Pref-backed SSLConfigService for Linux.

Makes SSLConfigService into a ref-counted interface, and makes Profile own an SSLConfigServiceFactory which is used to create the SSLConfigService and pass it through the URLRequestContext on down to where it is actually used. R=eroman,wtc BUG=11507,19290 Review URL: http://codereview.chromium.org/165003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23757 0039d316-1c4b-4281-b951-d872f2087c98
author: mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-08-19 21:48:42 +0000
committer: mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-08-19 21:48:42 +0000
commit: db36938cb26cf265a5fd93690a8e783d01406958 (patch)
tree: 7261d389592cdfbbb3063f223455518db12d3bda /chrome/browser
parent: 0d1872ebba9b790f3a33bcaecc11258ea924b397 (diff)
download: chromium_src-db36938cb26cf265a5fd93690a8e783d01406958.zip
chromium_src-db36938cb26cf265a5fd93690a8e783d01406958.tar.gz
chromium_src-db36938cb26cf265a5fd93690a8e783d01406958.tar.bz2
12 files changed, 463 insertions, 25 deletions
diff --git a/chrome/browser/automation/automation_profile_impl.h b/chrome/browser/automation/automation_profile_impl.h
index 2262d68..ced38cd 100644
--- a/chrome/browser/automation/automation_profile_impl.h
+++ b/chrome/browser/automation/automation_profile_impl.h
@@ -120,6 +120,9 @@ class AutomationProfileImpl : public Profile {
   virtual URLRequestContext* GetRequestContextForExtensions() {
     return original_profile_->GetRequestContextForExtensions();
   }
+  virtual net::SSLConfigService* GetSSLConfigService() {
+    return original_profile_->GetSSLConfigService();
+  }
   virtual Blacklist* GetBlacklist() {
     return original_profile_->GetBlacklist();
   }
@@ -199,4 +202,3 @@ class AutomationProfileImpl : public Profile {
 };
 
 #endif  // CHROME_BROWSER_AUTOMATION_AUTOMATION_PROFILE_IMPL_H_
-
diff --git a/chrome/browser/gtk/options/advanced_contents_gtk.cc b/chrome/browser/gtk/options/advanced_contents_gtk.cc
index a4dd27f..416c925 100644
--- a/chrome/browser/gtk/options/advanced_contents_gtk.cc
+++ b/chrome/browser/gtk/options/advanced_contents_gtk.cc
@@ -62,6 +62,16 @@ GtkWidget* CreateCheckButtonWithWrappedLabel(int string_id) {
   return checkbox;
 }
 
+GtkWidget* AddCheckButtonWithWrappedLabel(int string_id,
+                                          GtkWidget* container,
+                                          GCallback handler,
+                                          gpointer data) {
+  GtkWidget* checkbox = CreateCheckButtonWithWrappedLabel(string_id);
+  gtk_box_pack_start(GTK_BOX(container), checkbox, FALSE, FALSE, 0);
+  g_signal_connect(checkbox, "toggled", handler, data);
+  return checkbox;
+}
+
 // Don't let the widget handle scroll events. Instead, pass it on to the
 // parent widget.
 gboolean PassScrollToParent(GtkWidget* widget, GdkEvent* event,
@@ -142,13 +152,13 @@ class DownloadSection : public OptionsPageBase {
 
   // Flag to ignore gtk callbacks while we are loading prefs, to avoid
   // then turning around and saving them again.
-  bool initializing_;
+  bool pref_changing_;
 
   DISALLOW_COPY_AND_ASSIGN(DownloadSection);
 };
 
 DownloadSection::DownloadSection(Profile* profile)
-    : OptionsPageBase(profile), initializing_(true) {
+    : OptionsPageBase(profile), pref_changing_(true) {
   page_ = gtk_vbox_new(FALSE, gtk_util::kControlSpacing);
 
   // Download location options.
@@ -223,7 +233,7 @@ DownloadSection::DownloadSection(Profile* profile)
 }
 
 void DownloadSection::NotifyPrefChanged(const std::wstring* pref_name) {
-  initializing_ = true;
+  pref_changing_ = true;
   if (!pref_name || *pref_name == prefs::kDownloadDefaultDirectory) {
     gtk_file_chooser_set_current_folder(
         GTK_FILE_CHOOSER(download_location_button_),
@@ -243,13 +253,13 @@ void DownloadSection::NotifyPrefChanged(const std::wstring* pref_name) {
     gtk_widget_set_sensitive(reset_file_handlers_label_, enabled);
     gtk_widget_set_sensitive(reset_file_handlers_button_, enabled);
   }
-  initializing_ = false;
+  pref_changing_ = false;
 }
 
