diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-03 02:02:22 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-03 02:02:22 +0000 |
| commit | 4554e58c8fbd99bc72eadf53ba73bdd1a9df3c3e (patch) | |
| tree | bf36fac938ac40db4bcc7335b450fc55d04a690d /net | |
| parent | 4ad5d77d96dfc6f08a845b6871ecbffa64d6f6e2 (diff) | |
| download | chromium_src-4554e58c8fbd99bc72eadf53ba73bdd1a9df3c3e.zip chromium_src-4554e58c8fbd99bc72eadf53ba73bdd1a9df3c3e.tar.gz chromium_src-4554e58c8fbd99bc72eadf53ba73bdd1a9df3c3e.tar.bz2 | |
Add a preference for enabling the TLS origin-bound certificates extension.
The preference is controlled by the command line and enterprise policy.
R=mattm@chromium.org,mnissler@chromium.org
BUG=106077
TEST=Existing policy unit tests are updated.
Review URL: http://codereview.chromium.org/8772014
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112848 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/ssl_config_service.cc | 16 | ||||
| -rw-r--r-- | net/base/ssl_config_service.h | 4 |
2 files changed, 3 insertions, 17 deletions
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc index 7f9de16..6319407 100644 --- a/net/base/ssl_config_service.cc +++ b/net/base/ssl_config_service.cc @@ -59,7 +59,6 @@ bool SSLConfigService::IsKnownFalseStartIncompatibleServer( } static bool g_cached_info_enabled = false; -static bool g_origin_bound_certs_enabled = false; static bool g_false_start_enabled = true; static bool g_dns_cert_provenance_checking = false; base::LazyInstance<scoped_refptr<CRLSet>, @@ -105,16 +104,6 @@ bool SSLConfigService::cached_info_enabled() { return g_cached_info_enabled; } -// static -void SSLConfigService::EnableOriginBoundCerts() { - g_origin_bound_certs_enabled = true; -} - -// static -bool SSLConfigService::origin_bound_certs_enabled() { - return g_origin_bound_certs_enabled; -} - void SSLConfigService::AddObserver(Observer* observer) { observer_list_.AddObserver(observer); } @@ -132,7 +121,6 @@ void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) { ssl_config->dns_cert_provenance_checking_enabled = g_dns_cert_provenance_checking; ssl_config->cached_info_enabled = g_cached_info_enabled; - ssl_config->origin_bound_certs_enabled = g_origin_bound_certs_enabled; } void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, @@ -142,7 +130,9 @@ void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, (orig_config.ssl3_enabled != new_config.ssl3_enabled) || (orig_config.tls1_enabled != new_config.tls1_enabled) || (orig_config.disabled_cipher_suites != - new_config.disabled_cipher_suites); + new_config.disabled_cipher_suites) || + (orig_config.origin_bound_certs_enabled != + new_config.origin_bound_certs_enabled); if (config_changed) FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index cb317c7..02b74ad 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -159,10 +159,6 @@ class NET_EXPORT SSLConfigService static void EnableCachedInfo(); static bool cached_info_enabled(); - // Enables the TLS origin bound cert extension. - static void EnableOriginBoundCerts(); - static bool origin_bound_certs_enabled(); - // Is SNI available in this configuration? static bool IsSNIAvailable(SSLConfigService* service); |