| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/client_socket_factory.h" | 5 #include "net/socket/client_socket_factory.h" |
| 6 | 6 |
| 7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
| 8 #include "base/thread_task_runner_handle.h" |
| 9 #include "base/threading/thread.h" |
| 8 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 9 #include "net/base/cert_database.h" | 11 #include "net/base/cert_database.h" |
| 10 #include "net/socket/client_socket_handle.h" | 12 #include "net/socket/client_socket_handle.h" |
| 11 #if defined(OS_WIN) | 13 #if defined(OS_WIN) |
| 12 #include "net/socket/ssl_client_socket_nss.h" | 14 #include "net/socket/ssl_client_socket_nss.h" |
| 13 #include "net/socket/ssl_client_socket_win.h" | 15 #include "net/socket/ssl_client_socket_win.h" |
| 14 #elif defined(USE_OPENSSL) | 16 #elif defined(USE_OPENSSL) |
| 15 #include "net/socket/ssl_client_socket_openssl.h" | 17 #include "net/socket/ssl_client_socket_openssl.h" |
| 16 #elif defined(USE_NSS) | 18 #elif defined(USE_NSS) |
| 17 #include "net/socket/ssl_client_socket_nss.h" | 19 #include "net/socket/ssl_client_socket_nss.h" |
| 18 #elif defined(OS_MACOSX) | 20 #elif defined(OS_MACOSX) |
| 19 #include "net/socket/ssl_client_socket_mac.h" | 21 #include "net/socket/ssl_client_socket_mac.h" |
| 20 #include "net/socket/ssl_client_socket_nss.h" | 22 #include "net/socket/ssl_client_socket_nss.h" |
| 21 #endif | 23 #endif |
| 22 #include "net/socket/ssl_host_info.h" | 24 #include "net/socket/ssl_host_info.h" |
| 23 #include "net/socket/tcp_client_socket.h" | 25 #include "net/socket/tcp_client_socket.h" |
| 24 #include "net/udp/udp_client_socket.h" | 26 #include "net/udp/udp_client_socket.h" |
| 25 | 27 |
| 26 namespace net { | 28 namespace net { |
| 27 | 29 |
| 28 class X509Certificate; | 30 class X509Certificate; |
| 29 | 31 |
| 30 namespace { | 32 namespace { |
| 31 | 33 |
| 32 bool g_use_system_ssl = false; | 34 bool g_use_system_ssl = false; |
| 33 | 35 |
| 36 // ChromeOS uses a hardware TPM module that may cause NSS operations to |
| 37 // block for upwards of several seconds. To avoid blocking all network and |
| 38 // IPC activity, run NSS SSL functions on a dedicated thread. |
| 39 #if defined(OS_CHROMEOS) |
| 40 bool g_use_dedicated_nss_thread = true; |
| 41 #else |
| 42 bool g_use_dedicated_nss_thread = false; |
| 43 #endif |
| 44 |
| 34 class DefaultClientSocketFactory : public ClientSocketFactory, | 45 class DefaultClientSocketFactory : public ClientSocketFactory, |
| 35 public CertDatabase::Observer { | 46 public CertDatabase::Observer { |
| 36 public: | 47 public: |
| 37 DefaultClientSocketFactory() { | 48 DefaultClientSocketFactory() |
| 49 : nss_task_runner_(base::ThreadTaskRunnerHandle::Get()) { |
| 50 if (g_use_dedicated_nss_thread) { |
| 51 nss_thread_.reset(new base::Thread("NSS SSL Thread")); |
| 52 if (nss_thread_->Start()) |
| 53 nss_task_runner_ = nss_thread_->message_loop_proxy(); |
| 54 } |
| 55 |
| 38 CertDatabase::AddObserver(this); | 56 CertDatabase::AddObserver(this); |
| 39 } | 57 } |
| 40 | 58 |
| 41 virtual ~DefaultClientSocketFactory() { | 59 virtual ~DefaultClientSocketFactory() { |
| 60 // Note: This code never runs, as the factory is defined as a Leaky |
| 61 // singleton. |
| 42 CertDatabase::RemoveObserver(this); | 62 CertDatabase::RemoveObserver(this); |
| 43 } | 63 } |
| 44 | 64 |
| 45 virtual void OnUserCertAdded(const X509Certificate* cert) { | 65 virtual void OnUserCertAdded(const X509Certificate* cert) { |
| 46 ClearSSLSessionCache(); | 66 ClearSSLSessionCache(); |
| 47 } | 67 } |
| 48 | 68 |
| 49 virtual void OnCertTrustChanged(const X509Certificate* cert) { | 69 virtual void OnCertTrustChanged(const X509Certificate* cert) { |
| 50 // Per wtc, we actually only need to flush when trust is reduced. | 70 // Per wtc, we actually only need to flush when trust is reduced. |
| 51 // Always flush now because OnCertTrustChanged does not tell us this. | 71 // Always flush now because OnCertTrustChanged does not tell us this. |
| (...skipping 17 matching lines...) Expand all Loading... |
| 69 } | 89 } |
| 70 | 90 |
| 71 virtual SSLClientSocket* CreateSSLClientSocket( | 91 virtual SSLClientSocket* CreateSSLClientSocket( |
| 72 ClientSocketHandle* transport_socket, | 92 ClientSocketHandle* transport_socket, |
| 73 const HostPortPair& host_and_port, | 93 const HostPortPair& host_and_port, |
