net/socket/client_socket_factory.cc - Issue 10454066: Move the core state machine of SSLClientSocketNSS into a thread-safe Core

Side by Side Diff: net/socket/client_socket_factory.cc

Issue 10454066: Move the core state machine of SSLClientSocketNSS into a thread-safe Core (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Review feedback Created 8 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/socket/client_socket_factory.h"	5 #include "net/socket/client_socket_factory.h"

6	6

7 #include "base/lazy_instance.h"	7 #include "base/lazy_instance.h"

	8 #include "base/thread_task_runner_handle.h"

	9 #include "base/threading/thread.h"

8 #include "build/build_config.h"	10 #include "build/build_config.h"

9 #include "net/base/cert_database.h"	11 #include "net/base/cert_database.h"

10 #include "net/socket/client_socket_handle.h"	12 #include "net/socket/client_socket_handle.h"

11 #if defined(OS_WIN)	13 #if defined(OS_WIN)

12 #include "net/socket/ssl_client_socket_nss.h"	14 #include "net/socket/ssl_client_socket_nss.h"

13 #include "net/socket/ssl_client_socket_win.h"	15 #include "net/socket/ssl_client_socket_win.h"

14 #elif defined(USE_OPENSSL)	16 #elif defined(USE_OPENSSL)

15 #include "net/socket/ssl_client_socket_openssl.h"	17 #include "net/socket/ssl_client_socket_openssl.h"

16 #elif defined(USE_NSS)	18 #elif defined(USE_NSS)

17 #include "net/socket/ssl_client_socket_nss.h"	19 #include "net/socket/ssl_client_socket_nss.h"

18 #elif defined(OS_MACOSX)	20 #elif defined(OS_MACOSX)

19 #include "net/socket/ssl_client_socket_mac.h"	21 #include "net/socket/ssl_client_socket_mac.h"

20 #include "net/socket/ssl_client_socket_nss.h"	22 #include "net/socket/ssl_client_socket_nss.h"

21 #endif	23 #endif

22 #include "net/socket/ssl_host_info.h"	24 #include "net/socket/ssl_host_info.h"

23 #include "net/socket/tcp_client_socket.h"	25 #include "net/socket/tcp_client_socket.h"

24 #include "net/udp/udp_client_socket.h"	26 #include "net/udp/udp_client_socket.h"

25	27

26 namespace net {	28 namespace net {

27	29

28 class X509Certificate;	30 class X509Certificate;

29	31

30 namespace {	32 namespace {

31	33

32 bool g_use_system_ssl = false;	34 bool g_use_system_ssl = false;

33	35

	36 // ChromeOS uses a hardware TPM module that may cause NSS operations to

	37 // block for upwards of several seconds. To avoid blocking all network and

	38 // IPC activity, run NSS SSL functions on a dedicated thread.

	39 #if defined(OS_CHROMEOS)

	40 bool g_use_dedicated_nss_thread = true;

	41 #else

	42 bool g_use_dedicated_nss_thread = false;

	43 #endif

	44

34 class DefaultClientSocketFactory : public ClientSocketFactory,	45 class DefaultClientSocketFactory : public ClientSocketFactory,

35 public CertDatabase::Observer {	46 public CertDatabase::Observer {

36 public:	47 public:

37 DefaultClientSocketFactory() {	48 DefaultClientSocketFactory() {

	49 if (g_use_dedicated_nss_thread) {

	50 nss_thread_.reset(new base::Thread("NSS SSL Thread"));

	51 nss_thread_->Start();
	wtc 2012/06/01 01:02:38 This creates a thread with MessageLoop::TYPE_DEFAU This creates a thread with MessageLoop::TYPE_DEFAULT, right? Just wanted to confirm it. Ryan Sleevi 2012/06/01 01:30:04 Yes. This is why I need to test on the other plat Show quoted text On 2012/06/01 01:02:38, wtc wrote: > > This creates a thread with MessageLoop::TYPE_DEFAULT, right? > Just wanted to confirm it. Yes. This is why I need to test on the other platforms (will Windows require a MessageLoopForUI, because of the possible prompting, and will OS X require a MessageLoopForUI so that there is a CFRunLoop to receive Security.framework notifications/UI prompts)
	52 }

	53

38 CertDatabase::AddObserver(this);	54 CertDatabase::AddObserver(this);

39 }	55 }

40	56

41 virtual ~DefaultClientSocketFactory() {	57 virtual ~DefaultClientSocketFactory() {

42 CertDatabase::RemoveObserver(this);	58 CertDatabase::RemoveObserver(this);

43 }	59 }

44	60

45 virtual void OnUserCertAdded(const X509Certificate* cert) {	61 virtual void OnUserCertAdded(const X509Certificate* cert) {

46 ClearSSLSessionCache();	62 ClearSSLSessionCache();

47 }	63 }

(...skipping 21 matching lines...) Expand all Loading...
69 }	85 }

70	86

71 virtual SSLClientSocket* CreateSSLClientSocket(	87 virtual SSLClientSocket* CreateSSLClientSocket(

