OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/client_socket_factory.h" | 5 #include "net/socket/client_socket_factory.h" |
6 | 6 |
7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
8 #include "base/threading/thread.h" | |
8 #include "build/build_config.h" | 9 #include "build/build_config.h" |
9 #include "net/base/cert_database.h" | 10 #include "net/base/cert_database.h" |
10 #include "net/socket/client_socket_handle.h" | 11 #include "net/socket/client_socket_handle.h" |
11 #if defined(OS_WIN) | 12 #if defined(OS_WIN) |
12 #include "net/socket/ssl_client_socket_nss.h" | 13 #include "net/socket/ssl_client_socket_nss.h" |
13 #include "net/socket/ssl_client_socket_win.h" | 14 #include "net/socket/ssl_client_socket_win.h" |
14 #elif defined(USE_OPENSSL) | 15 #elif defined(USE_OPENSSL) |
15 #include "net/socket/ssl_client_socket_openssl.h" | 16 #include "net/socket/ssl_client_socket_openssl.h" |
16 #elif defined(USE_NSS) | 17 #elif defined(USE_NSS) |
17 #include "net/socket/ssl_client_socket_nss.h" | 18 #include "net/socket/ssl_client_socket_nss.h" |
18 #elif defined(OS_MACOSX) | 19 #elif defined(OS_MACOSX) |
19 #include "net/socket/ssl_client_socket_mac.h" | 20 #include "net/socket/ssl_client_socket_mac.h" |
20 #include "net/socket/ssl_client_socket_nss.h" | 21 #include "net/socket/ssl_client_socket_nss.h" |
21 #endif | 22 #endif |
22 #include "net/socket/ssl_host_info.h" | 23 #include "net/socket/ssl_host_info.h" |
23 #include "net/socket/tcp_client_socket.h" | 24 #include "net/socket/tcp_client_socket.h" |
24 #include "net/udp/udp_client_socket.h" | 25 #include "net/udp/udp_client_socket.h" |
25 | 26 |
26 namespace net { | 27 namespace net { |
27 | 28 |
28 class X509Certificate; | 29 class X509Certificate; |
29 | 30 |
30 namespace { | 31 namespace { |
31 | 32 |
32 bool g_use_system_ssl = false; | 33 bool g_use_system_ssl = false; |
33 | 34 |
35 // ChromeOS uses a hardware TPM module that may cause NSS operations to | |
36 // block for upwards of several seconds. To avoid blocking all network and | |
37 // IPC activity, run NSS SSL functions on a dedicated thread. | |
38 #if defined(OS_CHROMEOS) | |
wtc
2012/05/30 22:54:29
It may be a good idea to do this on more platforms
Ryan Sleevi
2012/05/30 23:20:10
I agree, but as a possible merge candidate, I want
wtc
2012/05/31 01:23:42
If you plan to merge this CL to the Chrome 20 bran
Ryan Sleevi
2012/05/31 01:31:14
Agreed, that's the goal :)
| |
39 bool g_use_dedicated_nss_thread = true; | |
40 #else | |
41 bool g_use_dedicated_nss_thread = false; | |
42 #endif | |
Ryan Sleevi
2012/05/30 02:11:33
Design context: I debated very heavily on where th
wtc
2012/05/30 22:54:29
I agree with the design decision of creating the N
| |
43 | |
34 class DefaultClientSocketFactory : public ClientSocketFactory, | 44 class DefaultClientSocketFactory : public ClientSocketFactory, |
35 public CertDatabase::Observer { | 45 public CertDatabase::Observer { |
36 public: | 46 public: |
37 DefaultClientSocketFactory() { | 47 DefaultClientSocketFactory() { |
48 if (g_use_dedicated_nss_thread) { | |
49 nss_thread_.reset(new base::Thread("NSS SSL Thread")); | |
50 nss_thread_->Start(); | |
51 } | |
52 | |
38 CertDatabase::AddObserver(this); | 53 CertDatabase::AddObserver(this); |
39 } | 54 } |
40 | 55 |
41 virtual ~DefaultClientSocketFactory() { | 56 virtual ~DefaultClientSocketFactory() { |
42 CertDatabase::RemoveObserver(this); | 57 CertDatabase::RemoveObserver(this); |
43 } | 58 } |
44 | 59 |
45 virtual void OnUserCertAdded(const X509Certificate* cert) { | 60 virtual void OnUserCertAdded(const X509Certificate* cert) { |
46 ClearSSLSessionCache(); | 61 ClearSSLSessionCache(); |
47 } | 62 } |
(...skipping 21 matching lines...) Expand all Loading... | |
69 } | 84 } |
70 | 85 |
71 virtual SSLClientSocket* CreateSSLClientSocket( | 86 virtual SSLClientSocket* CreateSSLClientSocket( |
72 ClientSocketHandle* transport_socket, | 87 ClientSocketHandle* transport_socket, |
73 const HostPortPair& host_and_port, | 88 const HostPortPair& host_and_port, |
74 const SSLConfig& ssl_config, | 89 const SSLConfig& ssl_config, |
75 SSLHostInfo* ssl_host_info, | 90 SSLHostInfo* ssl_host_info, |
76 const SSLClientSocketContext& context) { | 91 const SSLClientSocketContext& context) { |
77 scoped_ptr<SSLHostInfo> shi(ssl_host_info); | 92 scoped_ptr<SSLHostInfo> shi(ssl_host_info); |