 // static
 void DownloadSection::OnDownloadLocationChanged(GtkFileChooser* widget,
                                                 DownloadSection* section) {
-  if (section->initializing_)
+  if (section->pref_changing_)
     return;
 
   gchar* folder = gtk_file_chooser_get_filename(widget);
@@ -267,7 +277,7 @@ void DownloadSection::OnDownloadLocationChanged(GtkFileChooser* widget,
 // static
 void DownloadSection::OnDownloadAskForSaveLocationChanged(
     GtkWidget* widget, DownloadSection* section) {
-  if (section->initializing_)
+  if (section->pref_changing_)
     return;
   bool enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
   if (enabled) {
@@ -464,14 +474,14 @@ class PrivacySection : public OptionsPageBase {
 
   // Flag to ignore gtk callbacks while we are loading prefs, to avoid
   // then turning around and saving them again.
-  bool initializing_;
+  bool pref_changing_;
 
   DISALLOW_COPY_AND_ASSIGN(PrivacySection);
 };
 
 PrivacySection::PrivacySection(Profile* profile)
     : OptionsPageBase(profile),
-      initializing_(true) {
+      pref_changing_(true) {
   page_ = gtk_vbox_new(FALSE, gtk_util::kControlSpacing);
 
   GtkWidget* section_description_label = CreateWrappedLabel(
@@ -591,7 +601,7 @@ void PrivacySection::OnLearnMoreLinkClicked(GtkButton *button,
 // static
 void PrivacySection::OnEnableLinkDoctorChange(GtkWidget* widget,
                                               PrivacySection* privacy_section) {
-  if (privacy_section->initializing_)
+  if (privacy_section->pref_changing_)
     return;
   bool enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
   privacy_section->UserMetricsRecordAction(
@@ -605,7 +615,7 @@ void PrivacySection::OnEnableLinkDoctorChange(GtkWidget* widget,
 // static
 void PrivacySection::OnEnableSuggestChange(GtkWidget* widget,
                                            PrivacySection* privacy_section) {
-  if (privacy_section->initializing_)
+  if (privacy_section->pref_changing_)
     return;
   bool enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
   privacy_section->UserMetricsRecordAction(
@@ -619,7 +629,7 @@ void PrivacySection::OnEnableSuggestChange(GtkWidget* widget,
 // static
 void PrivacySection::OnDNSPrefetchingChange(GtkWidget* widget,
                                            PrivacySection* privacy_section) {
-  if (privacy_section->initializing_)
+  if (privacy_section->pref_changing_)
     return;
   bool enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
   privacy_section->UserMetricsRecordAction(
@@ -634,7 +644,7 @@ void PrivacySection::OnDNSPrefetchingChange(GtkWidget* widget,
 // static
 void PrivacySection::OnSafeBrowsingChange(GtkWidget* widget,
                                           PrivacySection* privacy_section) {
-  if (privacy_section->initializing_)
+  if (privacy_section->pref_changing_)
     return;
   bool enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
   privacy_section->UserMetricsRecordAction(
@@ -652,7 +662,7 @@ void PrivacySection::OnSafeBrowsingChange(GtkWidget* widget,
 // static
 void PrivacySection::OnLoggingChange(GtkWidget* widget,
                                      PrivacySection* privacy_section) {
-  if (privacy_section->initializing_)
+  if (privacy_section->pref_changing_)
     return;
   bool enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
   privacy_section->UserMetricsRecordAction(
@@ -677,7 +687,7 @@ void PrivacySection::OnLoggingChange(GtkWidget* widget,
 // static
 void PrivacySection::OnCookieBehaviorChanged(GtkComboBox* combo_box,
                                              PrivacySection* privacy_section) {
-  if (privacy_section->initializing_)
+  if (privacy_section->pref_changing_)
     return;
   net::CookiePolicy::Type cookie_policy =
       net::CookiePolicy::FromInt(gtk_combo_box_get_active(combo_box));
@@ -704,7 +714,7 @@ void PrivacySection::OnShowCookiesButtonClicked(
 }
 
 void PrivacySection::NotifyPrefChanged(const std::wstring* pref_name) {
-  initializing_ = true;
+  pref_changing_ = true;
   if (!pref_name || *pref_name == prefs::kAlternateErrorPagesEnabled) {
     gtk_toggle_button_set_active(
         GTK_TOGGLE_BUTTON(enable_link_doctor_checkbox_),
@@ -737,7 +747,7 @@ void PrivacySection::NotifyPrefChanged(const std::wstring* pref_name) {
         GTK_COMBO_BOX(cookie_behavior_combobox_),
         net::CookiePolicy::FromInt(cookie_behavior_.GetValue()));
   }
-  initializing_ = false;
+  pref_changing_ = false;
 }
 
 void PrivacySection::ResolveMetricsReportingEnabled() {
@@ -780,18 +790,43 @@ class SecuritySection : public OptionsPageBase {
   }
 
