net: add *.yodlee.com to False Start blacklist

(At the request of A10 networks.)

BUG=53690
TEST=net_unittests

http://codereview.chromium.org/3235009/show

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@58191 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 52 insertions, 3 deletions

diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc
index d677c81..4fc738a 100644
--- a/net/base/ssl_config_service.cc
+++ b/net/base/ssl_config_service.cc
@@ -60,17 +60,32 @@ bool SSLConfigService::IsKnownFalseStartIncompatibleServer(
     const std::string& hostname) {
   // If this list starts growing, it'll need to be something more efficient
   // than a linear list.
-  static const char kFalseStartIncompatibleServers[][23] = {
-      "moneycenter.yodlee.com",
+  static const char kFalseStartIncompatibleServers[][15] = {
       "www.picnik.com",
   };
 
+  static const char kFalseStartIncompatibleDomains[][11] = {
+      // Added at the request of A10.
+      "yodlee.com",
+  };
+
+  // Note that the hostname is normalised to lower-case by this point.
   for (size_t i = 0; i < arraysize(kFalseStartIncompatibleServers); i++) {
-    // Note that the hostname is normalised to lower-case by this point.
     if (strcmp(hostname.c_str(), kFalseStartIncompatibleServers[i]) == 0)
       return true;
   }
 
+  for (size_t i = 0; i < arraysize(kFalseStartIncompatibleDomains); i++) {
+    const char* domain = kFalseStartIncompatibleDomains[i];
+    const size_t len = strlen(domain);
+    if (hostname.size() >= len &&
+        memcmp(&hostname[hostname.size() - len], domain, len) == 0 &&
+        (hostname.size() == len ||
+         hostname[hostname.size() - len - 1] == '.')) {
+      return true;
+    }
+  }
+
   return false;
 }
 
diff --git a/net/base/ssl_config_service_unittest.cc b/net/base/ssl_config_service_unittest.cc
new file mode 100644
index 0000000..47af3ee
--- /dev/null
+++ b/net/base/ssl_config_service_unittest.cc
@@ -0,0 +1,33 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/base/ssl_config_service.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+class SSLConfigServiceTest : public testing::Test {
+};
+
+bool IsFalseStartIncompatible(const std::string& hostname) {
+  return net::SSLConfigService::IsKnownFalseStartIncompatibleServer(
+      hostname);
+}
+
+}  // namespace
+
+TEST(SSLConfigServiceTest, FalseStartDisabledHosts) {
+  EXPECT_TRUE(IsFalseStartIncompatible("www.picnik.com"));
+  EXPECT_FALSE(IsFalseStartIncompatible("picnikfoo.com"));
+  EXPECT_FALSE(IsFalseStartIncompatible("foopicnik.com"));
+}
+
+TEST(SSLConfigServiceTest, FalseStartDisabledDomains) {
+  EXPECT_TRUE(IsFalseStartIncompatible("yodlee.com"));
+  EXPECT_TRUE(IsFalseStartIncompatible("a.yodlee.com"));
+  EXPECT_TRUE(IsFalseStartIncompatible("b.a.yodlee.com"));
+  EXPECT_FALSE(IsFalseStartIncompatible("ayodlee.com"));
+  EXPECT_FALSE(IsFalseStartIncompatible("yodleea.com"));
+  EXPECT_FALSE(IsFalseStartIncompatible("yodlee.org"));
+}
diff --git a/net/net.gyp b/net/net.gyp
index 4c5f0aa..c00ca47 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -730,6 +730,7 @@
         'base/ssl_cipher_suite_names_unittest.cc',
         'base/ssl_client_auth_cache_unittest.cc',
         'base/ssl_config_service_mac_unittest.cc',
+        'base/ssl_config_service_unittest.cc',
         'base/ssl_config_service_win_unittest.cc',
         'base/static_cookie_policy_unittest.cc',
         'base/transport_security_state_unittest.cc',