diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-08-01 12:59:39 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2016-08-04 12:40:43 +0000 |
commit | 28b1110370900897ab652cb420c371fab8857ad4 (patch) | |
tree | 41b32127d23b0df4f2add2a27e12dc87bddb260e /chromium/components/ssl_config | |
parent | 399c965b6064c440ddcf4015f5f8e9d131c7a0a6 (diff) | |
download | qtwebengine-chromium-28b1110370900897ab652cb420c371fab8857ad4.tar.gz |
BASELINE: Update Chromium to 53.0.2785.41
Also adds a few extra files for extensions.
Change-Id: Iccdd55d98660903331cf8b7b29188da781830af4
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/components/ssl_config')
6 files changed, 30 insertions, 74 deletions
diff --git a/chromium/components/ssl_config/ssl_config_prefs.cc b/chromium/components/ssl_config/ssl_config_prefs.cc index ccaf0a13b3a..bdd7e21c502 100644 --- a/chromium/components/ssl_config/ssl_config_prefs.cc +++ b/chromium/components/ssl_config/ssl_config_prefs.cc @@ -13,9 +13,8 @@ const char kCertRevocationCheckingRequiredLocalAnchors[] = "ssl.rev_checking.required_for_local_anchors"; const char kSSLVersionMin[] = "ssl.version_min"; const char kSSLVersionMax[] = "ssl.version_max"; -const char kSSLVersionFallbackMin[] = "ssl.version_fallback_min"; const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist"; -const char kRC4Enabled[] = "ssl.rc4_enabled"; +const char kDHEEnabled[] = "ssl.dhe_enabled"; } // namespace prefs } // namespace ssl_config diff --git a/chromium/components/ssl_config/ssl_config_prefs.h b/chromium/components/ssl_config/ssl_config_prefs.h index c565864d0d1..d43f4926793 100644 --- a/chromium/components/ssl_config/ssl_config_prefs.h +++ b/chromium/components/ssl_config/ssl_config_prefs.h @@ -12,9 +12,8 @@ extern const char kCertRevocationCheckingEnabled[]; extern const char kCertRevocationCheckingRequiredLocalAnchors[]; extern const char kSSLVersionMin[]; extern const char kSSLVersionMax[]; -extern const char kSSLVersionFallbackMin[]; extern const char kCipherSuiteBlacklist[]; -extern const char kRC4Enabled[]; +extern const char kDHEEnabled[]; } // namespace prefs } // namespace ssl_config diff --git a/chromium/components/ssl_config/ssl_config_service_manager_pref.cc b/chromium/components/ssl_config/ssl_config_service_manager_pref.cc index fe1e2434cbe..cd67d4c86c3 100644 --- a/chromium/components/ssl_config/ssl_config_service_manager_pref.cc +++ b/chromium/components/ssl_config/ssl_config_service_manager_pref.cc @@ -83,8 +83,8 @@ uint16_t SSLProtocolVersionFromString(const std::string& version_str) { return version; } -const base::Feature kSSLVersionFallbackTLSv11 { - "SSLVersionFallbackTLSv1.1", base::FEATURE_DISABLED_BY_DEFAULT, +const base::Feature kDHECiphersFeature{ + "DHECiphers", base::FEATURE_DISABLED_BY_DEFAULT, }; } // namespace @@ -172,8 +172,7 @@ class SSLConfigServiceManagerPref : public ssl_config::SSLConfigServiceManager { BooleanPrefMember rev_checking_required_local_anchors_; StringPrefMember ssl_version_min_; StringPrefMember ssl_version_max_; - StringPrefMember ssl_version_fallback_min_; - BooleanPrefMember rc4_enabled_; + BooleanPrefMember dhe_enabled_; // The cached list of disabled SSL cipher suites. std::vector<uint16_t> disabled_cipher_suites_; @@ -192,13 +191,12 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( io_task_runner_(io_task_runner) { DCHECK(local_state); - // Restore the TLS 1.1 fallback leg if enabled via features. - // TODO(davidben): Remove this when the fallback removal has succeeded. - // https://crbug.com/536200. - if (base::FeatureList::IsEnabled(kSSLVersionFallbackTLSv11)) { - local_state->SetDefaultPrefValue( - ssl_config::prefs::kSSLVersionFallbackMin, - new base::StringValue(switches::kSSLVersionTLSv11)); + // Restore DHE-based ciphers if enabled via features. + // TODO(davidben): Remove this when the removal has succeeded. + // https://crbug.com/619194. + if (base::FeatureList::IsEnabled(kDHECiphersFeature)) { + local_state->SetDefaultPrefValue(ssl_config::prefs::kDHEEnabled, + new base::FundamentalValue(true)); } PrefChangeRegistrar::NamedChangeCallback