diff options
| -rw-r--r-- | net/base/ssl_config_service.cc | 21 | ||||
| -rw-r--r-- | net/base/ssl_config_service_unittest.cc | 33 | ||||
| -rw-r--r-- | net/net.gyp | 1 |
3 files changed, 52 insertions, 3 deletions
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc index d677c81..4fc738a 100644 --- a/net/base/ssl_config_service.cc +++ b/net/base/ssl_config_service.cc @@ -60,17 +60,32 @@ bool SSLConfigService::IsKnownFalseStartIncompatibleServer( const std::string& hostname) { // If this list starts growing, it'll need to be something more efficient // than a linear list. - static const char kFalseStartIncompatibleServers[][23] = { - "moneycenter.yodlee.com", + static const char kFalseStartIncompatibleServers[][15] = { "www.picnik.com", }; + static const char kFalseStartIncompatibleDomains[][11] = { + // Added at the request of A10. + "yodlee.com", + }; + + // Note that the hostname is normalised to lower-case by this point. for (size_t i = 0; i < arraysize(kFalseStartIncompatibleServers); i++) { - // Note that the hostname is normalised to lower-case by this point. if (strcmp(hostname.c_str(), kFalseStartIncompatibleServers[i]) == 0) return true; } + for (size_t i = 0; i < arraysize(kFalseStartIncompatibleDomains); i++) { + const char* domain = kFalseStartIncompatibleDomains[i]; + const size_t len = strlen(domain); + if (hostname.size() >= len && + memcmp(&hostname[hostname.size() - len], domain, len) == 0 && + (hostname.size() == len || + hostname[hostname.size() - len - 1] == '.')) { + return true; + } + } + return false; } diff --git a/net/base/ssl_config_service_unittest.cc b/net/base/ssl_config_service_unittest.cc new file mode 100644 index 0000000..47af3ee --- /dev/null +++ b/net/base/ssl_config_service_unittest.cc @@ -0,0 +1,33 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/ssl_config_service.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace { + +class SSLConfigServiceTest : public testing::Test { +}; + +bool IsFalseStartIncompatible(const std::string& hostname) { + return net::SSLConfigService::IsKnownFalseStartIncompatibleServer( + hostname); +} + +} // namespace + +TEST(SSLConfigServiceTest, FalseStartDisabledHosts) { + EXPECT_TRUE(IsFalseStartIncompatible("www.picnik.com")); + EXPECT_FALSE(IsFalseStartIncompatible("picnikfoo.com")); + EXPECT_FALSE(IsFalseStartIncompatible("foopicnik.com")); +} + +TEST(SSLConfigServiceTest, FalseStartDisabledDomains) { + EXPECT_TRUE(IsFalseStartIncompatible("yodlee.com")); + EXPECT_TRUE(IsFalseStartIncompatible("a.yodlee.com")); + EXPECT_TRUE(IsFalseStartIncompatible("b.a.yodlee.com")); + EXPECT_FALSE(IsFalseStartIncompatible("ayodlee.com")); + EXPECT_FALSE(IsFalseStartIncompatible("yodleea.com")); + EXPECT_FALSE(IsFalseStartIncompatible("yodlee.org")); +} diff --git a/net/net.gyp b/net/net.gyp index 4c5f0aa..c00ca47 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -730,6 +730,7 @@ 'base/ssl_cipher_suite_names_unittest.cc', 'base/ssl_client_auth_cache_unittest.cc', 'base/ssl_config_service_mac_unittest.cc', + 'base/ssl_config_service_unittest.cc', 'base/ssl_config_service_win_unittest.cc', 'base/static_cookie_policy_unittest.cc', 'base/transport_security_state_unittest.cc', |