78 | 93 |
79 #if defined(OS_WIN) | 94 scoped_refptr<base::SingleThreadTaskRunner> network_task_runner( |
95 base::MessageLoopProxy::current()); | |
96 DCHECK(network_task_runner); | |
97 | |
98 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner( | |
99 network_task_runner); | |
100 | |
101 if (g_use_dedicated_nss_thread && nss_thread_->message_loop_proxy()) | |
wtc
2012/05/30 22:54:29
If g_use_dedicated_nss_thread is true, nss_thread_
Ryan Sleevi
2012/05/30 23:20:10
If the thread fails to start, it'll be NULL. With
| |
102 nss_task_runner = nss_thread_->message_loop_proxy(); | |
Ryan Sleevi
2012/05/30 02:14:33
Further design context:
Note that I'm not checkin
wtc
2012/05/30 22:54:29
I agree with the design decision of moving all NSS
| |
103 | |
104 #if defined(USE_OPENSSL) | |
105 return new SSLClientSocketOpenSSL(transport_socket, host_and_port, | |
106 ssl_config, context); | |
107 #elif defined(USE_NSS) | |
108 return new SSLClientSocketNSS(network_task_runner, nss_task_runner, | |
109 transport_socket, host_and_port, ssl_config, | |
110 shi.release(), context); | |
111 #elif defined(OS_WIN) | |
80 if (g_use_system_ssl) { | 112 if (g_use_system_ssl) { |
81 return new SSLClientSocketWin(transport_socket, host_and_port, | 113 return new SSLClientSocketWin(transport_socket, host_and_port, |
82 ssl_config, context); | 114 ssl_config, context); |
83 } | 115 } |
84 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | 116 return new SSLClientSocketNSS(network_task_runner, nss_task_runner, |
85 shi.release(), context); | 117 transport_socket, host_and_port, ssl_config, |
86 #elif defined(USE_OPENSSL) | |
87 return new SSLClientSocketOpenSSL(transport_socket, host_and_port, | |
88 ssl_config, context); | |
89 #elif defined(USE_NSS) | |
90 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | |
91 shi.release(), context); | 118 shi.release(), context); |
92 #elif defined(OS_MACOSX) | 119 #elif defined(OS_MACOSX) |
93 if (g_use_system_ssl) { | 120 if (g_use_system_ssl) { |
94 return new SSLClientSocketMac(transport_socket, host_and_port, | 121 return new SSLClientSocketMac(transport_socket, host_and_port, |
95 ssl_config, context); | 122 ssl_config, context); |
96 } | 123 } |
97 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | 124 return new SSLClientSocketNSS(network_task_runner, nss_task_runner, |
125 transport_socket, host_and_port, ssl_config, | |
98 shi.release(), context); | 126 shi.release(), context); |
99 #else | 127 #else |
100 NOTIMPLEMENTED(); | 128 NOTIMPLEMENTED(); |
101 return NULL; | 129 return NULL; |
102 #endif | 130 #endif |
103 } | 131 } |
104 | 132 |
105 void ClearSSLSessionCache() { | 133 void ClearSSLSessionCache() { |
106 SSLClientSocket::ClearSessionCache(); | 134 SSLClientSocket::ClearSessionCache(); |
107 } | 135 } |
108 | 136 |
137 private: | |
138 scoped_ptr<base::Thread> nss_thread_; | |
109 }; | 139 }; |
110 | 140 |
111 static base::LazyInstance<DefaultClientSocketFactory> | 141 static base::LazyInstance<DefaultClientSocketFactory> |
112 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER; | 142 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER; |
113 | 143 |
114 } // namespace | 144 } // namespace |
115 | 145 |
116 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. | 146 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. |
117 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( | 147 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( |
118 StreamSocket* transport_socket, | 148 StreamSocket* transport_socket, |
(...skipping 19 matching lines...) Expand all Loading... | |
138 #if defined(OS_WIN) | 168 #if defined(OS_WIN) |
139 // Reflect the capability of SSLClientSocketWin. | 169 // Reflect the capability of SSLClientSocketWin. |
140 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); | 170 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); |
141 #elif defined(OS_MACOSX) | 171 #elif defined(OS_MACOSX) |
142 // Reflect the capability of SSLClientSocketMac. | 172 // Reflect the capability of SSLClientSocketMac. |
143 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); | 173 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); |
144 #endif | 174 #endif |
145 } | 175 } |
146 | 176 |
147 } // namespace net | 177 } // namespace net |
OLD | NEW |