diff options
author | pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-22 00:26:54 +0000 |
---|---|---|
committer | pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-22 00:26:54 +0000 |
commit | 05d0ad07f6cb6c3a2bec8aac2e792c50696c8025 (patch) | |
tree | bced787d1d986607ffe85b8f7cdc81e8ea25ce04 | |
parent | d15af082a647ed4d8468451ae37e40cfc6fed682 (diff) | |
download | chromium_src-05d0ad07f6cb6c3a2bec8aac2e792c50696c8025.zip chromium_src-05d0ad07f6cb6c3a2bec8aac2e792c50696c8025.tar.gz chromium_src-05d0ad07f6cb6c3a2bec8aac2e792c50696c8025.tar.bz2 |
Remove --enable-unrestricted-ssl3-fallback.
It looks like this isn't actually wired to anything.
BUG=354947
TEST=none
R=jhawkins@chromium.org, rsleevi@chromium.org
Review URL: https://codereview.chromium.org/200693006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258714 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | chrome/browser/net/ssl_config_service_manager_pref.cc | 9 | ||||
-rw-r--r-- | chrome/browser/net/ssl_config_service_manager_pref_unittest.cc | 24 | ||||
-rw-r--r-- | chrome/browser/prefs/command_line_pref_store.cc | 2 | ||||
-rw-r--r-- | chrome/common/chrome_switches.cc | 7 | ||||
-rw-r--r-- | chrome/common/chrome_switches.h | 1 | ||||
-rw-r--r-- | chrome/common/pref_names.cc | 2 | ||||
-rw-r--r-- | chrome/common/pref_names.h | 1 | ||||
-rw-r--r-- | net/ssl/ssl_config_service.cc | 5 | ||||
-rw-r--r-- | net/ssl/ssl_config_service.h | 7 | ||||
-rw-r--r-- | net/ssl/ssl_config_service_unittest.cc | 5 |
10 files changed, 3 insertions, 60 deletions
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc index 0aab9a6..706bcb0b 100644 --- a/chrome/browser/net/ssl_config_service_manager_pref.cc +++ b/chrome/browser/net/ssl_config_service_manager_pref.cc @@ -176,7 +176,6 @@ class SSLConfigServiceManagerPref StringPrefMember ssl_version_max_; BooleanPrefMember channel_id_enabled_; BooleanPrefMember ssl_record_splitting_disabled_; - BooleanPrefMember unrestricted_ssl3_fallback_enabled_; // The cached list of disabled SSL cipher suites. std::vector<uint16> disabled_cipher_suites_; @@ -210,10 +209,6 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( prefs::kEnableOriginBoundCerts, local_state, local_state_callback); ssl_record_splitting_disabled_.Init( prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); - unrestricted_ssl3_fallback_enabled_.Init( - prefs::kEnableUnrestrictedSSL3Fallback, - local_state, - local_state_callback); local_state_change_registrar_.Init(local_state); local_state_change_registrar_.Add( @@ -244,8 +239,6 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { default_config.channel_id_enabled); registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, !default_config.false_start_enabled); - registry->RegisterBooleanPref(prefs::kEnableUnrestrictedSSL3Fallback, - default_config.unrestricted_ssl3_fallback_enabled); registry->RegisterListPref(prefs::kCipherSuiteBlacklist); } @@ -304,8 +297,6 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( config->channel_id_enabled = channel_id_enabled_.GetValue(); // disabling False Start also happens to disable record splitting. config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); - config->unrestricted_ssl3_fallback_enabled = - unrestricted_ssl3_fallback_enabled_.GetValue(); } void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( diff --git a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc b/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc index 2cbfc05..753109c 100644 --- a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc +++ b/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc @@ -146,11 +146,8 @@ TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]); } -// Test that -// * without command-line settings for minimum and maximum SSL versions, -// SSL 3.0 ~ default_version_max() are enabled; -// * without --enable-unrestricted-ssl3-fallback, -// |unrestricted_ssl3_fallback_enabled| is false. +// Test that without command-line settings for minimum and maximum SSL versions, +// SSL 3.0 ~ default_version_max() are enabled. TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); @@ -174,13 +171,10 