OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/client_socket_factory.h" | 5 #include "net/socket/client_socket_factory.h" |
6 | 6 |
7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
8 #include "base/thread_task_runner_handle.h" | |
9 #include "base/threading/thread.h" | |
8 #include "build/build_config.h" | 10 #include "build/build_config.h" |
9 #include "net/base/cert_database.h" | 11 #include "net/base/cert_database.h" |
10 #include "net/socket/client_socket_handle.h" | 12 #include "net/socket/client_socket_handle.h" |
11 #if defined(OS_WIN) | 13 #if defined(OS_WIN) |
12 #include "net/socket/ssl_client_socket_nss.h" | 14 #include "net/socket/ssl_client_socket_nss.h" |
13 #include "net/socket/ssl_client_socket_win.h" | 15 #include "net/socket/ssl_client_socket_win.h" |
14 #elif defined(USE_OPENSSL) | 16 #elif defined(USE_OPENSSL) |
15 #include "net/socket/ssl_client_socket_openssl.h" | 17 #include "net/socket/ssl_client_socket_openssl.h" |
16 #elif defined(USE_NSS) | 18 #elif defined(USE_NSS) |
17 #include "net/socket/ssl_client_socket_nss.h" | 19 #include "net/socket/ssl_client_socket_nss.h" |
18 #elif defined(OS_MACOSX) | 20 #elif defined(OS_MACOSX) |
19 #include "net/socket/ssl_client_socket_mac.h" | 21 #include "net/socket/ssl_client_socket_mac.h" |
20 #include "net/socket/ssl_client_socket_nss.h" | 22 #include "net/socket/ssl_client_socket_nss.h" |
21 #endif | 23 #endif |
22 #include "net/socket/ssl_host_info.h" | 24 #include "net/socket/ssl_host_info.h" |
23 #include "net/socket/tcp_client_socket.h" | 25 #include "net/socket/tcp_client_socket.h" |
24 #include "net/udp/udp_client_socket.h" | 26 #include "net/udp/udp_client_socket.h" |
25 | 27 |
26 namespace net { | 28 namespace net { |
27 | 29 |
28 class X509Certificate; | 30 class X509Certificate; |
29 | 31 |
30 namespace { | 32 namespace { |
31 | 33 |
32 bool g_use_system_ssl = false; | 34 bool g_use_system_ssl = false; |
33 | 35 |
36 // ChromeOS uses a hardware TPM module that may cause NSS operations to | |
37 // block for upwards of several seconds. To avoid blocking all network and | |
38 // IPC activity, run NSS SSL functions on a dedicated thread. | |
39 #if defined(OS_CHROMEOS) | |
40 bool g_use_dedicated_nss_thread = true; | |
41 #else | |
42 bool g_use_dedicated_nss_thread = false; | |
43 #endif | |
44 | |
34 class DefaultClientSocketFactory : public ClientSocketFactory, | 45 class DefaultClientSocketFactory : public ClientSocketFactory, |
35 public CertDatabase::Observer { | 46 public CertDatabase::Observer { |
36 public: | 47 public: |
37 DefaultClientSocketFactory() { | 48 DefaultClientSocketFactory() { |
49 if (g_use_dedicated_nss_thread) { | |
50 nss_thread_.reset(new base::Thread("NSS SSL Thread")); | |
51 nss_thread_->Start(); | |
wtc
2012/06/01 01:02:38
This creates a thread with MessageLoop::TYPE_DEFAU
Ryan Sleevi
2012/06/01 01:30:04
Yes.