  private:
+  // Overridden from OptionsPageBase.
+  virtual void NotifyPrefChanged(const std::wstring* pref_name);
+
   // The callback functions for the options widgets.
   static void OnManageCertificatesClicked(GtkButton* button,
                                           SecuritySection* section);
+  static void OnRevCheckingEnabledToggled(GtkToggleButton* togglebutton,
+                                          SecuritySection* section);
+  static void OnSSL2EnabledToggled(GtkToggleButton* togglebutton,
+                                   SecuritySection* section);
+  static void OnSSL3EnabledToggled(GtkToggleButton* togglebutton,
+                                   SecuritySection* section);
+  static void OnTLS1EnabledToggled(GtkToggleButton* togglebutton,
+                                   SecuritySection* section);
 
   // The widget containing the options for this section.
   GtkWidget* page_;
+  GtkWidget* rev_checking_enabled_checkbox_;
+  GtkWidget* ssl2_enabled_checkbox_;
+  GtkWidget* ssl3_enabled_checkbox_;
+  GtkWidget* tls1_enabled_checkbox_;
+
+  // SSLConfigService prefs.
+  BooleanPrefMember rev_checking_enabled_;
+  BooleanPrefMember ssl2_enabled_;
+  BooleanPrefMember ssl3_enabled_;
+  BooleanPrefMember tls1_enabled_;
+
+  // Flag to ignore gtk callbacks while we are loading prefs, to avoid
+  // then turning around and saving them again.
+  bool pref_changing_;
 
   DISALLOW_COPY_AND_ASSIGN(SecuritySection);
 };
 
 SecuritySection::SecuritySection(Profile* profile)
-    : OptionsPageBase(profile) {
+    : OptionsPageBase(profile), pref_changing_(true) {
   page_ = gtk_vbox_new(FALSE, gtk_util::kControlSpacing);
 
   GtkWidget* manage_certificates_label = CreateWrappedLabel(
@@ -814,9 +849,52 @@ SecuritySection::SecuritySection(Profile* profile)
   g_signal_connect(manage_certificates_link, "clicked",
                    G_CALLBACK(OnManageCertificatesClicked), this);
 
-  // TODO(mattm): add SSLConfigService options when that is ported to Linux
+  // TODO(mattm): should have a description label here and have the checkboxes
+  // indented, but IDS_OPTIONS_SSL_GROUP_DESCRIPTION isn't appropriate and
+  // didn't think of adding a Linux specific one before the string freeze.
+  rev_checking_enabled_checkbox_ = AddCheckButtonWithWrappedLabel(
+      IDS_OPTIONS_SSL_CHECKREVOCATION, page_,
+      G_CALLBACK(OnRevCheckingEnabledToggled), this);
+  ssl2_enabled_checkbox_ = AddCheckButtonWithWrappedLabel(
+      IDS_OPTIONS_SSL_USESSL2, page_, G_CALLBACK(OnSSL2EnabledToggled), this);
+  ssl3_enabled_checkbox_ = AddCheckButtonWithWrappedLabel(
+      IDS_OPTIONS_SSL_USESSL3, page_, G_CALLBACK(OnSSL3EnabledToggled), this);
+  tls1_enabled_checkbox_ = AddCheckButtonWithWrappedLabel(
+      IDS_OPTIONS_SSL_USETLS1, page_, G_CALLBACK(OnTLS1EnabledToggled), this);
+
+
+  rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled,
+                             profile->GetPrefs(), this);
+  ssl2_enabled_.Init(prefs::kSSL2Enabled, profile->GetPrefs(), this);
+  ssl3_enabled_.Init(prefs::kSSL3Enabled, profile->GetPrefs(), this);
+  tls1_enabled_.Init(prefs::kTLS1Enabled, profile->GetPrefs(), this);
+
+  NotifyPrefChanged(NULL);
+}
+
+void SecuritySection::NotifyPrefChanged(const std::wstring* pref_name) {
+  pref_changing_ = true;
+  if (!pref_name || *pref_name == prefs::kCertRevocationCheckingEnabled) {
+    gtk_toggle_button_set_active(
+        GTK_TOGGLE_BUTTON(rev_checking_enabled_checkbox_),
+        rev_checking_enabled_.GetValue());
+  }
+  if (!pref_name || *pref_name == prefs::kSSL2Enabled) {
+    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(ssl2_enabled_checkbox_),
+                                 ssl2_enabled_.GetValue());
+  }
+  if (!pref_name || *pref_name == prefs::kSSL3Enabled) {
+    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(ssl3_enabled_checkbox_),
+                                 ssl3_enabled_.GetValue());
+  }
+  if (!pref_name || *pref_name == prefs::kTLS1Enabled) {
+    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(tls1_enabled_checkbox_),
+                                 tls1_enabled_.GetValue());
+  }
+  pref_changing_ = false;
 }
 
