Plumb SSL connection information into the PageInfo model.

This plumbs two bits of information into the PageInfo model (the dialog
which results from clicking on the padlock icon): whether or not we
performed SSLv3 fallback and whether or not the server supported the
renegotiation extension.

It doesn't actually do anything with this information yet (except to add
histograms of them), pending future CLs.

BUG=none
TEST=none

http://codereview.chromium.org/2943001/show

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52079 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 42 insertions, 3 deletions

diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index d195039..3f0f479 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -18,7 +18,8 @@ struct SSLConfig {
   // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
   SSLConfig()
       : rev_checking_enabled(true),  ssl2_enabled(false), ssl3_enabled(true),
-        tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) {
+        tls1_enabled(true), ssl3_fallback(false), send_client_cert(false),
+        verify_ev_cert(false) {
   }
 
   bool rev_checking_enabled;  // True if server certificate revocation
@@ -26,6 +27,8 @@ struct SSLConfig {
   bool ssl2_enabled;  // True if SSL 2.0 is enabled.
   bool ssl3_enabled;  // True if SSL 3.0 is enabled.
   bool tls1_enabled;  // True if TLS 1.0 is enabled.
+  bool ssl3_fallback;  // True if we are falling back to SSL 3.0 (one still
+                       // needs to clear tls1_enabled).
 
   // TODO(wtc): move the following members to a new SSLParams structure.  They
   // are not SSL configuration settings.
diff --git a/net/base/ssl_connection_status_flags.h b/net/base/ssl_connection_status_flags.h
new file mode 100644
index 0000000..2618f57
--- /dev/null
+++ b/net/base/ssl_connection_status_flags.h
@@ -0,0 +1,31 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_SSL_CONNECTION_STATUS_FLAGS_H_
+#define NET_BASE_SSL_CONNECTION_STATUS_FLAGS_H_
+
+namespace net {
+
+// Status flags for SSLInfo::connection_status.
+enum {
+  // The lower 16 bits are reserved for the TLS ciphersuite id.
+  SSL_CONNECTION_CIPHERSUITE_SHIFT = 0,
+  SSL_CONNECTION_CIPHERSUITE_MASK = 0xffff,
+
+  // The next two bits are reserved for the compression used.
+  SSL_CONNECTION_COMPRESSION_SHIFT = 16,
+  SSL_CONNECTION_COMPRESSION_MASK = 3,
+
+  // We fell back to SSLv3 for this connection.
+  SSL_CONNECTION_SSL3_FALLBACK = 1 << 18,
+  // The server doesn't support the renegotiation_info extension.
+  SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION = 1 << 19,
+
+  // 1 << 31 (the sign bit) is reserved so that the SSL connection status will
+  // never be negative.
+};
+
+}  // namespace net
+
+#endif  // NET_BASE_SSL_CONNECTION_STATUS_FLAGS_H_
diff --git a/net/base/ssl_info.h b/net/base/ssl_info.h
index 3fe0ce4..280b497 100644
--- a/net/base/ssl_info.h
+++ b/net/base/ssl_info.h
@@ -16,12 +16,13 @@ namespace net {
 // This is really a struct.  All members are public.
 class SSLInfo {
  public:
-  SSLInfo() : cert_status(0), security_bits(-1) { }
+  SSLInfo() : cert_status(0), security_bits(-1), connection_status(0) { }
 
   void Reset() {
     cert = NULL;
-    security_bits = -1;
     cert_status = 0;
+    security_bits = -1;
+    connection_status = 0;
   }
 
   bool is_valid() const { return cert != NULL; }
@@ -43,6 +44,10 @@ class SSLInfo {
   // 0 means the connection is not encrypted.
   // -1 means the security strength is unknown.
   int security_bits;
+
+  // Bitmask of information about the SSL connection itself. See
+  // ssl_connection_status_flags.h for values.
+  int connection_status;
 };
 
 }  // namespace net