Date: Wed, 15 Oct 2014 21:55:34 +0000 (UTC) From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r370959 - in branches/2014Q4/www/chromium: . files Message-ID: <201410152155.s9FLtYOI087308@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rene Date: Wed Oct 15 21:55:33 2014 New Revision: 370959 URL: https://svnweb.freebsd.org/changeset/ports/370959 QAT: https://qat.redports.org/buildarchive/r370959/ Log: MFH: r370928 www/chromium: desupport SSLv3.0, taken from upstream GIT repository. While here really fix the desktop icon. Bump PORTREVISION Obtained from: https://chromium.googlesource.com/chromium/src/+/701bb044ac5ad4f1572e86b83a673cc49383efb4 Obtained from: https://chromium.googlesource.com/chromium/src/+/32352ad08ee673a4d43e8593ce988b224f6482d3 Security: CVE-2014-3566 ("Poodle") Approved by: portmgr (bdrewery) Added: branches/2014Q4/www/chromium/files/patch-chrome__app__generated_resources.grd - copied unchanged from r370928, head/www/chromium/files/patch-chrome__app__generated_resources.grd branches/2014Q4/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc - copied unchanged from r370928, head/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc branches/2014Q4/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc - copied unchanged from r370928, head/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc branches/2014Q4/www/chromium/files/patch-chrome__common__localized_error.cc - copied unchanged from r370928, head/www/chromium/files/patch-chrome__common__localized_error.cc branches/2014Q4/www/chromium/files/patch-net__base__net_error_list.h - copied unchanged from r370928, head/www/chromium/files/patch-net__base__net_error_list.h branches/2014Q4/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc - copied unchanged from r370928, head/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc branches/2014Q4/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc - copied unchanged from r370928, head/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc branches/2014Q4/www/chromium/files/patch-net__ssl__ssl_config.cc - copied unchanged from r370928, head/www/chromium/files/patch-net__ssl__ssl_config.cc branches/2014Q4/www/chromium/files/patch-net__ssl__ssl_config.h - copied unchanged from r370928, head/www/chromium/files/patch-net__ssl__ssl_config.h branches/2014Q4/www/chromium/files/patch-tools__metrics__histograms__histograms.xml - copied unchanged from r370928, head/www/chromium/files/patch-tools__metrics__histograms__histograms.xml Modified: branches/2014Q4/www/chromium/Makefile branches/2014Q4/www/chromium/files/chromium-browser.desktop.in branches/2014Q4/www/chromium/files/patch-chrome__common__chrome_switches.cc branches/2014Q4/www/chromium/files/patch-chrome__common__chrome_switches.h branches/2014Q4/www/chromium/files/patch-chrome__common__pref_names.cc branches/2014Q4/www/chromium/files/patch-chrome__common__pref_names.h Directory Properties: branches/2014Q4/ (props changed) Modified: branches/2014Q4/www/chromium/Makefile ============================================================================== --- branches/2014Q4/www/chromium/Makefile Wed Oct 15 21:48:04 2014 (r370958) +++ branches/2014Q4/www/chromium/Makefile Wed Oct 15 21:55:33 2014 (r370959) @@ -3,7 +3,7 @@ PORTNAME= chromium PORTVERSION= 38.0.2125.101 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= http://commondatastorage.googleapis.com/chromium-browser-official/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} Modified: branches/2014Q4/www/chromium/files/chromium-browser.desktop.in ============================================================================== --- branches/2014Q4/www/chromium/files/chromium-browser.desktop.in Wed Oct 15 21:48:04 2014 (r370958) +++ branches/2014Q4/www/chromium/files/chromium-browser.desktop.in Wed Oct 15 21:55:33 2014 (r370959) @@ -4,7 +4,7 @@ Version=1.0 Encoding=UTF-8 Name=Chromium Comment=%%COMMENT%% -Icon=%%DATADIR%%/product_logo_48.png +Icon=chrome Exec=chrome %U Categories=Application;Network;WebBrowser; MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp; Copied: branches/2014Q4/www/chromium/files/patch-chrome__app__generated_resources.grd (from r370928, head/www/chromium/files/patch-chrome__app__generated_resources.grd) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-chrome__app__generated_resources.grd Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-chrome__app__generated_resources.grd) @@ -0,0 +1,19 @@ +--- chrome/app/generated_resources.grd.orig 2014-10-02 17:39:45 UTC ++++ chrome/app/generated_resources.grd +@@ -9024,6 +9024,16 @@ + SSL protocol error. + </message> + ++ <message name="IDS_ERRORPAGES_HEADING_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" desc="Heading in the error page for SSL fallback errors."