diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-20 19:18:09 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-20 19:18:09 +0000 |
| commit | 0b711e4718b64621ee2cdf5c5de597a53d1b2b07 (patch) | |
| tree | 890a5558e275e0225958e34d3172c20c2a9f351b /net | |
| parent | eefc7a16d7641687fd772767855a32de313fc230 (diff) | |
| download | chromium_src-0b711e4718b64621ee2cdf5c5de597a53d1b2b07.zip chromium_src-0b711e4718b64621ee2cdf5c5de597a53d1b2b07.tar.gz chromium_src-0b711e4718b64621ee2cdf5c5de597a53d1b2b07.tar.bz2 | |
Revert "Add revocation checking field trial."
This reverts commit r88542.
We have the data from this trial now. Time to revert it. The only change that
remains is that Net.SSL_Connection_Latency remains outside of the "if
(using_spdy)" conditional.
TBR=mbelshe
BUG=none
TEST=none
http://codereview.chromium.org/7201028
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@89713 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/ssl_config_service.cc | 11 | ||||
| -rw-r--r-- | net/base/ssl_config_service.h | 5 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 14 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_pool.cc | 19 |
4 files changed, 2 insertions, 47 deletions
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc index c16e4c5..56ad78a 100644 --- a/net/base/ssl_config_service.cc +++ b/net/base/ssl_config_service.cc @@ -48,7 +48,6 @@ bool SSLConfigService::IsKnownFalseStartIncompatibleServer( static bool g_false_start_enabled = true; static bool g_dns_cert_provenance_checking = false; -static bool g_rev_checking_disabled_for_pinned_sites = false; // static void SSLConfigService::DisableFalseStart() { @@ -70,16 +69,6 @@ bool SSLConfigService::dns_cert_provenance_checking_enabled() { return g_dns_cert_provenance_checking; } -// static -void SSLConfigService::DisableRevCheckingForPinnedSites() { - g_rev_checking_disabled_for_pinned_sites = true; -} - -// static -bool SSLConfigService::rev_checking_disabled_for_pinned_sites() { - return g_rev_checking_disabled_for_pinned_sites; -} - void SSLConfigService::AddObserver(Observer* observer) { observer_list_.AddObserver(observer); } diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index d80937b..c44937e 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -142,11 +142,6 @@ class NET_API SSLConfigService static void EnableDNSCertProvenanceChecking(); static bool dns_cert_provenance_checking_enabled(); - // Disabled revocation checking for some sites that we have additional - // security on. - static void DisableRevCheckingForPinnedSites(); - static bool rev_checking_disabled_for_pinned_sites(); - // Is SNI available in this configuration? static bool IsSNIAvailable(SSLConfigService* service); diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index e1b69fc..c2bc843 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -1461,18 +1461,8 @@ int SSLClientSocketNSS::DoVerifyCert(int result) { } int flags = 0; - if (ssl_config_.rev_checking_enabled) { - const std::string& hostname = host_and_port_.host(); - // is_pinned is an approximation but is currently accurate. Even if more - // pinned sites are added, this errs on the site of caution. - bool is_pinned = hostname == "google.com" || - (hostname.size() > 11 && - hostname.rfind(".google.com") == hostname.size() - 11); - if (!is_pinned || - !SSLConfigService::rev_checking_disabled_for_pinned_sites()) { - flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; - } - } + if (ssl_config_.rev_checking_enabled) + flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; if (ssl_config_.verify_ev_cert) flags |= X509Certificate::VERIFY_EV_CERT; verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc index 565e064..56b2dde9 100644 --- a/net/socket/ssl_client_socket_pool.cc +++ b/net/socket/ssl_client_socket_pool.cc @@ -347,25 +347,6 @@ int SSLConnectJob::DoSSLConnectComplete(int result) { base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 100); - - base::FieldTrial* trial = base::FieldTrialList::Find("RevCheckingImpact"); - if (trial) { - std::string histogram_name; - if (trial->group() != base::FieldTrial::kDefaultGroupNumber || - !params_->ssl_config().rev_checking_enabled) { - histogram_name = - "Net.SSL_Connection_Latency_Google_No_Revocation_Checking"; - } else { - histogram_name = - "Net.SSL_Connection_Latency_Google_Revocation_Checking"; - } - - UMA_HISTOGRAM_CUSTOM_TIMES(histogram_name, - connect_duration, - base::TimeDelta::FromMilliseconds(1), - base::TimeDelta::FromMinutes(10), - 100); - } } } |