1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/base/ssl_config_service_win.h"
#include "base/registry.h"
using base::TimeDelta;
using base::TimeTicks;
namespace net {
static const int kConfigUpdateInterval = 10; // seconds
static const wchar_t kInternetSettingsSubKeyName[] =
L"Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings";
static const wchar_t kRevocationValueName[] = L"CertificateRevocation";
static const wchar_t kProtocolsValueName[] = L"SecureProtocols";
// In SecureProtocols, each SSL version is represented by a bit:
// SSL 2.0: 0x08
// SSL 3.0: 0x20
// TLS 1.0: 0x80
// The bits are OR'ed to form the DWORD value. So 0xa0 means SSL 3.0 and
// TLS 1.0.
enum {
SSL2 = 0x08,
SSL3 = 0x20,
TLS1 = 0x80
};
// If CertificateRevocation or SecureProtocols is missing, IE uses a default
// value. Unfortunately the default is IE version specific. We use WinHTTP's
// default.
enum {
REVOCATION_DEFAULT = 0,
PROTOCOLS_DEFAULT = SSL3 | TLS1
};
SSLConfigServiceWin::SSLConfigServiceWin() : ever_updated_(false) {
// We defer retrieving the settings until the first call to GetSSLConfig, to
// avoid an expensive call on the UI thread, which could affect startup time.
}
SSLConfigServiceWin::SSLConfigServiceWin(TimeTicks now) : ever_updated_(false) {
UpdateConfig(now);
}
void SSLConfigServiceWin::GetSSLConfigAt(SSLConfig* config, TimeTicks now) {
if (!ever_updated_ ||
now - config_time_ > TimeDelta::FromSeconds(kConfigUpdateInterval))
UpdateConfig(now);
*config = config_info_;
}
// static
bool SSLConfigServiceWin::GetSSLConfigNow(SSLConfig* config) {
RegKey internet_settings;
if (!internet_settings.Open(HKEY_CURRENT_USER, kInternetSettingsSubKeyName,
KEY_READ))
return false;
DWORD revocation;
if (!internet_settings.ReadValueDW(kRevocationValueName, &revocation))
revocation = REVOCATION_DEFAULT;
DWORD protocols;
if (!internet_settings.ReadValueDW(kProtocolsValueName, &protocols))
protocols = PROTOCOLS_DEFAULT;
config->rev_checking_enabled = (revocation != 0);
config->ssl2_enabled = ((protocols & SSL2) != 0);
config->ssl3_enabled = ((protocols & SSL3) != 0);
config->tls1_enabled = ((protocols & TLS1) != 0);
return true;
}
// static
void SSLConfigServiceWin::SetRevCheckingEnabled(bool enabled) {
DWORD value = enabled;
RegKey internet_settings(HKEY_CURRENT_USER, kInternetSettingsSubKeyName,
KEY_WRITE);
internet_settings.WriteValue(kRevocationValueName, value);
// TODO(mattm): We should call UpdateConfig after updating settings, but these
// methods are static.
}
// static
void SSLConfigServiceWin::SetSSL2Enabled(bool enabled) {
RegKey internet_settings(HKEY_CURRENT_USER, kInternetSettingsSubKeyName,
KEY_READ | KEY_WRITE);
DWORD value;
if (!internet_settings.ReadValueDW(kProtocolsValueName, &value))
value = PROTOCOLS_DEFAULT;
if (enabled)
value |= SSL2;
else
value &= ~SSL2;
internet_settings.WriteValue(kProtocolsValueName, value);
// TODO(mattm): We should call UpdateConfig after updating settings, but these
// methods are static.
}
void SSLConfigServiceWin::UpdateConfig(TimeTicks now) {
GetSSLConfigNow(&config_info_);
config_time_ = now;
ever_updated_ = true;
}
} // namespace net
|
