From 944a0a137c725b1c4a0e267af6fd28276c927b98 Mon Sep 17 00:00:00 2001 From: "agl@chromium.org" Date: Thu, 19 Aug 2010 20:02:28 +0000 Subject: net: expect MITM attacks with HTTP proxies and command line flag. With r51258 we started requiring the TLS renegotiation extension from a whitelist of servers that we knew supported it. When Chrome is getting MITM attacked, this extension can be removed and this broke some debugging tools (which intercept SSL connections) and some proxies which do the same. This patch causes us to expect to be MITM attacked when tunneling via an HTTP proxy and when the --allow-ssl-mitm-proxies command line flag is given. BUG=48485 TEST=Can't really test without one of these MITM proxy machines. http://codereview.chromium.org/3111019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56727 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/ssl_config_service_defaults.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'net/base/ssl_config_service_defaults.h') diff --git a/net/base/ssl_config_service_defaults.h b/net/base/ssl_config_service_defaults.h index 04eff1c..58d0f2d 100644 --- a/net/base/ssl_config_service_defaults.h +++ b/net/base/ssl_config_service_defaults.h @@ -20,8 +20,7 @@ class SSLConfigServiceDefaults : public SSLConfigService { // Store default SSL config settings in |config|. virtual void GetSSLConfig(SSLConfig* config) { *config = default_config_; - config->dnssec_enabled = SSLConfigService::dnssec_enabled(); - config->false_start_enabled = SSLConfigService::false_start_enabled(); + SetSSLConfigFlags(config); } private: -- cgit v1.1