local_state_callback = @@ -214,9 +212,7 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( local_state_callback); ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state, local_state_callback); - ssl_version_fallback_min_.Init(ssl_config::prefs::kSSLVersionFallbackMin, - local_state, local_state_callback); - rc4_enabled_.Init(ssl_config::prefs::kRC4Enabled, local_state, + dhe_enabled_.Init(ssl_config::prefs::kDHEEnabled, local_state, local_state_callback); local_state_change_registrar_.Init(local_state); @@ -243,11 +239,9 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) { std::string()); registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax, std::string()); - registry->RegisterStringPref(ssl_config::prefs::kSSLVersionFallbackMin, - std::string()); registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist); - registry->RegisterBooleanPref(ssl_config::prefs::kRC4Enabled, - default_config.rc4_enabled); + registry->RegisterBooleanPref(ssl_config::prefs::kDHEEnabled, + default_config.dhe_enabled); } net::SSLConfigService* SSLConfigServiceManagerPref::Get() { @@ -283,14 +277,10 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( rev_checking_required_local_anchors_.GetValue(); std::string version_min_str = ssl_version_min_.GetValue(); std::string version_max_str = ssl_version_max_.GetValue(); - std::string version_fallback_min_str = ssl_version_fallback_min_.GetValue(); config->version_min = net::kDefaultSSLVersionMin; config->version_max = net::kDefaultSSLVersionMax; - config->version_fallback_min = net::kDefaultSSLVersionFallbackMin; uint16_t version_min = SSLProtocolVersionFromString(version_min_str); uint16_t version_max = SSLProtocolVersionFromString(version_max_str); - uint16_t version_fallback_min = - SSLProtocolVersionFromString(version_fallback_min_str); if (version_min) { config->version_min = version_min; } @@ -298,13 +288,8 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( uint16_t supported_version_max = config->version_max; config->version_max = std::min(supported_version_max, version_max); } - // Values below TLS 1.1 are invalid. - if (version_fallback_min && - version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) { - config->version_fallback_min = version_fallback_min; - } config->disabled_cipher_suites = disabled_cipher_suites_; - config->rc4_enabled = rc4_enabled_.GetValue(); + config->dhe_enabled = dhe_enabled_.GetValue(); } void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( diff --git a/chromium/components/ssl_config/ssl_config_service_manager_pref_unittest.cc b/chromium/components/ssl_config/ssl_config_service_manager_pref_unittest.cc index 42e2f6bbfa5..ec2aefa5338 100644 --- a/chromium/components/ssl_config/ssl_config_service_manager_pref_unittest.cc +++ b/chromium/components/ssl_config/ssl_config_service_manager_pref_unittest.cc @@ -8,6 +8,7 @@ #include "base/feature_list.h" #include "base/memory/ref_counted.h" #include "base/message_loop/message_loop.h" +#include "base/run_loop.h" #include "base/threading/thread_task_runner_handle.h" #include "base/values.h" #include "components/prefs/testing_pref_service.h" @@ -66,13 +67,13 @@ TEST_F(SSLConfigServiceManagerPrefTest, GoodDisabledCipherSuites) { EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); base::ListValue* list_value = new base::ListValue(); - list_value->Append(new base::StringValue("0x0004")); - list_value->Append(new base::StringValue("0x0005")); + list_value->AppendString("0x0004"); + list_value->AppendString("0x0005"); local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist, list_value); // Pump the message loop to notify the SSLConfigServiceManagerPref that the // preferences changed. - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); SSLConfig config; config_service->GetSSLConfig(&config); @@ -102,15 +103,15 @@ TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) { EXPECT_TRUE(old_config.disabled_cipher_suites.empty()); base::ListValue* list_value = new base::ListValue(); - list_value->Append(new base::StringValue("0x0004")); - list_value->Append(new