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min); EXPECT_EQ(net::SSLConfigService::default_version_max(), ssl_config.version_max); - EXPECT_FALSE(ssl_config.unrestricted_ssl3_fallback_enabled); // The settings should not be added to the local_state. EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin)); EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax)); - EXPECT_FALSE(local_state->HasPrefPath( - prefs::kEnableUnrestrictedSSL3Fallback)); // Explicitly double-check the settings are not in the preference store. std::string version_min_str; @@ -189,10 +183,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) { &version_min_str)); EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, &version_max_str)); - bool unrestricted_ssl3_fallback_enabled; - EXPECT_FALSE(local_state_store->GetBoolean( - prefs::kEnableUnrestrictedSSL3Fallback, - &unrestricted_ssl3_fallback_enabled)); } // Test that command-line settings for minimum and maximum SSL versions are @@ -203,7 +193,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { CommandLine command_line(CommandLine::NO_PROGRAM); command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1"); command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3"); - command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback); PrefServiceMockFactory factory; factory.set_user_prefs(local_state_store); @@ -224,7 +213,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { // Command-line flags should be respected. EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max); - EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled); // Explicitly double-check the settings are not in the preference store. const PrefService::Preference* version_min_pref = @@ -235,18 +223,10 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) { local_state->FindPreference(prefs::kSSLVersionMax); EXPECT_FALSE(version_max_pref->IsUserModifiable()); - const PrefService::Preference* ssl3_fallback_pref = - local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback); - EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable()); - std::string version_min_str; std::string version_max_str; EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin, &version_min_str)); EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax, &version_max_str)); - bool unrestricted_ssl3_fallback_enabled; - EXPECT_FALSE(local_state_store->GetBoolean( - prefs::kEnableUnrestrictedSSL3Fallback, - &unrestricted_ssl3_fallback_enabled)); } diff --git a/chrome/browser/prefs/command_line_pref_store.cc b/chrome/browser/prefs/command_line_pref_store.cc index 9cdbd4b..f2d6855 100644 --- a/chrome/browser/prefs/command_line_pref_store.cc +++ b/chrome/browser/prefs/command_line_pref_store.cc @@ -57,8 +57,6 @@ const CommandLinePrefStore::BooleanSwitchToPreferenceMapEntry { switches::kDisableTLSChannelID, prefs::kEnableOriginBoundCerts, false }, { switches::kDisableSSLFalseStart, prefs::kDisableSSLRecordSplitting, true }, - { switches::kEnableUnrestrictedSSL3Fallback, - prefs::kEnableUnrestrictedSSL3Fallback, true }, #if defined(GOOGLE_CHROME_BUILD) { switches::kDisablePrintPreview, prefs::kPrintPreviewDisabled, true }, #else diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index e277754..8c7efc6 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -707,13 +707,6 @@ const char kEnableThumbnailRetargeting[] = "enable-thumbnail-retargeting"; // Enables Translate experimental new UX which replaces the infobar. const char kEnableTranslateNewUX[] = "enable-translate-new-ux"; -// Enables unrestricted SSL 3.0 fallback. -// With this switch, SSL 3.0 fallback will be enabled for all sites. -// Without this switch, SSL 3.0 fallback will be disabled for a site -// pinned to the Google pin list (indicating that it is a Google site). -const char kEnableUnrestrictedSSL3Fallback[] = - "enable-unrestricted-ssl3-fallback"; - // Enables Alternate-Protocol when the port is user controlled (> 1024). const char kEnableUserAlternateProtocolPorts[] = "enable-user-controlled-alternate-protocol-ports"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index d0a932e..860b793 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -203,7 +203,6 @@ extern const