+
 // static
 void SecuritySection::OnManageCertificatesClicked(GtkButton* button,
                                                   SecuritySection* section) {
@@ -825,6 +903,68 @@ void SecuritySection::OnManageCertificatesClicked(GtkButton* button,
               GURL(), NEW_WINDOW, PageTransition::LINK);
 }
 
+// static
+void SecuritySection::OnRevCheckingEnabledToggled(GtkToggleButton* togglebutton,
+                                                  SecuritySection* section) {
+  if (section->pref_changing_)
+    return;
+
+  bool enabled = gtk_toggle_button_get_active(togglebutton);
+  if (enabled) {
+    section->UserMetricsRecordAction(L"Options_CheckCertRevocation_Enable",
+                                     NULL);
+  } else {
+    section->UserMetricsRecordAction(L"Options_CheckCertRevocation_Disable",
+                                     NULL);
+  }
+  section->rev_checking_enabled_.SetValue(enabled);
+}
+
+// static
+void SecuritySection::OnSSL2EnabledToggled(GtkToggleButton* togglebutton,
+                                           SecuritySection* section) {
+  if (section->pref_changing_)
+    return;
+
+  bool enabled = gtk_toggle_button_get_active(togglebutton);
+  if (enabled) {
+    section->UserMetricsRecordAction(L"Options_SSL2_Enable", NULL);
+  } else {
+    section->UserMetricsRecordAction(L"Options_SSL2_Disable", NULL);
+  }
+  section->ssl2_enabled_.SetValue(enabled);
+}
+
+// static
+void SecuritySection::OnSSL3EnabledToggled(GtkToggleButton* togglebutton,
+                                           SecuritySection* section) {
+  if (section->pref_changing_)
+    return;
+
+  bool enabled = gtk_toggle_button_get_active(togglebutton);
+  if (enabled) {
+    section->UserMetricsRecordAction(L"Options_SSL3_Enable", NULL);
+  } else {
+    section->UserMetricsRecordAction(L"Options_SSL3_Disable", NULL);
+  }
+  section->ssl3_enabled_.SetValue(enabled);
+}
+
+// static
+void SecuritySection::OnTLS1EnabledToggled(GtkToggleButton* togglebutton,
+                                           SecuritySection* section) {
+  if (section->pref_changing_)
+    return;
+
+  bool enabled = gtk_toggle_button_get_active(togglebutton);
+  if (enabled) {
+    section->UserMetricsRecordAction(L"Options_TLS1_Enable", NULL);
+  } else {
+    section->UserMetricsRecordAction(L"Options_TLS1_Disable", NULL);
+  }
+  section->tls1_enabled_.SetValue(enabled);
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 // WebContentSection
 
diff --git a/chrome/browser/net/chrome_url_request_context.cc b/chrome/browser/net/chrome_url_request_context.cc
index 16299ba..891bd82 100644
--- a/chrome/browser/net/chrome_url_request_context.cc
+++ b/chrome/browser/net/chrome_url_request_context.cc
@@ -121,6 +121,7 @@ ChromeURLRequestContext* ChromeURLRequestContext::CreateOriginal(
   net::HttpCache* cache =
       new net::HttpCache(context->host_resolver_,
                          context->proxy_service_,
+                         context->ssl_config_service_,
                          disk_cache_path.ToWStringHack(), cache_size);
 
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
@@ -207,7 +208,8 @@ ChromeURLRequestContext* ChromeURLRequestContext::CreateOffTheRecord(
       profile->GetOriginalProfile()->GetRequestContext()->proxy_service();
 
   context->http_transaction_factory_ =
-      new net::HttpCache(context->host_resolver_, context->proxy_service_, 0);
+      new net::HttpCache(context->host_resolver_, context->proxy_service_,
+                         context->ssl_config_service_, 0);
   context->cookie_store_ = new net::CookieMonster;
 
   // The kNewFtp switch is Windows specific because we have multiple FTP
@@ -274,6 +276,7 @@ ChromeURLRequestContext* ChromeURLRequestContext::CreateRequestContextForMedia(
     // new set of network stack.
     cache = new net::HttpCache(original_context->host_resolver(),
                                original_context->proxy_service(),
+                               original_context->ssl_config_service(),
                                disk_cache_path.ToWStringHack(), cache_size);
   }
 
@@ -337,6 +340,8 @@ ChromeURLRequestContext::ChromeURLRequestContext(Profile* profile)
     registrar_.Add(this, NotificationType::EXTENSION_UNLOADED,
                    NotificationService::AllSources());
   }
+
+  ssl_config_service_ = profile->GetSSLConfigService();
 }
 
