diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-11 19:50:02 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-11 19:50:02 +0000 |
| commit | b2471359cfbd4f7b9621ba2542b947841bfadb27 (patch) | |
| tree | 241b1e8c58a26a5bbfb1df3c9f5d342c492ad693 /chrome | |
| parent | 1b3db78c4451a755eeaadc4cedceccd9e91724c8 (diff) | |
| download | chromium_src-b2471359cfbd4f7b9621ba2542b947841bfadb27.zip chromium_src-b2471359cfbd4f7b9621ba2542b947841bfadb27.tar.gz chromium_src-b2471359cfbd4f7b9621ba2542b947841bfadb27.tar.bz2 | |
net: add embedded DNSSEC chain support.
Now that the DNS root is signed we have a good trust path in several
TLDs (including .org). This patch enables self-signed certificates to
include a DNSSEC chain as an extension which proves a CERT record,
containing the fingerprint of the public key.
The format of the chain is still undecided, so this is only enabled
with --enable-dnssec-certs.
BUG=none
TEST=net_unittests
http://codereview.chromium.org/2806076
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55771 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/browser/browser_main.cc | 3 | ||||
| -rw-r--r-- | chrome/browser/net/ssl_config_service_manager_pref.cc | 1 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 2 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 1 |
4 files changed, 7 insertions, 0 deletions
diff --git a/chrome/browser/browser_main.cc b/chrome/browser/browser_main.cc index 6b29674..fc6511b 100644 --- a/chrome/browser/browser_main.cc +++ b/chrome/browser/browser_main.cc @@ -175,6 +175,9 @@ void BrowserMainParts::EarlyInitialization() { PrefetchFieldTrial(); InitializeSSL(); + if (parsed_command_line().HasSwitch(switches::kEnableDNSSECCerts)) + net::SSLConfigService::EnableDNSSEC(); + PostEarlyInitialization(); } diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc index a89f025..c729d0e 100644 --- a/chrome/browser/net/ssl_config_service_manager_pref.cc +++ b/chrome/browser/net/ssl_config_service_manager_pref.cc @@ -145,6 +145,7 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( config->ssl2_enabled = ssl2_enabled_.GetValue(); config->ssl3_enabled = ssl3_enabled_.GetValue(); config->tls1_enabled = tls1_enabled_.GetValue(); + config->dnssec_enabled = net::SSLConfigService::dnssec_enabled(); } //////////////////////////////////////////////////////////////////////////////// diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 5293e62..3f8b0f5 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -333,6 +333,8 @@ const char kEnableDeviceMotion[] = "enable-device-motion"; // Enables device orientation events. const char kEnableDeviceOrientation[] = "enable-device-orientation"; +const char kEnableDNSSECCerts[] = "enable-dnssec-certs"; + // Enables extension APIs that are in development. const char kEnableExperimentalExtensionApis[] = "enable-experimental-extension-apis"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index fba6d71..dde93de 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -110,6 +110,7 @@ extern const char kEnableContentPrefetch[]; extern const char kEnableCookiePrompt[]; extern const char kEnableDeviceMotion[]; extern const char kEnableDeviceOrientation[]; +extern const char kEnableDNSSECCerts[]; extern const char kEnableExperimentalExtensionApis[]; extern const char kEnableExperimentalWebGL[]; extern const char kEnableExtensionTimelineApi[]; |