diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-19 20:02:28 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-19 20:02:28 +0000 |
| commit | 944a0a137c725b1c4a0e267af6fd28276c927b98 (patch) | |
| tree | 7d05ed531dea213505c3574c4df1112b6a6ade21 /net/base/ssl_config_service.cc | |
| parent | cf23c25823342508733a2f2a00f2d8e8fe4d51c8 (diff) | |
| download | chromium_src-944a0a137c725b1c4a0e267af6fd28276c927b98.zip chromium_src-944a0a137c725b1c4a0e267af6fd28276c927b98.tar.gz chromium_src-944a0a137c725b1c4a0e267af6fd28276c927b98.tar.bz2 | |
net: expect MITM attacks with HTTP proxies and command line flag.
With r51258 we started requiring the TLS renegotiation extension from a
whitelist of servers that we knew supported it. When Chrome is getting MITM
attacked, this extension can be removed and this broke some debugging tools
(which intercept SSL connections) and some proxies which do the same.
This patch causes us to expect to be MITM attacked when tunneling via an HTTP
proxy and when the --allow-ssl-mitm-proxies command line flag is given.
BUG=48485
TEST=Can't really test without one of these MITM proxy machines.
http://codereview.chromium.org/3111019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56727 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/ssl_config_service.cc')
| -rw-r--r-- | net/base/ssl_config_service.cc | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc index 1b367ed..226798d 100644 --- a/net/base/ssl_config_service.cc +++ b/net/base/ssl_config_service.cc @@ -75,6 +75,14 @@ bool SSLConfigService::IsKnownFalseStartIncompatibleServer( static bool g_dnssec_enabled = false; static bool g_false_start_enabled = true; +static bool g_mitm_proxies_allowed = false; + +// static +void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { + ssl_config->dnssec_enabled = g_dnssec_enabled; + ssl_config->false_start_enabled = g_false_start_enabled; + ssl_config->mitm_proxies_allowed = g_mitm_proxies_allowed; +} // static void SSLConfigService::EnableDNSSEC() { @@ -96,4 +104,14 @@ bool SSLConfigService::false_start_enabled() { return g_false_start_enabled; } +// static +void SSLConfigService::AllowMITMProxies() { + g_mitm_proxies_allowed = true; +} + +// static +bool SSLConfigService::mitm_proxies_allowed() { + return g_mitm_proxies_allowed; +} + } // namespace net |