> ++ SSL server probably obsolete. ++ </message> ++ <message name="IDS_ERRORPAGES_SUMMARY_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" desc="Summary in the error page for SSL fallback errors."> ++ Unable to connect securely to the server. This website may have worked previously, but connecting to such sites has now been shown to cause security risks to all users and thus has been disabled for your safety. ++ </message> ++ <message name="IDS_ERRORPAGES_DETAILS_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" desc="The error message displayed for SSL fallback errors."> ++ An SSLv3 fallback was able to handshake with the server, but we no longer accept SSLv3 fallbacks due to new attacks against the protocol. The server needs to be updated to support a minimum of TLS 1.0 and preferably TLS 1.2. ++ </message> ++ + <message name="IDS_ERRORPAGES_HEADING_PINNING_FAILURE" desc="Title of the error page for a certificate which doesn't match the built-in pins for that name"> + Incorrect certificate for host. + </message> Copied: branches/2014Q4/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc (from r370928, head/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-chrome__browser__net__ssl_config_service_manager_pref.cc) @@ -0,0 +1,57 @@ +--- chrome/browser/net/ssl_config_service_manager_pref.cc.orig 2014-10-02 17:39:46 UTC ++++ chrome/browser/net/ssl_config_service_manager_pref.cc +@@ -174,6 +174,7 @@ + BooleanPrefMember rev_checking_required_local_anchors_; + StringPrefMember ssl_version_min_; + StringPrefMember ssl_version_max_; ++ StringPrefMember ssl_version_fallback_min_; + BooleanPrefMember ssl_record_splitting_disabled_; + + // The cached list of disabled SSL cipher suites. +@@ -204,6 +205,8 @@ + prefs::kSSLVersionMin, local_state, local_state_callback); + ssl_version_max_.Init( + prefs::kSSLVersionMax, local_state, local_state_callback); ++ ssl_version_fallback_min_.Init( ++ prefs::kSSLVersionFallbackMin, local_state, local_state_callback); + ssl_record_splitting_disabled_.Init( + prefs::kDisableSSLRecordSplitting, local_state, local_state_callback); + +@@ -230,8 +233,12 @@ + SSLProtocolVersionToString(default_config.version_min); + std::string version_max_str = + SSLProtocolVersionToString(default_config.version_max); ++ std::string version_fallback_min_str = ++ SSLProtocolVersionToString(default_config.version_fallback_min); + registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str); + registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str); ++ registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, ++ version_fallback_min_str); + registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting, + !default_config.false_start_enabled); + registry->RegisterListPref(prefs::kCipherSuiteBlacklist); +@@ -275,10 +282,14 @@ + rev_checking_required_local_anchors_.GetValue(); + std::string version_min_str = ssl_version_min_.GetValue(); + std::string version_max_str = ssl_version_max_.GetValue(); ++ std::string version_fallback_min_str = ssl_version_fallback_min_.GetValue(); + config->version_min = net::kDefaultSSLVersionMin; + config->version_max = net::kDefaultSSLVersionMax; ++ config->version_fallback_min = net::kDefaultSSLVersionFallbackMin; + uint16 version_min = SSLProtocolVersionFromString(version_min_str); + uint16 version_max = SSLProtocolVersionFromString(version_max_str); ++ uint16 version_fallback_min = ++ SSLProtocolVersionFromString(version_fallback_min_str); + if (version_min) { + // TODO(wtc): get the minimum SSL protocol version supported by the + // SSLClientSocket class. Right now it happens to be the same as the +@@ -293,6 +304,9 @@ + uint16 supported_version_max = config->version_max; + config->version_max = std::min(supported_version_max, version_max); + } ++ if (version_fallback_min) { ++ config->version_fallback_min = version_fallback_min; ++ } + config->disabled_cipher_suites = disabled_cipher_suites_; + // disabling False Start also happens to disable record splitting. + config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue(); Copied: branches/2014Q4/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc (from r370928, head/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-chrome__browser__prefs__command_line_pref_store.cc) @@ -0,0 +1,10 @@ +--- chrome/browser/prefs/command_line_pref_store.cc.orig 2014-10-02 17:39:46 UTC ++++ chrome/browser/prefs/command_line_pref_store.cc +@@ -33,6 +33,7 @@ + { switches::kDiskCacheDir, prefs::kDiskCacheDir }, + { switches::kSSLVersionMin, prefs::kSSLVersionMin }, + { switches::kSSLVersionMax, prefs::kSSLVersionMax }, ++ { switches::kSSLVersionFallbackMin, prefs::kSSLVersionFallbackMin }, + }; + + const CommandLinePrefStore::BooleanSwitchToPreferenceMapEntry Modified: branches/2014Q4/www/chromium/files/patch-chrome__common__chrome_switches.cc ============================================================================== --- branches/2014Q4/www/chromium/files/patch-chrome__common__chrome_switches.cc Wed Oct 15 21:48:04 2014 (r370958) +++ branches/2014Q4/www/chromium/files/patch-chrome__common__chrome_switches.cc Wed Oct 15 21:55:33 2014 (r370959) @@ -1,6 +1,17 @@ ---- chrome/common/chrome_switches.cc.orig 2014-10-02 17:39:46 UTC -+++ chrome/common/chrome_switches.cc -@@ -1277,13 +1277,13 @@ +--- chrome/common/chrome_switches.cc.orig 2014-10-02 19:39:46.000000000 +0200 ++++ chrome/common/chrome_switches.cc 2014-10-15 11:59:52.000000000 +0200 +@@ -1127,6 +1127,10 @@ + // "tls1.2"). + const char kSSLVersionMin[] = "ssl-version-min"; + ++// Specifies the minimum SSL/TLS version ("ssl3", "tls1", "tls1.1", or ++// "tls1.2") that TLS fallback will accept. ++const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min"; ++ + // Starts the browser maximized, regardless of any previous settings. + const char kStartMaximized[] = "start-maximized"; + +@@ -1277,13 +1281,13 @@ const char kPasswordStore[] = "password-store"; #endif Modified: branches/2014Q4/www/chromium/files/patch-chrome__common__chrome_switches.h ============================================================================== --- branches/2014Q4/www/chromium/files/patch-chrome__common__chrome_switches.h Wed Oct 15 21:48:04 2014 (r370958) +++ branches/2014Q4/www/chromium/files/patch-chrome__common__chrome_switches.h Wed Oct 15 21:55:33 2014 (r370959) @@ -1,6 +1,14 @@ ---- chrome/common/chrome_switches.h.orig 2014-10-02 17:39:46 UTC -+++ chrome/common/chrome_switches.h -@@ -362,7 +362,7 @@ +--- chrome/common/chrome_switches.h.orig 2014-10-02 19:39:46.000000000 +0200 ++++ chrome/common/chrome_switches.h 2014-10-15 11:59:52.000000000 +0200 +@@ -309,6 +309,7 @@ + extern const char kSpellingServiceFeedbackIntervalSeconds[]; + extern const char kSSLVersionMax[]; + extern const char kSSLVersionMin[]; ++extern const char kSSLVersionFallbackMin[]; + extern const char kStartMaximized[]; + extern const char kSupervisedUserId[]; + extern const char kSupervisedUserSyncToken[]; +@@ -362,7 +363,7 @@ extern const char kPasswordStore[]; #endif Copied: branches/2014Q4/www/chromium/files/patch-chrome__common__localized_error.cc (from r370928, head/www/chromium/files/patch-chrome__common__localized_error.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-chrome__common__localized_error.cc Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-chrome__common__localized_error.cc) @@ -0,0 +1,35 @@ +--- chrome/common/localized_error.cc.orig 2014-10-02 17:39:46 UTC ++++ chrome/common/localized_error.cc +@@ -40,6 +40,8 @@ + static const char kWeakDHKeyLearnMoreUrl[] = + "http://sites.google.com/a/chromium.org/dev/" + "err_ssl_weak_server_ephemeral_dh_key"; ++static const char kSSLv3FallbackUrl[] = ++ "https://code.google.com/p/chromium/issues/detail?id=418848"; + #if defined(OS_CHROMEOS) + static const char kAppWarningLearnMoreUrl[] = + "chrome-extension://honijodknafkokifofgiaalefdiedpko/main.html" +@@ -301,6 +303,13 @@ + IDS_ERRORPAGES_DETAILS_BLOCKED_ENROLLMENT_CHECK_PENDING, + SUGGEST_CHECK_CONNECTION, + }, ++ {net::ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION, ++ IDS_ERRORPAGES_TITLE_LOAD_FAILED, ++ IDS_ERRORPAGES_HEADING_SSL_FALLBACK_BEYOND_MINIMUM_VERSION, ++ IDS_ERRORPAGES_SUMMARY_SSL_FALLBACK_BEYOND_MINIMUM_VERSION, ++ IDS_ERRORPAGES_DETAILS_SSL_FALLBACK_BEYOND_MINIMUM_VERSION, ++ SUGGEST_LEARNMORE, ++ }, + }; + + // Special error page to be used in the case of navigating back to a page +@@ -796,6 +805,9 @@ + case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: + learn_more_url = GURL(kWeakDHKeyLearnMoreUrl); + break; ++ case net::ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION: ++ learn_more_url = GURL(kSSLv3FallbackUrl); ++ break; + default: + break; + } Modified: branches/2014Q4/www/chromium/files/patch-chrome__common__pref_names.cc ============================================================================== --- branches/2014Q4/www/chromium/files/patch-chrome__common__pref_names.cc Wed Oct 15 21:48:04 2014 (r370958) +++ branches/2014Q4/www/chromium/files/patch-chrome__common__pref_names.cc Wed Oct 15 21:55:33 2014 (r370959) @@ -1,5 +1,5 @@ ---- chrome/common/pref_names.cc.orig 2014-10-02 17:39:46 UTC -+++ chrome/common/pref_names.cc +--- chrome/common/pref_names.cc.orig 2014-10-02 19:39:46.000000000 +0200 ++++ chrome/common/pref_names.cc 2014-10-15 11:59:52.000000000 +0200 @@ -898,7 +898,7 @@ // Boolean controlling whether SafeSearch is mandatory for Google Web Searches. const char kForceSafeSearch[] = "settings.force_safesearch"; @@ -9,3 +9,11 @@ // Linux specific preference on whether we should match the system theme. const char kUsesSystemTheme[] = "extensions.theme.use_system"; #endif +@@ -1288,6 +1288,7 @@ + "ssl.rev_checking.required_for_local_anchors"; + const char kSSLVersionMin[] = "ssl.version_min"; + const char kSSLVersionMax[] = "ssl.version_max"; ++const char kSSLVersionFallbackMin[] = "ssl.version_fallback_min"; + const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist"; + const char kDisableSSLRecordSplitting[] = "ssl.ssl_record_splitting.disabled"; + Modified: branches/2014Q4/www/chromium/files/patch-chrome__common__pref_names.h ============================================================================== --- branches/2014Q4/www/chromium/files/patch-chrome__common__pref_names.h Wed Oct 15 21:48:04 2014 (r370958) +++ branches/2014Q4/www/chromium/files/patch-chrome__common__pref_names.h Wed Oct 15 21:55:33 2014 (r370959) @@ -1,5 +1,5 @@ ---- chrome/common/pref_names.h.orig 2014-10-02 17:39:46 UTC -+++ chrome/common/pref_names.h +--- chrome/common/pref_names.h.orig 2014-10-02 19:39:46.000000000 +0200 ++++ chrome/common/pref_names.h 2014-10-15 11:59:52.000000000 +0200 @@ -291,7 +291,7 @@ extern const char kForceSafeSearch[]; extern const char kDeleteTimePeriod[]; @@ -9,3 +9,11 @@ extern const char kUsesSystemTheme[]; #endif extern const char kCurrentThemePackFilename[]; +@@ -405,6 +405,7 @@ + extern const char kCertRevocationCheckingRequiredLocalAnchors[]; + extern const char kSSLVersionMin[]; + extern const char kSSLVersionMax[]; ++extern const char kSSLVersionFallbackMin[]; + extern const char kCipherSuiteBlacklist[]; + extern const char kDisableSSLRecordSplitting[]; + Copied: branches/2014Q4/www/chromium/files/patch-net__base__net_error_list.h (from r370928, head/www/chromium/files/patch-net__base__net_error_list.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-net__base__net_error_list.h Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-net__base__net_error_list.h) @@ -0,0 +1,13 @@ +--- net/base/net_error_list.h.orig 2014-10-02 17:18:59 UTC ++++ net/base/net_error_list.h +@@ -336,6 +336,10 @@ + // library. + NET_ERROR(SSL_CLIENT_AUTH_CERT_BAD_FORMAT, -164) + ++// The SSL server requires falling back to a version older than the configured ++// minimum fallback version, and thus fallback failed. ++NET_ERROR(SSL_FALLBACK_BEYOND_MINIMUM_VERSION, -165) ++ + // Certificate error codes + // + // The values of certificate error codes must be consecutive. Copied: branches/2014Q4/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc (from r370928, head/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-net__socket__ssl_client_socket_nss.cc) @@ -0,0 +1,14 @@ +--- net/socket/ssl_client_socket_nss.cc.orig 2014-10-02 17:39:47 UTC ++++ net/socket/ssl_client_socket_nss.cc +@@ -3330,6 +3330,11 @@ + EnterFunction(result); + + if (result == OK) { ++ if (ssl_config_.version_fallback && ++ ssl_config_.version_max < ssl_config_.version_fallback_min) { ++ return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; ++ } ++ + // SSL handshake is completed. Let's verify the certificate. + GotoState(STATE_VERIFY_CERT); + // Done! Copied: branches/2014Q4/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc (from r370928, head/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-net__socket__ssl_client_socket_openssl.cc) @@ -0,0 +1,14 @@ +--- net/socket/ssl_client_socket_openssl.cc.orig 2014-10-02 17:39:47 UTC ++++ net/socket/ssl_client_socket_openssl.cc +@@ -890,6 +890,11 @@ + << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail"); + } + ++ if (ssl_config_.version_fallback && ++ ssl_config_.version_max < ssl_config_.version_fallback_min) { ++ return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; ++ } ++ + // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. + if (npn_status_ == kNextProtoUnsupported) { + const uint8_t* alpn_proto = NULL; Copied: branches/2014Q4/www/chromium/files/patch-net__ssl__ssl_config.cc (from r370928, head/www/chromium/files/patch-net__ssl__ssl_config.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-net__ssl__ssl_config.cc Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-net__ssl__ssl_config.cc) @@ -0,0 +1,19 @@ +--- net/ssl/ssl_config.cc.orig 2014-10-02 17:39:47 UTC ++++ net/ssl/ssl_config.cc +@@ -25,6 +25,8 @@ + SSL_PROTOCOL_VERSION_TLS1_2; + #endif + ++const uint16 kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1; ++ + SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} + + SSLConfig::CertAndStatus::~CertAndStatus() {} +@@ -34,6 +36,7 @@ + rev_checking_required_local_anchors(false), + version_min(kDefaultSSLVersionMin), + version_max(kDefaultSSLVersionMax), ++ version_fallback_min(kDefaultSSLVersionFallbackMin), + channel_id_enabled(true), + false_start_enabled(true), + signed_cert_timestamps_enabled(true), Copied: branches/2014Q4/www/chromium/files/patch-net__ssl__ssl_config.h (from r370928, head/www/chromium/files/patch-net__ssl__ssl_config.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-net__ssl__ssl_config.h Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-net__ssl__ssl_config.h) @@ -0,0 +1,25 @@ +--- net/ssl/ssl_config.h.orig 2014-10-02 17:19:00 UTC ++++ net/ssl/ssl_config.h +@@ -32,6 +32,9 @@ + // Default maximum protocol version. + NET_EXPORT extern const uint16 kDefaultSSLVersionMax; + ++// Default minimum protocol version that it's acceptable to fallback to. ++NET_EXPORT extern const uint16 kDefaultSSLVersionFallbackMin; ++ + // A collection of SSL-related configuration settings. + struct NET_EXPORT SSLConfig { + // Default to revocation checking. +@@ -73,6 +76,12 @@ + uint16 version_min; + uint16 version_max; + ++ // version_fallback_min contains the minimum version that is acceptable to ++ // fallback to. Versions before this may be tried to see whether they would ++ // have succeeded and thus to give a better message to the user, but the ++ // resulting connection won't be used in these cases. ++ uint16 version_fallback_min; ++ + // Presorted list of cipher suites which should be explicitly prevented from + // being used in addition to those disabled by the net built-in policy. + // Copied: branches/2014Q4/www/chromium/files/patch-tools__metrics__histograms__histograms.xml (from r370928, head/www/chromium/files/patch-tools__metrics__histograms__histograms.xml) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2014Q4/www/chromium/files/patch-tools__metrics__histograms__histograms.xml Wed Oct 15 21:55:33 2014 (r370959, copy of r370928, head/www/chromium/files/patch-tools__metrics__histograms__histograms.xml) @@ -0,0 +1,10 @@ +--- tools/metrics/histograms/histograms.xml.orig 2014-10-02 17:39:48 UTC ++++ tools/metrics/histograms/histograms.xml +@@ -45253,6 +45253,7 @@ + <int value="162" label="SOCKET_RECEIVE_BUFFER_SIZE_UNCHANGEABLE"/> + <int value="163" label="SOCKET_SEND_BUFFER_SIZE_UNCHANGEABLE"/> + <int value="164" label="SSL_CLIENT_AUTH_CERT_BAD_FORMAT"/> ++ <int value="165" label="SSL_FALLBACK_BEYOND_MINIMUM_VERSION"/> + <int value="200" label="CERT_COMMON_NAME_INVALID"/> + <int value="201" label="CERT_DATE_INVALID"/> + <int value="202" label="CERT_AUTHORITY_INVALID"/>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410152155.s9FLtYOI087308>