char kEnableSyncArticles[]; extern const char kEnableSyncSyncedNotifications[]; extern const char kEnableThumbnailRetargeting[]; extern const char kEnableTranslateNewUX[]; -extern const char kEnableUnrestrictedSSL3Fallback[]; extern const char kEnableUserAlternateProtocolPorts[]; extern const char kEnableWatchdog[]; extern const char kEnableWebSocketOverSpdy[]; diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc index 4e62c2a..b7cd4c4 100644 --- a/chrome/common/pref_names.cc +++ b/chrome/common/pref_names.cc @@ -1357,8 +1357,6 @@ const char kSSLVersionMax[] = "ssl.version_max"; const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist"; const char kEnableOriginBoundCerts[] = "ssl.origin_bound_certs.enabled"; const char kDisableSSLRecordSplitting[] = "ssl.ssl_record_splitting.disabled"; -const char kEnableUnrestrictedSSL3Fallback[] = - "ssl.unrestricted_ssl3_fallback.enabled"; // A boolean pref of the EULA accepted flag. const char kEulaAccepted[] = "EulaAccepted"; diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h index bf6d2d6..04cc692 100644 --- a/chrome/common/pref_names.h +++ b/chrome/common/pref_names.h @@ -423,7 +423,6 @@ extern const char kSSLVersionMax[]; extern const char kCipherSuiteBlacklist[]; extern const char kEnableOriginBoundCerts[]; extern const char kDisableSSLRecordSplitting[]; -extern const char kEnableUnrestrictedSSL3Fallback[]; extern const char kGLVendorString[]; extern const char kGLRendererString[]; diff --git a/net/ssl/ssl_config_service.cc b/net/ssl/ssl_config_service.cc index ec9fcc3..ef98dc7 100644 --- a/net/ssl/ssl_config_service.cc +++ b/net/ssl/ssl_config_service.cc @@ -44,7 +44,6 @@ SSLConfig::SSLConfig() false_start_enabled(true), signed_cert_timestamps_enabled(true), require_forward_secrecy(false), - unrestricted_ssl3_fallback_enabled(false), send_client_cert(false), verify_ev_cert(false), version_fallback(false), @@ -149,9 +148,7 @@ void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, (orig_config.channel_id_enabled != new_config.channel_id_enabled) || (orig_config.false_start_enabled != new_config.false_start_enabled) || (orig_config.require_forward_secrecy != - new_config.require_forward_secrecy) || - (orig_config.unrestricted_ssl3_fallback_enabled != - new_config.unrestricted_ssl3_fallback_enabled); + new_config.require_forward_secrecy); if (config_changed) NotifySSLConfigChange(); diff --git a/net/ssl/ssl_config_service.h b/net/ssl/ssl_config_service.h index 08a59fd..54ad087 100644 --- a/net/ssl/ssl_config_service.h +++ b/net/ssl/ssl_config_service.h @@ -107,13 +107,6 @@ struct NET_EXPORT SSLConfig { // that could be extended if needed. bool require_forward_secrecy; - // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be - // enabled for all sites. - // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be - // disabled for a site pinned to the Google pin list (indicating that it is a - // Google site). - bool unrestricted_ssl3_fallback_enabled; - // TODO(wtc): move the following members to a new SSLParams structure. They // are not SSL configuration settings. diff --git a/net/ssl/ssl_config_service_unittest.cc b/net/ssl/ssl_config_service_unittest.cc index 42c8ae4..e8a4c33 100644 --- a/net/ssl/ssl_config_service_unittest.cc +++ b/net/ssl/ssl_config_service_unittest.cc @@ -69,7 +69,6 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) { SSLConfig initial_config; initial_config.rev_checking_enabled = true; initial_config.false_start_enabled = false; - initial_config.unrestricted_ssl3_fallback_enabled = false; initial_config.version_min = SSL_PROTOCOL_VERSION_SSL3; initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1; @@ -87,10 +86,6 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) { EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); mock_service->SetSSLConfig(initial_config); - initial_config.unrestricted_ssl3_fallback_enabled = true; - EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); - mock_service->SetSSLConfig(initial_config); - // Test that changing the SSL version range triggers updates. initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1; EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1); |