Merge pull request #2861 from deepak1556/ssl_version_config_patch

browser: switch to set minimum version for TLS fallback
2015-09-23 17:30:26 +08:00 · 2015-09-23 17:30:26 +08:00 · 142702866d
commit 142702866d
parent 057c77341a 748b1387d2
8 changed files with 93 additions and 0 deletions
--- a/atom/browser/atom_browser_context.cc
+++ b/atom/browser/atom_browser_context.cc
@ -6,6 +6,7 @@

 #include "atom/browser/atom_browser_main_parts.h"
 #include "atom/browser/atom_download_manager_delegate.h"
+#include "atom/browser/atom_ssl_config_service.h"
 #include "atom/browser/browser.h"
 #include "atom/browser/net/atom_url_request_job_factory.h"
 #include "atom/browser/net/asar/asar_protocol_handler.h"
@ -156,6 +157,10 @@ content::BrowserPluginGuestManager* AtomBrowserContext::GetGuestManager() {
  return guest_manager_.get();
 }

+net::SSLConfigService* AtomBrowserContext::CreateSSLConfigService() {
+  return new AtomSSLConfigService;
+}
+
 void AtomBrowserContext::RegisterPrefs(PrefRegistrySimple* pref_registry) {
  pref_registry->RegisterFilePathPref(prefs::kSelectFileLastDirectory,
                                      base::FilePath());
--- a/atom/browser/atom_browser_context.h
+++ b/atom/browser/atom_browser_context.h
@ -27,6 +27,7 @@ class AtomBrowserContext : public brightray::BrowserContext {
      content::URLRequestInterceptorScopedVector* interceptors) override;
  net::HttpCache::BackendFactory* CreateHttpCacheBackendFactory(
      const base::FilePath& base_path) override;
+  net::SSLConfigService* CreateSSLConfigService() override;

  // content::BrowserContext:
  content::DownloadManagerDelegate* GetDownloadManagerDelegate() override;
--- a/atom/browser/atom_ssl_config_service.cc
+++ b/atom/browser/atom_ssl_config_service.cc
@ -0,0 +1,47 @@
+// Copyright (c) 2015 GitHub, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#include "atom/browser/atom_ssl_config_service.h"
+
+#include <string>
+
+#include "base/command_line.h"
+#include "atom/common/options_switches.h"
+#include "content/public/browser/browser_thread.h"
+#include "net/socket/ssl_client_socket.h"
+
+namespace atom {
+
+namespace {
+
+uint16 GetSSLProtocolVersion(const std::string& version_string) {
+  uint16 version = 0;  // Invalid
+  if (version_string == "tls1")
+    version = net::SSL_PROTOCOL_VERSION_TLS1;
+  else if (version_string == "tls1.1")
+    version = net::SSL_PROTOCOL_VERSION_TLS1_1;
+  else if (version_string == "tls1.2")
+    version = net::SSL_PROTOCOL_VERSION_TLS1_2;
+  return version;
+}
+
+}  // namespace
+
+AtomSSLConfigService::AtomSSLConfigService() {
+  auto cmd_line = base::CommandLine::ForCurrentProcess();
+  if (cmd_line->HasSwitch(switches::kSSLVersionFallbackMin)) {
+    auto version_string =
+        cmd_line->GetSwitchValueASCII(switches::kSSLVersionFallbackMin);
+    config_.version_fallback_min = GetSSLProtocolVersion(version_string);
+  }
+}
+
+AtomSSLConfigService::~AtomSSLConfigService() {
+}
+
+void AtomSSLConfigService::GetSSLConfig(net::SSLConfig* config) {
+  *config = config_;
+}
+
+}  // namespace atom
--- a/atom/browser/atom_ssl_config_service.h
+++ b/atom/browser/atom_ssl_config_service.h
@ -0,0 +1,28 @@
+// Copyright (c) 2015 GitHub, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#ifndef ATOM_BROWSER_ATOM_SSL_CONFIG_SERVICE_H_
+#define ATOM_BROWSER_ATOM_SSL_CONFIG_SERVICE_H_
+
+#include "net/ssl/ssl_config_service.h"
+
+namespace atom {
+
+class AtomSSLConfigService : public net::SSLConfigService {
+ public:
+  AtomSSLConfigService();
+  ~AtomSSLConfigService() override;
+
+  // net::SSLConfigService:
+  void GetSSLConfig(net::SSLConfig* config) override;
+
+ private:
+  net::SSLConfig config_;
+
+  DISALLOW_COPY_AND_ASSIGN(AtomSSLConfigService);
+};
+
+}   // namespace atom
+
+#endif  // ATOM_BROWSER_ATOM_SSL_CONFIG_SERVICE_H_