base::StringValue("TLS_NOT_WITH_A_CIPHER_SUITE")); - list_value->Append(new base::StringValue("0x0005")); - list_value->Append(new base::StringValue("0xBEEFY")); + list_value->AppendString("0x0004"); + list_value->AppendString("TLS_NOT_WITH_A_CIPHER_SUITE"); + list_value->AppendString("0x0005"); + list_value->AppendString("0xBEEFY"); local_state.SetUserPref(ssl_config::prefs::kCipherSuiteBlacklist, list_value); // Pump the message loop to notify the SSLConfigServiceManagerPref that the // preferences changed. - message_loop_.RunUntilIdle(); + base::RunLoop().RunUntilIdle(); SSLConfig config; config_service->GetSSLConfig(&config); @@ -177,35 +178,12 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); } -// Tests that fallback beyond TLS 1.0 cannot be re-enabled. -TEST_F(SSLConfigServiceManagerPrefTest, NoTLS1Fallback) { - scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); - - TestingPrefServiceSimple local_state; - local_state.SetUserPref(ssl_config::prefs::kSSLVersionFallbackMin, - new base::StringValue("tls1")); - SSLConfigServiceManager::RegisterPrefs(local_state.registry()); - - std::unique_ptr<SSLConfigServiceManager> config_manager( - SSLConfigServiceManager::CreateDefaultManager( - &local_state, base::ThreadTaskRunnerHandle::Get())); - ASSERT_TRUE(config_manager.get()); - scoped_refptr<SSLConfigService> config_service(config_manager->Get()); - ASSERT_TRUE(config_service.get()); - - SSLConfig ssl_config; - config_service->GetSSLConfig(&ssl_config); - // The command-line option must not have been honored. - EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_fallback_min); -} - -// Tests that the TLS 1.1 fallback may be re-enabled via features. -TEST_F(SSLConfigServiceManagerPrefTest, TLSFallbackFeature) { +// Tests that DHE may be re-enabled via features. +TEST_F(SSLConfigServiceManagerPrefTest, DHEFeature) { // Toggle the feature. base::FeatureList::ClearInstanceForTesting(); std::unique_ptr<base::FeatureList> feature_list(new base::FeatureList); - feature_list->InitializeFromCommandLine("SSLVersionFallbackTLSv1.1", - std::string()); + feature_list->InitializeFromCommandLine("DHECiphers", std::string()); base::FeatureList::SetInstance(std::move(feature_list)); TestingPrefServiceSimple local_state; @@ -220,5 +198,5 @@ TEST_F(SSLConfigServiceManagerPrefTest, TLSFallbackFeature) { // The feature should have switched the default version_fallback_min value. SSLConfig ssl_config; config_service->GetSSLConfig(&ssl_config); - EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_fallback_min); + EXPECT_TRUE(ssl_config.dhe_enabled); } diff --git a/chromium/components/ssl_config/ssl_config_switches.cc b/chromium/components/ssl_config/ssl_config_switches.cc index 779149d015d..05ed87b7f7a 100644 --- a/chromium/components/ssl_config/ssl_config_switches.cc +++ b/chromium/components/ssl_config/ssl_config_switches.cc @@ -12,12 +12,8 @@ const char kSSLVersionMax[] = "ssl-version-max"; // Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2"). const char kSSLVersionMin[] = "ssl-version-min"; -// Specifies the minimum SSL/TLS version ("tls1.1" or "tls1.2") that -// TLS fallback will accept. -const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min"; - -// These values aren't switches, but rather the values that kSSLVersionMax, -// kSSLVersionMin and kSSLVersionFallbackMin can have. +// These values aren't switches, but rather the values that kSSLVersionMax and +// kSSLVersionMin can have. const char kSSLVersionTLSv1[] = "tls1"; const char kSSLVersionTLSv11[] = "tls1.1"; const char kSSLVersionTLSv12[] = "tls1.2"; diff --git a/chromium/components/ssl_config/ssl_config_switches.h b/chromium/components/ssl_config/ssl_config_switches.h index fc8d437f827..795f8ff8163 100644 --- a/chromium/components/ssl_config/ssl_config_switches.h +++ b/chromium/components/ssl_config/ssl_config_switches.h @@ -9,7 +9,6 @@ namespace switches { extern const char kSSLVersionMax[]; extern const char kSSLVersionMin[]; -extern const char kSSLVersionFallbackMin[]; extern const char kSSLVersionTLSv1[]; extern const char kSSLVersionTLSv11[]; extern const char kSSLVersionTLSv12[]; |