1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/ssl/ssl_config_service.h" 6 7 #include "base/lazy_instance.h" 8 #include "base/synchronization/lock.h" 9 #include "net/ssl/ssl_config_service_defaults.h" 10 11 namespace net { 12 13 SSLConfigService::SSLConfigService() 14 : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) { 15 } 16 17 // GlobalCRLSet holds a reference to the global CRLSet. It simply wraps a lock 18 // around a scoped_refptr so that getting a reference doesn't race with 19 // updating the CRLSet. 20 class GlobalCRLSet { 21 public: 22 void Set(const scoped_refptr<CRLSet>& new_crl_set) { 23 base::AutoLock locked(lock_); 24 crl_set_ = new_crl_set; 25 } 26 27 scoped_refptr<CRLSet> Get() const { 28 base::AutoLock locked(lock_); 29 return crl_set_; 30 } 31 32 private: 33 scoped_refptr<CRLSet> crl_set_; 34 mutable base::Lock lock_; 35 }; 36 37 base::LazyInstance<GlobalCRLSet>::Leaky g_crl_set = LAZY_INSTANCE_INITIALIZER; 38 39 // static 40 void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set) { 41 // Note: this can be called concurently with GetCRLSet(). 42 g_crl_set.Get().Set(crl_set); 43 } 44 45 // static 46 scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() { 47 return g_crl_set.Get().Get(); 48 } 49 50 void SSLConfigService::AddObserver(Observer* observer) { 51 observer_list_.AddObserver(observer); 52 } 53 54 void SSLConfigService::RemoveObserver(Observer* observer) { 55 observer_list_.RemoveObserver(observer); 56 } 57 58 void SSLConfigService::NotifySSLConfigChange() { 59 FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged()); 60 } 61 62 SSLConfigService::~SSLConfigService() { 63 } 64 65 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config, 66 const SSLConfig& new_config) { 67 bool config_changed = 68 (orig_config.rev_checking_enabled != new_config.rev_checking_enabled) || 69 (orig_config.rev_checking_required_local_anchors != 70 new_config.rev_checking_required_local_anchors) || 71 (orig_config.version_min != new_config.version_min) || 72 (orig_config.version_max != new_config.version_max) || 73 (orig_config.disabled_cipher_suites != 74 new_config.disabled_cipher_suites) || 75 (orig_config.channel_id_enabled != new_config.channel_id_enabled) || 76 (orig_config.false_start_enabled != new_config.false_start_enabled) || 77 (orig_config.require_forward_secrecy != 78 new_config.require_forward_secrecy); 79 80 if (config_changed) 81 NotifySSLConfigChange(); 82 } 83 84 // static 85 bool SSLConfigService::IsSNIAvailable(SSLConfigService* service) { 86 if (!service) 87 return false; 88 89 SSLConfig ssl_config; 90 service->GetSSLConfig(&ssl_config); 91 return ssl_config.version_max >= SSL_PROTOCOL_VERSION_TLS1; 92 } 93 94 } // namespace net 95