 ChromeURLRequestContext::ChromeURLRequestContext(
@@ -344,6 +349,7 @@ ChromeURLRequestContext::ChromeURLRequestContext(
   // Set URLRequestContext members
   host_resolver_ = other->host_resolver_;
   proxy_service_ = other->proxy_service_;
+  ssl_config_service_ = other->ssl_config_service_;
   http_transaction_factory_ = other->http_transaction_factory_;
   ftp_transaction_factory_ = other->ftp_transaction_factory_;
   cookie_store_ = other->cookie_store_;
diff --git a/chrome/browser/net/ssl_config_service_manager.h b/chrome/browser/net/ssl_config_service_manager.h
new file mode 100644
index 0000000..d2a351f
--- /dev/null
+++ b/chrome/browser/net/ssl_config_service_manager.h
@@ -0,0 +1,31 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_NET_SSL_CONFIG_SERVICE_MANAGER_H_
+#define CHROME_BROWSER_NET_SSL_CONFIG_SERVICE_MANAGER_H_
+
+namespace net {
+class SSLConfigService;
+}  // namespace net
+
+class Profile;
+
+// An interface for creating SSLConfigService objects for the current platform.
+class SSLConfigServiceManager {
+ public:
+  // Create an instance of the default SSLConfigServiceManager for the current
+  // platform. The lifetime of the profile must be longer than that of the
+  // factory.
+  static SSLConfigServiceManager* CreateDefaultManager(Profile* profile);
+
+  virtual ~SSLConfigServiceManager() {}
+
+  // Get an SSLConfigService instance.  It may be a new instance or the factory
+  // may return the same instance multiple times.
+  // The caller should hold a reference as long as it needs the instance (eg,
+  // using scoped_refptr.)
+  virtual net::SSLConfigService* Get() = 0;
+};
+
+#endif  // CHROME_BROWSER_NET_SSL_CONFIG_SERVICE_MANAGER_H_
diff --git a/chrome/browser/net/ssl_config_service_manager_defaults.cc b/chrome/browser/net/ssl_config_service_manager_defaults.cc
new file mode 100644
index 0000000..a01166e
--- /dev/null
+++ b/chrome/browser/net/ssl_config_service_manager_defaults.cc
@@ -0,0 +1,37 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/net/ssl_config_service_manager.h"
+#include "net/base/ssl_config_service_defaults.h"
+
+////////////////////////////////////////////////////////////////////////////////
+//  SSLConfigServiceManagerDefaults
+
+// The factory for creating an SSLConfigServiceDefaults instance.
+class SSLConfigServiceManagerDefaults
+    : public SSLConfigServiceManager {
+ public:
+  SSLConfigServiceManagerDefaults()
+      : ssl_config_service_(new net::SSLConfigServiceDefaults()) {
+  }
+  virtual ~SSLConfigServiceManagerDefaults() {}
+
+  virtual net::SSLConfigService* Get() {
+    return ssl_config_service_;
+  }
+
+ private:
+  scoped_refptr<net::SSLConfigServiceDefaults> ssl_config_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerDefaults);
+};
+
+////////////////////////////////////////////////////////////////////////////////
+//  SSLConfigServiceManager
+
+// static
+SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
+    Profile* profile) {
+  return new SSLConfigServiceManagerDefaults();
+}
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
new file mode 100644
index 0000000..6c1f5f1
--- /dev/null
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -0,0 +1,155 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/message_loop.h"
+#include "base/thread.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/net/ssl_config_service_manager.h"
+#include "chrome/browser/profile.h"
+#include "chrome/common/notification_service.h"
+#include "chrome/common/pref_member.h"
+#include "chrome/common/pref_names.h"
+#include "net/base/ssl_config_service.h"
+
+////////////////////////////////////////////////////////////////////////////////
+//  SSLConfigServicePref
+
+// An SSLConfigService which stores a cached version of the current SSLConfig
+// prefs, which are updated by SSLConfigServiceManagerPref when the prefs
+// change.
+class SSLConfigServicePref : public net::SSLConfigService {
+ public:
+  SSLConfigServicePref() {}
+  virtual ~SSLConfigServicePref() {}
+
+  // Store SSL config settings in |config|. Must only be called from IO thread.
+  virtual void GetSSLConfig(net::SSLConfig* config);
+
+ private:
+  // Allow the pref watcher to update our internal state.
+  friend class SSLConfigServiceManagerPref;
+
+  // This method is posted to the IO thread from the browser thread to carry the
+  // new config information.
+  void SetNewSSLConfig(const net::SSLConfig& new_config);
+
+  // Cached value of prefs, should only be accessed from IO thread.
+  net::SSLConfig cached_config_;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLConfigServicePref);
+};
+
+void SSLConfigServicePref::GetSSLConfig(net::SSLConfig* config) {
+  *config = cached_config_;
+}
+
+void SSLConfigServicePref::SetNewSSLConfig(
+    const net::SSLConfig& new_config) {
+  cached_config_ = new_config;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//  SSLConfigServiceManagerPref
+
+// The factory for creating and updating an SSLConfigServicePref instance.
+class SSLConfigServiceManagerPref
+    : public SSLConfigServiceManager,
+      public NotificationObserver {
+ public:
+  explicit SSLConfigServiceManagerPref(Profile* profile);
+  virtual ~SSLConfigServiceManagerPref() {}
+
+  virtual net::SSLConfigService* Get();
+
+ private:
+  static void RegisterUserPrefs(PrefService* user_prefs);
+
+  // Callback for preference changes.  This will post the changes to the IO
+  // thread with SetNewSSLConfig.
+  virtual void Observe(NotificationType type,
+                       const NotificationSource& source,
+                       const NotificationDetails& details);
+
+  // Store SSL config settings in |config|, directly from the preferences. Must