72 ClientSocketHandle* transport_socket,	88 ClientSocketHandle* transport_socket,

73 const HostPortPair& host_and_port,	89 const HostPortPair& host_and_port,

74 const SSLConfig& ssl_config,	90 const SSLConfig& ssl_config,

75 SSLHostInfo* ssl_host_info,	91 SSLHostInfo* ssl_host_info,

76 const SSLClientSocketContext& context) {	92 const SSLClientSocketContext& context) {

77 scoped_ptr<SSLHostInfo> shi(ssl_host_info);	93 scoped_ptr<SSLHostInfo> shi(ssl_host_info);

78	94

79 #if defined(OS_WIN)	95 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner(

	96 base::ThreadTaskRunnerHandle::Get());
	willchan no longer on Chromium 2012/06/04 16:50:38 How about changing this to be acquired once in the How about changing this to be acquired once in the constructor? I think this makes more sense, since I could foresee in the future actually passing this into the constructor. Ryan Sleevi 2012/06/06 00:57:06 Undid this change. Unit tests may change the curre Show quoted text On 2012/06/04 16:50:38, willchan wrote: > How about changing this to be acquired once in the constructor? I think this > makes more sense, since I could foresee in the future actually passing this into > the constructor. Undid this change. Unit tests may change the current thread's task runner. Turns out this happens in content_unittests, but not net_unittests. Go figure. I am caching the thread's MLP, and I agree, we may wish to pass this in the ctor in the future, although as my comments to wtc (comment #2/#3) indicate, I think the higher up we pass the buck, the more complicated the state becomes, and the whole "NSS on one thread or two" is really implementation-specific.
	97

	98 if (g_use_dedicated_nss_thread && nss_thread_->message_loop_proxy())

	99 nss_task_runner = nss_thread_->message_loop_proxy();

	100

	101 #if defined(USE_OPENSSL)

	102 return new SSLClientSocketOpenSSL(transport_socket, host_and_port,

	103 ssl_config, context);

	104 #elif defined(USE_NSS)

	105 return new SSLClientSocketNSS(nss_task_runner, transport_socket,

	106 host_and_port, ssl_config, shi.release(),

	107 context);

	108 #elif defined(OS_WIN)

80 if (g_use_system_ssl) {	109 if (g_use_system_ssl) {

81 return new SSLClientSocketWin(transport_socket, host_and_port,	110 return new SSLClientSocketWin(transport_socket, host_and_port,

82 ssl_config, context);	111 ssl_config, context);

83 }	112 }

84 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,	113 return new SSLClientSocketNSS(nss_task_runner, transport_socket,

85 shi.release(), context);	114 host_and_port, ssl_config, shi.release(),

86 #elif defined(USE_OPENSSL)	115 context);

87 return new SSLClientSocketOpenSSL(transport_socket, host_and_port,

88 ssl_config, context);

89 #elif defined(USE_NSS)

90 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,

91 shi.release(), context);

92 #elif defined(OS_MACOSX)	116 #elif defined(OS_MACOSX)

93 if (g_use_system_ssl) {	117 if (g_use_system_ssl) {

94 return new SSLClientSocketMac(transport_socket, host_and_port,	118 return new SSLClientSocketMac(transport_socket, host_and_port,

95 ssl_config, context);	119 ssl_config, context);

96 }	120 }

97 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,	121 return new SSLClientSocketNSS(nss_task_runner, transport_socket,

98 shi.release(), context);	122 host_and_port, ssl_config, shi.release(),

	123 context);

99 #else	124 #else

100 NOTIMPLEMENTED();	125 NOTIMPLEMENTED();

101 return NULL;	126 return NULL;

102 #endif	127 #endif

103 }	128 }

104	129

105 void ClearSSLSessionCache() {	130 void ClearSSLSessionCache() {

106 SSLClientSocket::ClearSessionCache();	131 SSLClientSocket::ClearSessionCache();

107 }	132 }

108	133

	134 private:

	135 scoped_ptr<base::Thread> nss_thread_;

109 };	136 };

110	137

111 static base::LazyInstance<DefaultClientSocketFactory>	138 static base::LazyInstance<DefaultClientSocketFactory>

112 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER;	139 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER;

113	140

114 } // namespace	141 } // namespace

115	142

116 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket.	143 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket.

117 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket(	144 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket(

118 StreamSocket* transport_socket,	145 StreamSocket* transport_socket,

(...skipping 19 matching lines...) Expand all Loading...
138 #if defined(OS_WIN)	165 #if defined(OS_WIN)

139 // Reflect the capability of SSLClientSocketWin.	166 // Reflect the capability of SSLClientSocketWin.

140 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1);	167 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1);

141 #elif defined(OS_MACOSX)	168 #elif defined(OS_MACOSX)

142 // Reflect the capability of SSLClientSocketMac.	169 // Reflect the capability of SSLClientSocketMac.

143 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1);	170 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1);

144 #endif	171 #endif

145 }	172 }

146	173

147 } // namespace net	174 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/socket/ssl_client_socket_nss.h » ('j') | net/socket/ssl_client_socket_nss.h » ('J')