
55 LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: " | 57 LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: " |
56 << *it; | 58 << *it; |
57 continue; | 59 continue; |
58 } | 60 } |
59 cipher_suites.push_back(cipher_suite); | 61 cipher_suites.push_back(cipher_suite); |
60 } | 62 } |
61 std::sort(cipher_suites.begin(), cipher_suites.end()); | 63 std::sort(cipher_suites.begin(), cipher_suites.end()); |
62 return cipher_suites; | 64 return cipher_suites; |
63 } | 65 } |
64 | 66 |
65 // Returns the string representation of an SSL protocol version. Returns an | |
66 // empty string on error. | |
67 std::string SSLProtocolVersionToString(uint16 version) { | |
68 switch (version) { | |
69 case net::SSL_PROTOCOL_VERSION_SSL3: | |
70 return "ssl3"; | |
71 case net::SSL_PROTOCOL_VERSION_TLS1: | |
72 return "tls1"; | |
73 case net::SSL_PROTOCOL_VERSION_TLS1_1: | |
74 return "tls1.1"; | |
75 case net::SSL_PROTOCOL_VERSION_TLS1_2: | |
76 return "tls1.2"; | |
77 default: | |
78 NOTREACHED(); | |
79 return std::string(); | |
80 } | |
81 } | |
82 | |
83 // Returns the SSL protocol version (as a uint16) represented by a string. | 67 // Returns the SSL protocol version (as a uint16) represented by a string. |
84 // Returns 0 if the string is invalid. | 68 // Returns 0 if the string is invalid. |
85 uint16 SSLProtocolVersionFromString(const std::string& version_str) { | 69 uint16 SSLProtocolVersionFromString(const std::string& version_str) { |
86 uint16 version = 0; // Invalid. | 70 uint16 version = 0; // Invalid. |
87 if (version_str == "ssl3") { | 71 if (version_str == switches::kSSLVersionSSLv3) { |
88 version = net::SSL_PROTOCOL_VERSION_SSL3; | 72 version = net::SSL_PROTOCOL_VERSION_SSL3; |
89 } else if (version_str == "tls1") { | 73 } else if (version_str == switches::kSSLVersionTLSv1) { |
90 version = net::SSL_PROTOCOL_VERSION_TLS1; | 74 version = net::SSL_PROTOCOL_VERSION_TLS1; |
91 } else if (version_str == "tls1.1") { | 75 } else if (version_str == switches::kSSLVersionTLSv11) { |
92 version = net::SSL_PROTOCOL_VERSION_TLS1_1; | 76 version = net::SSL_PROTOCOL_VERSION_TLS1_1; |
93 } else if (version_str == "tls1.2") { | 77 } else if (version_str == switches::kSSLVersionTLSv12) { |
94 version = net::SSL_PROTOCOL_VERSION_TLS1_2; | 78 version = net::SSL_PROTOCOL_VERSION_TLS1_2; |
95 } | 79 } |
96 return version; | 80 return version; |
97 } | 81 } |
98 | 82 |
99 } // namespace | 83 } // namespace |
100 | 84 |
101 //////////////////////////////////////////////////////////////////////////////// | 85 //////////////////////////////////////////////////////////////////////////////// |
102 // SSLConfigServicePref | 86 // SSLConfigServicePref |
103 | 87 |
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
222 } | 206 } |
223 | 207 |
224 // static | 208 // static |
225 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { | 209 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { |
226 net::SSLConfig default_config; | 210 net::SSLConfig default_config; |
227 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, | 211 registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled, |
228 default_config.rev_checking_enabled); | 212 default_config.rev_checking_enabled); |
229 registry->RegisterBooleanPref( | 213 registry->RegisterBooleanPref( |
230 prefs::kCertRevocationCheckingRequiredLocalAnchors, | 214 prefs::kCertRevocationCheckingRequiredLocalAnchors, |
231 default_config.rev_checking_required_local_anchors); | 215 default_config.rev_checking_required_local_anchors); |
232 std::string version_min_str = | 216 registry->RegisterStringPref(prefs::kSSLVersionMin, ""); |
233 SSLProtocolVersionToString(default_config.version_min); | 217 registry->RegisterStringPref(prefs::kSSLVersionMax, ""); |
234 std::string version_max_str = | 218 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, ""); |
235 SSLProtocolVersionToString(default_config.version_max); | |
236 std::string version_fallback_min_str = | |
237 SSLProtocolVersionToString(default_config.version_fallback_min); | |
238 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); | |
239 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); | |
240 registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, | |
241 version_fallback_min_str); | |
242 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, | 219 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, |
243 !default_config.false_start_enabled); | 220 !default_config.false_start_enabled); |
244 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); | 221 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
245 } | 222 } |
246 | 223 |
247 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 224 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
248 return ssl_config_service_.get(); | 225 return ssl_config_service_.get(); |
249 } | 226 } |
250 | 227 |
251 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 228 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
290 uint16 version_max = SSLProtocolVersionFromString(version_max_str); | 267 uint16 version_max = SSLProtocolVersionFromString(version_max_str); |
291 uint16 version_fallback_min = | 268 uint16 version_fallback_min = |
292 SSLProtocolVersionFromString(version_fallback_min_str); | 269 SSLProtocolVersionFromString(version_fallback_min_str); |
293 if (version_min) { | 270 if (version_min) { |
294 // TODO(wtc): get the minimum SSL protocol version supported by the | 271 // TODO(wtc): get the minimum SSL protocol version supported by the |
295 // SSLClientSocket class. Right now it happens to be the same as the | 272 // SSLClientSocket class. Right now it happens to be the same as the |
296 // default minimum SSL protocol version because we enable all supported | 273 // default minimum SSL protocol version because we enable all supported |
297 // versions by default. | 274 // versions by default. |
298 uint16 supported_version_min = config->version_min; | 275 uint16 supported_version_min = config->version_min; |
299 config->version_min = std::max(supported_version_min, version_min); | 276 config->version_min = std::max(supported_version_min, version_min); |
277 } else { | |
278 const std::string group = | |
279 base::FieldTrialList::FindFullName("SSLv3"); | |
Ryan Hamilton
2014/11/03 23:02:52
Nit: it looks like this will all fit on one line?
agl
2014/11/04 19:00:32
Done.
| |
280 if (group == "Enabled") { | |
281 config->version_min = net::SSL_PROTOCOL_VERSION_SSL3; | |
282 } | |
300 } | 283 } |
301 if (version_max) { | 284 if (version_max) { |
302 // TODO(wtc): get the maximum SSL protocol version supported by the | 285 // TODO(wtc): get the maximum SSL protocol version supported by the |
303 // SSLClientSocket class. | 286 // SSLClientSocket class. |
304 uint16 supported_version_max = config->version_max; | 287 uint16 supported_version_max = config->version_max; |
305 config->version_max = std::min(supported_version_max, version_max); | 288 config->version_max = std::min(supported_version_max, version_max); |
306 } | 289 } |
307 if (version_fallback_min) { | 290 if (version_fallback_min) { |
308 config->version_fallback_min = version_fallback_min; | 291 config->version_fallback_min = version_fallback_min; |
309 } | 292 } |
(...skipping 15 matching lines...) Expand all Loading... | |
325 // static | 308 // static |
326 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 309 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
327 PrefService* local_state) { | 310 PrefService* local_state) { |
328 return new SSLConfigServiceManagerPref(local_state); | 311 return new SSLConfigServiceManagerPref(local_state); |
329 } | 312 } |
330 | 313 |
331 // static | 314 // static |
332 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 315 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
333 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 316 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
334 } | 317 } |
OLD | NEW |