+  // only be called from UI thread.
+  void GetSSLConfigFromPrefs(net::SSLConfig* config);
+
+  // The prefs (should only be accessed from UI thread)
+  BooleanPrefMember rev_checking_enabled_;
+  BooleanPrefMember ssl2_enabled_;
+  BooleanPrefMember ssl3_enabled_;
+  BooleanPrefMember tls1_enabled_;
+
+  scoped_refptr<SSLConfigServicePref> ssl_config_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
+};
+
+SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(Profile* profile)
+    : ssl_config_service_(new SSLConfigServicePref()) {
+  RegisterUserPrefs(profile->GetPrefs());
+
+  rev_checking_enabled_.Init(prefs::kCertRevocationCheckingEnabled,
+                             profile->GetPrefs(), this);
+  ssl2_enabled_.Init(prefs::kSSL2Enabled, profile->GetPrefs(), this);
+  ssl3_enabled_.Init(prefs::kSSL3Enabled, profile->GetPrefs(), this);
+  tls1_enabled_.Init(prefs::kTLS1Enabled, profile->GetPrefs(), this);
+
+  // Initialize from UI thread.  This is okay as there shouldn't be anything on
+  // the IO thread trying to access it yet.
+  GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_);
+}
+
+// static
+void SSLConfigServiceManagerPref::RegisterUserPrefs(PrefService* user_prefs) {
+  net::SSLConfig default_config;
+  user_prefs->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
+                                  default_config.rev_checking_enabled);
+  user_prefs->RegisterBooleanPref(prefs::kSSL2Enabled,
+                                  default_config.ssl2_enabled);
+  user_prefs->RegisterBooleanPref(prefs::kSSL3Enabled,
+                                  default_config.ssl3_enabled);
+  user_prefs->RegisterBooleanPref(prefs::kTLS1Enabled,
+                                  default_config.tls1_enabled);
+}
+
+net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
+  return ssl_config_service_;
+}
+
+void SSLConfigServiceManagerPref::Observe(NotificationType type,
+                                          const NotificationSource& source,
+                                          const NotificationDetails& details) {
+  base::Thread* io_thread = g_browser_process->io_thread();
+  if (io_thread) {
+    net::SSLConfig new_config;
+    GetSSLConfigFromPrefs(&new_config);
+
+    // Post a task to |io_loop| with the new configuration, so it can
+    // update |cached_config_|.
+    io_thread->message_loop()->PostTask(
+        FROM_HERE,
+        NewRunnableMethod(
+            ssl_config_service_.get(),
+            &SSLConfigServicePref::SetNewSSLConfig,
+            new_config));
+  }
+}
+
+void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
+    net::SSLConfig* config) {
+  config->rev_checking_enabled = rev_checking_enabled_.GetValue();
+  config->ssl2_enabled = ssl2_enabled_.GetValue();
+  config->ssl3_enabled = ssl3_enabled_.GetValue();
+  config->tls1_enabled = tls1_enabled_.GetValue();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//  SSLConfigServiceManager
+
+// static
+SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
+    Profile* profile) {
+  return new SSLConfigServiceManagerPref(profile);
+}
diff --git a/chrome/browser/net/ssl_config_service_manager_win.cc b/chrome/browser/net/ssl_config_service_manager_win.cc
new file mode 100644
index 0000000..c39c472
--- /dev/null
+++ b/chrome/browser/net/ssl_config_service_manager_win.cc
@@ -0,0 +1,39 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/net/ssl_config_service_manager.h"
+#include "net/base/ssl_config_service_win.h"
+
+class Profile;
+
+////////////////////////////////////////////////////////////////////////////////
+//  SSLConfigServiceManagerWin
+
+// The factory for creating an SSLConfigServiceWin instance.
+class SSLConfigServiceManagerWin
+    : public SSLConfigServiceManager {
+ public:
+  SSLConfigServiceManagerWin()
+      : ssl_config_service_(new net::SSLConfigServiceWin) {
+  }
+  virtual ~SSLConfigServiceManagerWin() {}
+
+  virtual net::SSLConfigService* Get() {
+    return ssl_config_service_;
+  }
+
+ private:
+  scoped_refptr<net::SSLConfigService> ssl_config_service_;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerWin);
+};
+
+////////////////////////////////////////////////////////////////////////////////
+//  SSLConfigServiceManager
+
+// static
+SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
+    Profile* profile) {
+  return new SSLConfigServiceManagerWin();
+}
diff --git a/chrome/browser/options_util.cc b/chrome/browser/options_util.cc
index 12f653e..a69b11e 100644
--- a/chrome/browser/options_util.cc
+++ b/chrome/browser/options_util.cc
@@ -23,6 +23,12 @@ void OptionsUtil::ResetToDefaults(Profile* profile) {
     prefs::kCookieBehavior,
     prefs::kDefaultCharset,
     prefs::kDnsPrefetchingEnabled,
+#if defined(OS_LINUX)
+    prefs::kCertRevocationCheckingEnabled,
+    prefs::kSSL2Enabled,
+    prefs::kSSL3Enabled,
+    prefs::kTLS1Enabled,
+#endif
     prefs::kDownloadDefaultDirectory,
     prefs::kDownloadExtensionsToOpen,
     prefs::kEnableSpellCheck,
diff --git a/chrome/browser/profile.cc b/chrome/browser/profile.cc
index 94b4e60..0e473315 100644
--- a/chrome/browser/profile.cc
+++ b/chrome/browser/profile.cc
@@ -21,6 +21,7 @@
 #include "chrome/browser/history/history.h"
 #include "chrome/browser/in_process_webkit/webkit_context.h"
 #include "chrome/browser/net/chrome_url_request_context.h"
+#include "chrome/browser/net/ssl_config_service_manager.h"
 #include "chrome/browser/password_manager/password_store_default.h"
 #include "chrome/browser/privacy_blacklist/blacklist.h"
 #include "chrome/browser/profile_manager.h"
@@ -339,6 +340,10 @@ class OffTheRecordProfileImpl : public Profile,
     return extensions_request_context_;
   }
 
