diff options
| author | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-21 19:48:39 +0000 |
|---|---|---|
| committer | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-21 19:48:39 +0000 |
| commit | e52deec956c1e94323cc001d42cdb245cff539af (patch) | |
| tree | 8acfeaf3e16650fd4e5920deb5f338e6ab109e08 /net/base | |
| parent | ae09ca6b5ae2e930ef40fd291a08afd1289fafa1 (diff) | |
| download | chromium_src-e52deec956c1e94323cc001d42cdb245cff539af.zip chromium_src-e52deec956c1e94323cc001d42cdb245cff539af.tar.gz chromium_src-e52deec956c1e94323cc001d42cdb245cff539af.tar.bz2 | |
Cleanups for SSLConfigService and SSLConfigServiceManager.
Make SSLConfig.rev_checking_enable default to true (which also affects the defaults set by SSLConfigServicePref.)
Add static SSLConfigService::CreateSystemSSLConfigService which creates a standalone SSLConfigService (either SSLConfigServiceWin or SSLConfigServiceDefaults.)
Use CreateSystemSSLConfigService in fetch_client and test_shell_request_context.
Merge SSLConfigServiceManagerWin and SSLConfigServiceManagerDefaults into SSLConfigServiceManagerSystem, which uses CreateSystemSSLConfigService.
BUG=11507,19290
TEST=only visible change should be linux defaults to having rev checking option enabled.
Review URL: http://codereview.chromium.org/173097
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23998 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/ssl_config_service.cc | 24 | ||||
| -rw-r--r-- | net/base/ssl_config_service.h | 13 | ||||
| -rw-r--r-- | net/base/ssl_config_service_win.cc | 2 | ||||
| -rw-r--r-- | net/base/ssl_config_service_win_unittest.cc | 4 |
4 files changed, 37 insertions, 6 deletions
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc new file mode 100644 index 0000000..8fae14e --- /dev/null +++ b/net/base/ssl_config_service.cc @@ -0,0 +1,24 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/ssl_config_service.h" + +#if defined(OS_WIN) +#include "net/base/ssl_config_service_win.h" +#else +#include "net/base/ssl_config_service_defaults.h" +#endif + +namespace net { + +// static +SSLConfigService* SSLConfigService::CreateSystemSSLConfigService() { +#if defined(OS_WIN) + return new SSLConfigServiceWin; +#else + return new SSLConfigServiceDefaults; +#endif +} + +} // namespace net diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index 7bfd08b..c8c0638 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -14,10 +14,10 @@ namespace net { // A collection of SSL-related configuration settings. struct SSLConfig { - // Default to no revocation checking. + // Default to revocation checking. // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on. SSLConfig() - : rev_checking_enabled(false), ssl2_enabled(false), ssl3_enabled(true), + : rev_checking_enabled(true), ssl2_enabled(false), ssl3_enabled(true), tls1_enabled(true), send_client_cert(false), verify_ev_cert(false) { } @@ -60,7 +60,7 @@ struct SSLConfig { scoped_refptr<X509Certificate> client_cert; }; -// The interface for retrieving the system SSL configuration. This interface +// The interface for retrieving the SSL configuration. This interface // does not cover setting the SSL configuration, as on some systems, the // SSLConfigService objects may not have direct access to the configuration, or // live longer than the configuration preferences. @@ -68,6 +68,13 @@ class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> { public: virtual ~SSLConfigService() {} + // Create an instance of SSLConfigService which retrieves the configuration + // from the system SSL configuration, or an instance of + // SSLConfigServiceDefaults if the current system does not have a system SSL + // configuration. Note: this does not handle SSLConfigService implementations + // that are not native to their platform, such as preference-backed ones. + static SSLConfigService* CreateSystemSSLConfigService(); + // May not be thread-safe, should only be called on the IO thread. virtual void GetSSLConfig(SSLConfig* config) = 0; }; diff --git a/net/base/ssl_config_service_win.cc b/net/base/ssl_config_service_win.cc index dcb9b89..513681f 100644 --- a/net/base/ssl_config_service_win.cc +++ b/net/base/ssl_config_service_win.cc @@ -42,7 +42,7 @@ enum { SSLConfigServiceWin::SSLConfigServiceWin() : ever_updated_(false) { // We defer retrieving the settings until the first call to GetSSLConfig, to - // avoid a blocking call on the UI thread. + // avoid an expensive call on the UI thread, which could affect startup time. } SSLConfigServiceWin::SSLConfigServiceWin(TimeTicks now) : ever_updated_(false) { diff --git a/net/base/ssl_config_service_win_unittest.cc b/net/base/ssl_config_service_win_unittest.cc index 4cf508e..d9f68e2 100644 --- a/net/base/ssl_config_service_win_unittest.cc +++ b/net/base/ssl_config_service_win_unittest.cc @@ -13,12 +13,12 @@ namespace { class SSLConfigServiceWinTest : public testing::Test { }; -} // namespace +} // namespace TEST(SSLConfigServiceWinTest, GetNowTest) { // Verify that the constructor sets the correct default values. net::SSLConfig config; - EXPECT_EQ(false, config.rev_checking_enabled); + EXPECT_EQ(true, config.rev_checking_enabled); EXPECT_EQ(false, config.ssl2_enabled); EXPECT_EQ(true, config.ssl3_enabled); EXPECT_EQ(true, config.tls1_enabled); |