This is why I need to test on the other plat
| |
52 } | |
53 | |
38 CertDatabase::AddObserver(this); | 54 CertDatabase::AddObserver(this); |
39 } | 55 } |
40 | 56 |
41 virtual ~DefaultClientSocketFactory() { | 57 virtual ~DefaultClientSocketFactory() { |
42 CertDatabase::RemoveObserver(this); | 58 CertDatabase::RemoveObserver(this); |
43 } | 59 } |
44 | 60 |
45 virtual void OnUserCertAdded(const X509Certificate* cert) { | 61 virtual void OnUserCertAdded(const X509Certificate* cert) { |
46 ClearSSLSessionCache(); | 62 ClearSSLSessionCache(); |
47 } | 63 } |
(...skipping 21 matching lines...) Expand all Loading... | |
69 } | 85 } |
70 | 86 |
71 virtual SSLClientSocket* CreateSSLClientSocket( | 87 virtual SSLClientSocket* CreateSSLClientSocket( |
72 ClientSocketHandle* transport_socket, | 88 ClientSocketHandle* transport_socket, |
73 const HostPortPair& host_and_port, | 89 const HostPortPair& host_and_port, |
74 const SSLConfig& ssl_config, | 90 const SSLConfig& ssl_config, |
75 SSLHostInfo* ssl_host_info, | 91 SSLHostInfo* ssl_host_info, |
76 const SSLClientSocketContext& context) { | 92 const SSLClientSocketContext& context) { |
77 scoped_ptr<SSLHostInfo> shi(ssl_host_info); | 93 scoped_ptr<SSLHostInfo> shi(ssl_host_info); |
78 | 94 |
79 #if defined(OS_WIN) | 95 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner( |
96 base::ThreadTaskRunnerHandle::Get()); | |
willchan no longer on Chromium
2012/06/04 16:50:38
How about changing this to be acquired once in the
Ryan Sleevi
2012/06/06 00:57:06
Undid this change. Unit tests may change the curre
| |
97 | |
98 if (g_use_dedicated_nss_thread && nss_thread_->message_loop_proxy()) | |
99 nss_task_runner = nss_thread_->message_loop_proxy(); | |
100 | |
101 #if defined(USE_OPENSSL) | |
102 return new SSLClientSocketOpenSSL(transport_socket, host_and_port, | |
103 ssl_config, context); | |
104 #elif defined(USE_NSS) | |
105 return new SSLClientSocketNSS(nss_task_runner, transport_socket, | |
106 host_and_port, ssl_config, shi.release(), | |
107 context); | |
108 #elif defined(OS_WIN) | |
80 if (g_use_system_ssl) { | 109 if (g_use_system_ssl) { |
81 return new SSLClientSocketWin(transport_socket, host_and_port, | 110 return new SSLClientSocketWin(transport_socket, host_and_port, |
82 ssl_config, context); | 111 ssl_config, context); |
83 } | 112 } |
84 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | 113 return new SSLClientSocketNSS(nss_task_runner, transport_socket, |
85 shi.release(), context); | 114 host_and_port, ssl_config, shi.release(), |
86 #elif defined(USE_OPENSSL) | 115 context); |
87 return new SSLClientSocketOpenSSL(transport_socket, host_and_port, | |
88 ssl_config, context); | |
89 #elif defined(USE_NSS) | |
90 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | |
91 shi.release(), context); | |
92 #elif defined(OS_MACOSX) | 116 #elif defined(OS_MACOSX) |
93 if (g_use_system_ssl) { | 117 if (g_use_system_ssl) { |
94 return new SSLClientSocketMac(transport_socket, host_and_port, | 118 return new SSLClientSocketMac(transport_socket, host_and_port, |
95 ssl_config, context); | 119 ssl_config, context); |
96 } | 120 } |
97 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | 121 return new SSLClientSocketNSS(nss_task_runner, transport_socket, |
98 shi.release(), context); | 122 host_and_port, ssl_config, shi.release(), |
123 context); | |
99 #else | 124 #else |
100 NOTIMPLEMENTED(); | 125 NOTIMPLEMENTED(); |
101 return NULL; | 126 return NULL; |
102 #endif | 127 #endif |
103 } | 128 } |
104 | 129 |
105 void ClearSSLSessionCache() { | 130 void ClearSSLSessionCache() { |
106 SSLClientSocket::ClearSessionCache(); | 131 SSLClientSocket::ClearSessionCache(); |
107 } | 132 } |
108 | 133 |
134 private: | |
135 scoped_ptr<base::Thread> nss_thread_; | |
109 }; | 136 }; |
110 | 137 |
111 static base::LazyInstance<DefaultClientSocketFactory> | 138 static base::LazyInstance<DefaultClientSocketFactory> |
112 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER; | 139 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER; |
113 | 140 |
114 } // namespace | 141 } // namespace |
115 | 142 |
116 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. | 143 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. |
117 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( | 144 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( |
118 StreamSocket* transport_socket, | 145 StreamSocket* transport_socket, |
(...skipping 19 matching lines...) Expand all Loading... | |
138 #if defined(OS_WIN) | 165 #if defined(OS_WIN) |
139 // Reflect the capability of SSLClientSocketWin. | 166 // Reflect the capability of SSLClientSocketWin. |
140 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); | 167 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); |
141 #elif defined(OS_MACOSX) | 168 #elif defined(OS_MACOSX) |
142 // Reflect the capability of SSLClientSocketMac. | 169 // Reflect the capability of SSLClientSocketMac. |
143 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); | 170 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); |
144 #endif | 171 #endif |
145 } | 172 } |
146 | 173 |
147 } // namespace net | 174 } // namespace net |
OLD | NEW |