Chromium Code Reviews Chromium Code Reviews
Issue 83333003:
Add support for fetching Certificate Transparency SCTs over a TLS extension (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include "chrome/browser/net/ssl_config_service_manager.h" | 4 #include "chrome/browser/net/ssl_config_service_manager.h" |
| 5 | 5 |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 169 | 169 |
| 170 PrefChangeRegistrar local_state_change_registrar_; | 170 PrefChangeRegistrar local_state_change_registrar_; |
| 171 | 171 |
| 172 // The local_state prefs (should only be accessed from UI thread) | 172 // The local_state prefs (should only be accessed from UI thread) |
| 173 BooleanPrefMember rev_checking_enabled_; | 173 BooleanPrefMember rev_checking_enabled_; |
| 174 BooleanPrefMember rev_checking_required_local_anchors_; | 174 BooleanPrefMember rev_checking_required_local_anchors_; |
| 175 StringPrefMember ssl_version_min_; | 175 StringPrefMember ssl_version_min_; |
| 176 StringPrefMember ssl_version_max_; | 176 StringPrefMember ssl_version_max_; |
| 177 BooleanPrefMember channel_id_enabled_; | 177 BooleanPrefMember channel_id_enabled_; |
| 178 BooleanPrefMember ssl_record_splitting_disabled_; | 178 BooleanPrefMember ssl_record_splitting_disabled_; |
| 179 BooleanPrefMember signed_cert_timestamps_enabled_; | |
| 179 BooleanPrefMember unrestricted_ssl3_fallback_enabled_; | 180 BooleanPrefMember unrestricted_ssl3_fallback_enabled_; |
| 180 | 181 |
| 181 // The cached list of disabled SSL cipher suites. | 182 // The cached list of disabled SSL cipher suites. |
| 182 std::vector<uint16> disabled_cipher_suites_; | 183 std::vector<uint16> disabled_cipher_suites_; |
| 183 | 184 |
| 184 scoped_refptr<SSLConfigServicePref> ssl_config_service_; | 185 scoped_refptr<SSLConfigServicePref> ssl_config_service_; |
| 185 | 186 |
| 186 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); | 187 DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref); |
| 187 }; | 188 }; |
| 188 | 189 |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 207 ssl_version_max_.Init( | 208 ssl_version_max_.Init( |
| 208 prefs::kSSLVersionMax, local_state, local_state_callback); | 209 prefs::kSSLVersionMax, local_state, local_state_callback); |
| 209 channel_id_enabled_.Init( | 210 channel_id_enabled_.Init( |
| 210 prefs::kEnableOriginBoundCerts, local_state, local_state_callback); | 211 prefs::kEnableOriginBoundCerts, local_state, local_state_callback); |
| 211 ssl_record_splitting_disabled_.Init( | 212 ssl_record_splitting_disabled_.Init( |
| 212 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); | 213 prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); |
| 213 unrestricted_ssl3_fallback_enabled_.Init( | 214 unrestricted_ssl3_fallback_enabled_.Init( |
| 214 prefs::kEnableUnrestrictedSSL3Fallback, | 215 prefs::kEnableUnrestrictedSSL3Fallback, |
| 215 local_state, | 216 local_state, |
| 216 local_state_callback); | 217 local_state_callback); |
| 218 signed_cert_timestamps_enabled_.Init( | |
|
wtc
2013/11/26 22:46:12
Nit: move this up to follow ssl_record_splitting_d
ekasper
2013/11/27 14:09:04
No longer applies: this part is reverted.