+  virtual net::SSLConfigService* GetSSLConfigService() {
+    return GetOriginalProfile()->GetSSLConfigService();
+  }
+
   virtual Blacklist* GetBlacklist() {
     return GetOriginalProfile()->GetBlacklist();
   }
@@ -539,6 +544,9 @@ ProfileImpl::ProfileImpl(const FilePath& path)
   // Listen for bookmark model load, to bootstrap the sync service.
   registrar_.Add(this, NotificationType::BOOKMARK_MODEL_LOADED,
                  Source<Profile>(this));
+
+  ssl_config_service_manager_.reset(
+      SSLConfigServiceManager::CreateDefaultManager(this));
 }
 
 void ProfileImpl::InitExtensions() {
@@ -853,6 +861,10 @@ URLRequestContext* ProfileImpl::GetRequestContextForExtensions() {
   return extensions_request_context_;
 }
 
+net::SSLConfigService* ProfileImpl::GetSSLConfigService() {
+  return ssl_config_service_manager_->Get();
+}
+
 Blacklist* ProfileImpl::GetBlacklist() {
   return blacklist_;
 }
diff --git a/chrome/browser/profile.h b/chrome/browser/profile.h
index 318c6e2..bc541d7 100644
--- a/chrome/browser/profile.h
+++ b/chrome/browser/profile.h
@@ -20,6 +20,7 @@
 
 namespace net {
 class ForceTLSState;
+class SSLConfigService;
 }
 class Blacklist;
 class BookmarkModel;
@@ -37,6 +38,7 @@ class PrefService;
 class ProfileSyncService;
 class SessionService;
 class SpellChecker;
+class SSLConfigServiceManager;
 class SSLHostState;
 class SQLitePersistentCookieStore;
 class TabRestoreService;
@@ -223,6 +225,9 @@ class Profile {
   // is only used for a separate cookie store currently.
   virtual URLRequestContext* GetRequestContextForExtensions() = 0;
 
+  // Returns the SSLConfigService for this profile.
+  virtual net::SSLConfigService* GetSSLConfigService() = 0;
+
   // Returns the Privacy Blaclist for this profile.
   virtual Blacklist* GetBlacklist() = 0;
 