| 74 const SSLConfig& ssl_config, | 94 const SSLConfig& ssl_config, |
| 75 SSLHostInfo* ssl_host_info, | 95 SSLHostInfo* ssl_host_info, |
| 76 const SSLClientSocketContext& context) { | 96 const SSLClientSocketContext& context) { |
| 77 scoped_ptr<SSLHostInfo> shi(ssl_host_info); | 97 scoped_ptr<SSLHostInfo> shi(ssl_host_info); |
| 78 | 98 |
| 79 #if defined(OS_WIN) | 99 #if defined(USE_OPENSSL) |
| 100 return new SSLClientSocketOpenSSL(transport_socket, host_and_port, |
| 101 ssl_config, context); |
| 102 #elif defined(USE_NSS) |
| 103 return new SSLClientSocketNSS(nss_task_runner_, transport_socket, |
| 104 host_and_port, ssl_config, shi.release(), |
| 105 context); |
| 106 #elif defined(OS_WIN) |
| 80 if (g_use_system_ssl) { | 107 if (g_use_system_ssl) { |
| 81 return new SSLClientSocketWin(transport_socket, host_and_port, | 108 return new SSLClientSocketWin(transport_socket, host_and_port, |
| 82 ssl_config, context); | 109 ssl_config, context); |
| 83 } | 110 } |
| 84 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | 111 return new SSLClientSocketNSS(nss_task_runner_, transport_socket, |
| 85 shi.release(), context); | 112 host_and_port, ssl_config, shi.release(), |
| 86 #elif defined(USE_OPENSSL) | 113 context); |
| 87 return new SSLClientSocketOpenSSL(transport_socket, host_and_port, | |
| 88 ssl_config, context); | |
| 89 #elif defined(USE_NSS) | |
| 90 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | |
| 91 shi.release(), context); | |
| 92 #elif defined(OS_MACOSX) | 114 #elif defined(OS_MACOSX) |
| 93 if (g_use_system_ssl) { | 115 if (g_use_system_ssl) { |
| 94 return new SSLClientSocketMac(transport_socket, host_and_port, | 116 return new SSLClientSocketMac(transport_socket, host_and_port, |
| 95 ssl_config, context); | 117 ssl_config, context); |
| 96 } | 118 } |
| 97 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | 119 return new SSLClientSocketNSS(nss_task_runner_, transport_socket, |
| 98 shi.release(), context); | 120 host_and_port, ssl_config, shi.release(), |
| 121 context); |
| 99 #else | 122 #else |
| 100 NOTIMPLEMENTED(); | 123 NOTIMPLEMENTED(); |
| 101 return NULL; | 124 return NULL; |
| 102 #endif | 125 #endif |
| 103 } | 126 } |
| 104 | 127 |
| 105 void ClearSSLSessionCache() { | 128 void ClearSSLSessionCache() { |
| 106 SSLClientSocket::ClearSessionCache(); | 129 SSLClientSocket::ClearSessionCache(); |
| 107 } | 130 } |
| 108 | 131 |
| 132 private: |
| 133 scoped_ptr<base::Thread> nss_thread_; |
| 134 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner_; |
| 109 }; | 135 }; |
| 110 | 136 |
| 111 static base::LazyInstance<DefaultClientSocketFactory> | 137 static base::LazyInstance<DefaultClientSocketFactory>::Leaky |
| 112 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER; | 138 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER; |
| 113 | 139 |
| 114 } // namespace | 140 } // namespace |
| 115 | 141 |
| 116 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. | 142 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. |
| 117 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( | 143 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( |
| 118 StreamSocket* transport_socket, | 144 StreamSocket* transport_socket, |
| 119 const HostPortPair& host_and_port, | 145 const HostPortPair& host_and_port, |
| 120 const SSLConfig& ssl_config, | 146 const SSLConfig& ssl_config, |
| 121 SSLHostInfo* ssl_host_info, | 147 SSLHostInfo* ssl_host_info, |
| (...skipping 16 matching lines...) Expand all Loading... |
| 138 #if defined(OS_WIN) | 164 #if defined(OS_WIN) |
| 139 // Reflect the capability of SSLClientSocketWin. | 165 // Reflect the capability of SSLClientSocketWin. |
| 140 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); | 166 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); |
| 141 #elif defined(OS_MACOSX) | 167 #elif defined(OS_MACOSX) |
| 142 // Reflect the capability of SSLClientSocketMac. | 168 // Reflect the capability of SSLClientSocketMac. |
| 143 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); | 169 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); |
| 144 #endif | 170 #endif |
| 145 } | 171 } |
| 146 | 172 |
| 147 } // namespace net | 173 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10454066:
Move the core state machine of SSLClientSocketNSS into a thread-safe Core (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src