| |
| 219 prefs::kEnableSignedCertTimestamps, local_state, local_state_callback); | |
| 217 | 220 |
| 218 local_state_change_registrar_.Init(local_state); | 221 local_state_change_registrar_.Init(local_state); |
| 219 local_state_change_registrar_.Add( | 222 local_state_change_registrar_.Add( |
| 220 prefs::kCipherSuiteBlacklist, local_state_callback); | 223 prefs::kCipherSuiteBlacklist, local_state_callback); |
| 221 | 224 |
| 222 OnDisabledCipherSuitesChange(local_state); | 225 OnDisabledCipherSuitesChange(local_state); |
| 223 | 226 |
| 224 // Initialize from UI thread. This is okay as there shouldn't be anything on | 227 // Initialize from UI thread. This is okay as there shouldn't be anything on |
| 225 // the IO thread trying to access it yet. | 228 // the IO thread trying to access it yet. |
| 226 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); | 229 GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_); |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 239 std::string version_max_str = | 242 std::string version_max_str = |
| 240 SSLProtocolVersionToString(default_config.version_max); | 243 SSLProtocolVersionToString(default_config.version_max); |
| 241 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); | 244 registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); |
| 242 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); | 245 registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); |
| 243 registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts, | 246 registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts, |
| 244 default_config.channel_id_enabled); | 247 default_config.channel_id_enabled); |
| 245 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, | 248 registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, |
| 246 !default_config.false_start_enabled); | 249 !default_config.false_start_enabled); |
| 247 registry->RegisterBooleanPref(prefs::kEnableUnrestrictedSSL3Fallback, | 250 registry->RegisterBooleanPref(prefs::kEnableUnrestrictedSSL3Fallback, |
| 248 default_config.unrestricted_ssl3_fallback_enabled); | 251 default_config.unrestricted_ssl3_fallback_enabled); |
| 252 registry->RegisterBooleanPref(prefs::kEnableSignedCertTimestamps, | |
| 253 default_config.signed_cert_timestamps_enabled); | |
| 249 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); | 254 registry->RegisterListPref(prefs::kCipherSuiteBlacklist); |
| 250 } | 255 } |
| 251 | 256 |
| 252 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { | 257 net::SSLConfigService* SSLConfigServiceManagerPref::Get() { |
| 253 return ssl_config_service_.get(); | 258 return ssl_config_service_.get(); |
| 254 } | 259 } |
| 255 | 260 |
| 256 void SSLConfigServiceManagerPref::OnPreferenceChanged( | 261 void SSLConfigServiceManagerPref::OnPreferenceChanged( |
| 257 PrefService* prefs, | 262 PrefService* prefs, |
| 258 const std::string& pref_name_in) { | 263 const std::string& pref_name_in) { |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 299 // SSLClientSocket class. | 304 // SSLClientSocket class. |
| 300 uint16 supported_version_max = config->version_max; | 305 uint16 supported_version_max = config->version_max; |
| 301 config->version_max = std::min(supported_version_max, version_max); | 306 config->version_max = std::min(supported_version_max, version_max); |
| 302 } | 307 } |
| 303 config->disabled_cipher_suites = disabled_cipher_suites_; | 308 config->disabled_cipher_suites = disabled_cipher_suites_; |
| 304 config->channel_id_enabled = channel_id_enabled_.GetValue(); | 309 config->channel_id_enabled = channel_id_enabled_.GetValue(); |
| 305 // disabling False Start also happens to disable record splitting. | 310 // disabling False Start also happens to disable record splitting. |
| 306 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); | 311 config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); |
| 307 config->unrestricted_ssl3_fallback_enabled = | 312 config->unrestricted_ssl3_fallback_enabled = |
| 308 unrestricted_ssl3_fallback_enabled_.GetValue(); | 313 unrestricted_ssl3_fallback_enabled_.GetValue(); |
| 314 config->signed_cert_timestamps_enabled = | |
|
wtc
2013/11/26 22:46:12
Nit: also move this up.
ekasper
2013/11/27 14:09:04
Ditto.
| |
| 315 signed_cert_timestamps_enabled_.GetValue(); | |
| 309 SSLConfigServicePref::SetSSLConfigFlags(config); | 316 SSLConfigServicePref::SetSSLConfigFlags(config); |
| 310 } | 317 } |
| 311 | 318 |
| 312 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( | 319 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( |
| 313 PrefService* local_state) { | 320 PrefService* local_state) { |
| 314 const ListValue* value = local_state->GetList(prefs::kCipherSuiteBlacklist); | 321 const ListValue* value = local_state->GetList(prefs::kCipherSuiteBlacklist); |
| 315 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); | 322 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); |
| 316 } | 323 } |
| 317 | 324 |
| 318 //////////////////////////////////////////////////////////////////////////////// | 325 //////////////////////////////////////////////////////////////////////////////// |
| 319 // SSLConfigServiceManager | 326 // SSLConfigServiceManager |
| 320 | 327 |
| 321 // static | 328 // static |
| 322 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( | 329 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( |
| 323 PrefService* local_state) { | 330 PrefService* local_state) { |
| 324 return new SSLConfigServiceManagerPref(local_state); | 331 return new SSLConfigServiceManagerPref(local_state); |
| 325 } | 332 } |
| 326 | 333 |
| 327 // static | 334 // static |
| 328 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { | 335 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { |
| 329 SSLConfigServiceManagerPref::RegisterPrefs(registry); | 336 SSLConfigServiceManagerPref::RegisterPrefs(registry); |
| 330 } | 337 } |
| OLD | NEW |