@@ -360,6 +365,7 @@ class ProfileImpl : public Profile,
   virtual URLRequestContext* GetRequestContext();
   virtual URLRequestContext* GetRequestContextForMedia();
   virtual URLRequestContext* GetRequestContextForExtensions();
+  virtual net::SSLConfigService* GetSSLConfigService();
   virtual Blacklist* GetBlacklist();
   virtual SessionService* GetSessionService();
   virtual void ShutdownSessionService();
@@ -442,6 +448,8 @@ class ProfileImpl : public Profile,
 
   ChromeURLRequestContext* extensions_request_context_;
 
+  scoped_ptr<SSLConfigServiceManager> ssl_config_service_manager_;
+
   Blacklist* blacklist_;
 
   scoped_refptr<DownloadManager> download_manager_;
diff --git a/chrome/browser/sync/glue/http_bridge.cc b/chrome/browser/sync/glue/http_bridge.cc
index afbbc97..ff613e2c 100644
--- a/chrome/browser/sync/glue/http_bridge.cc
+++ b/chrome/browser/sync/glue/http_bridge.cc
@@ -58,8 +58,10 @@ HttpBridge::RequestContext::RequestContext(
   // We don't use a cache for bridged loads, but we do want to share proxy info.
   host_resolver_ = baseline_context->host_resolver();
   proxy_service_ = baseline_context->proxy_service();
+  ssl_config_service_ = baseline_context->ssl_config_service();
   http_transaction_factory_ =
-      net::HttpNetworkLayer::CreateFactory(host_resolver_, proxy_service_);
+      net::HttpNetworkLayer::CreateFactory(host_resolver_, proxy_service_,
+                                           ssl_config_service_);
 
   // TODO(timsteele): We don't currently listen for pref changes of these
   // fields or CookiePolicy; I'm not sure we want to strictly follow the
diff --git a/chrome/browser/views/options/advanced_contents_view.cc b/chrome/browser/views/options/advanced_contents_view.cc
index 134b5c1..d398915 100644
--- a/chrome/browser/views/options/advanced_contents_view.cc
+++ b/chrome/browser/views/options/advanced_contents_view.cc
@@ -39,7 +39,7 @@
 #include "grit/chromium_strings.h"
 #include "grit/generated_resources.h"
 #include "grit/locale_settings.h"
-#include "net/base/ssl_config_service.h"
+#include "net/base/ssl_config_service_win.h"
 #include "net/base/cookie_policy.h"
 #include "skia/ext/skia_utils_win.h"
 #include "third_party/skia/include/core/SkBitmap.h"
@@ -889,7 +889,7 @@ void SecuritySection::ButtonPressed(views::Button* sender) {
     } else {
       UserMetricsRecordAction(L"Options_SSL2_Disable", NULL);
     }
-    net::SSLConfigService::SetSSL2Enabled(enabled);
+    net::SSLConfigServiceWin::SetSSL2Enabled(enabled);
   } else if (sender == check_for_cert_revocation_checkbox_) {
     bool enabled = check_for_cert_revocation_checkbox_->checked();
     if (enabled) {
@@ -897,7 +897,7 @@ void SecuritySection::ButtonPressed(views::Button* sender) {
     } else {
       UserMetricsRecordAction(L"Options_CheckCertRevocation_Disable", NULL);
     }
-    net::SSLConfigService::SetRevCheckingEnabled(enabled);
+    net::SSLConfigServiceWin::SetRevCheckingEnabled(enabled);
   } else if (sender == manage_certificates_button_) {
     UserMetricsRecordAction(L"Options_ManagerCerts", NULL);
     CRYPTUI_CERT_MGR_STRUCT cert_mgr = { 0 };
@@ -955,7 +955,7 @@ void SecuritySection::NotifyPrefChanged(const std::wstring* pref_name) {
   // These SSL options are system settings and stored in the OS.
   if (!pref_name) {
     net::SSLConfig config;
-    if (net::SSLConfigService::GetSSLConfigNow(&config)) {
+    if (net::SSLConfigServiceWin::GetSSLConfigNow(&config)) {
       enable_ssl2_checkbox_->SetChecked(config.ssl2_enabled);
       check_for_cert_revocation_checkbox_->SetChecked(
           config.rev_checking_enabled);
author	mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-08-19 21:48:42 +0000
committer	mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-08-19 21:48:42 +0000
commit	db36938cb26cf265a5fd93690a8e783d01406958 (patch)
tree	7261d389592cdfbbb3063f223455518db12d3bda /chrome/browser
parent	0d1872ebba9b790f3a33bcaecc11258ea924b397 (diff)
download	chromium_src-db36938cb26cf265a5fd93690a8e783d01406958.zip chromium_src-db36938cb26cf265a5fd93690a8e783d01406958.tar.gz chromium_src-db36938cb26cf265a5fd93690a8e783d01406958.tar.bz2