Issue 8857002: net: split the SSL session cache between incognito and normal.

Issue 8857002: net: split the SSL session cache between incognito and normal. (Closed)

Created:
9 years ago by agl

Modified:
9 years ago

Reviewers:
joth, wtc, Ryan Sleevi

CC:
chromium-reviews, pam+watch_chromium.org, cbentzel+watch_chromium.org, darin-cc_chromium.org, Paweł Hajdan Jr.

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

net: split the SSL session cache between incognito and normal. This change causes incognito requests to effectively have a different SSL session cache from other requests. SSL session information will therefore not leak into or out of incognito mode. BUG=30877 TEST=net_unittests Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=114098

Patch Set 1 #

Patch Set 2 : ... #

Total comments: 22

Patch Set 3 : ... #

Total comments: 1

Created: 9 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+332 lines, -65 lines)			Patch
M	chrome/browser/profiles/off_the_record_profile_io_data.cc	View	1 2	2 chunks	+6 lines, -0 lines	1 comment	Download
M	chrome/browser/profiles/profile_impl_io_data.cc	View	1 2	1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/shell/shell_url_request_context_getter.cc	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/http/http_cache.h	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/http/http_cache.cc	View	1 2	4 chunks	+4 lines, -0 lines	0 comments	Download
M	net/http/http_network_session.h	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/http/http_network_session.cc	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/http/http_network_transaction_unittest.cc	View	1 2	1 chunk	+1 line, -1 line	0 comments	Download
M	net/http/http_proxy_client_socket_pool_unittest.cc	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/http/http_stream_factory_impl_unittest.cc	View		1 chunk	+1 line, -1 line	0 comments	Download
M	net/net.gyp	View	1 2	2 chunks	+0 lines, -2 lines	0 comments	Download
M	net/socket/client_socket_factory.cc	View	1	1 chunk	+1 line, -15 lines	0 comments	Download
M	net/socket/client_socket_pool_manager_impl.h	View	1 2	2 chunks	+2 lines, -0 lines	0 comments	Download
M	net/socket/client_socket_pool_manager_impl.cc	View	1 2	5 chunks	+5 lines, -0 lines	0 comments	Download
M	net/socket/ssl_client_socket.h	View	1 2	2 chunks	+12 lines, -2 lines	0 comments	Download
M	net/socket/ssl_client_socket_nss.h	View	1 2	2 chunks	+5 lines, -2 lines	0 comments	Download
M	net/socket/ssl_client_socket_nss.cc	View	1 2	3 chunks	+9 lines, -1 line	0 comments	Download
M	net/socket/ssl_client_socket_nss_unittest.cc	View	1 2	1 chunk	+0 lines, -17 lines	0 comments	Download
M	net/socket/ssl_client_socket_openssl.h	View	1 2	2 chunks	+7 lines, -0 lines	0 comments	Download
M	net/socket/ssl_client_socket_openssl.cc	View	1 2	10 chunks	+51 lines, -17 lines	0 comments	Download
M	net/socket/ssl_client_socket_pool.h	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/socket/ssl_client_socket_pool.cc	View	1 2	2 chunks	+3 lines, -1 line	0 comments	Download
M	net/socket/ssl_client_socket_pool_unittest.cc	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/socket/ssl_client_socket_unittest.cc	View	1 2	1 chunk	+6 lines, -0 lines	0 comments	Download
M	net/test/test_server.h	View	1 2	1 chunk	+5 lines, -0 lines	0 comments	Download
M	net/test/test_server.cc	View		2 chunks	+7 lines, -2 lines	0 comments	Download
M	net/tools/testserver/testserver.py	View	1 2	7 chunks	+46 lines, -3 lines	0 comments	Download
M	net/url_request/url_request_unittest.cc	View	1 2	3 chunks	+149 lines, -0 lines	0 comments	Download
M	webkit/tools/test_shell/test_shell_request_context.cc	View	1 2	1 chunk	+3 lines, -1 line	0 comments	Download

Messages

Total messages: 10 (0 generated)

Expand Messages | Collapse Messages

willchan no longer on Chromium

I think this is fine, although as discussed offline, it may be the case that ...

9 years ago (2011-12-07 21:21:31 UTC) #2

agl

joth: please note the OpenSSL changes that I made. wtc: just an FYI really. The ...

9 years ago (2011-12-09 20:54:18 UTC) #3

joth

openssl bit lgtm with minor comments http://codereview.chromium.org/8857002/diff/3001/chrome/browser/profiles/off_the_record_profile_io_data.cc File chrome/browser/profiles/off_the_record_profile_io_data.cc (right): http://codereview.chromium.org/8857002/diff/3001/chrome/browser/profiles/off_the_record_profile_io_data.cc#newcode206 chrome/browser/profiles/off_the_record_profile_io_data.cc:206: // cache with ...

9 years ago (2011-12-09 23:28:37 UTC) #4

wtc

Patch Set 2 LGTM. Thanks! High-level comments: 1. I didn't review the openssl code and ...

9 years ago (2011-12-10 01:22:37 UTC) #5

agl

http://codereview.chromium.org/8857002/diff/3001/chrome/browser/profiles/off_the_record_profile_io_data.cc File chrome/browser/profiles/off_the_record_profile_io_data.cc (right): http://codereview.chromium.org/8857002/diff/3001/chrome/browser/profiles/off_the_record_profile_io_data.cc#newcode206 chrome/browser/profiles/off_the_record_profile_io_data.cc:206: // cache with the rest of the browser. On ...

9 years ago (2011-12-12 22:18:20 UTC) #6

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/agl@chromium.org/8857002/14001

9 years ago (2011-12-12 22:18:33 UTC) #7

commit-bot: I haz the power

Presubmit check for 8857002-14001 failed and returned exit status 1. Running presubmit commit checks ...

9 years ago (2011-12-12 22:18:50 UTC) #8

Ryan Sleevi

post-review drive-by: This doesn't touch SSLClientSocketWin/SSLClientSocketMac - are they a concern? Have we reached the ...

9 years ago (2011-12-12 23:07:06 UTC) #9

agl

9 years ago (2011-12-12 23:21:37 UTC) #10

On Mon, Dec 12, 2011 at 6:07 PM,  <rsleevi@chromium.org> wrote:
> This doesn't touch SSLClientSocketWin/SSLClientSocketMac - are they a
> concern?
> Have we reached the point of not wanting to maintain them (or maintain
> parity)?

We long ago stopped maintaining parity, although I've of course no
objections to patches to improve them.

>  - Support on _win.cc (which uses the cred handle as the primary session
> cache,
> which may necessitate exposing this as an object rather than a string)

No problem. Changing the type of the ssl_session_cache_shard wouldn't
be too bad. (Although it shouldn't really be called _shard in that
case.)

>  - Support on _mac.cc (which uses an opaque string and thus could be easily
> adopted)

No problem.

>  - Support for multi-profile (correlates highly w/ support for incognito
> re-entrancy)

I talked to Miranda about this and decided not to do it.

We basically have a problem of defining what incognito mode and
multi-profiles are.

incognito mode was (is?) a means to avoid storing local, persistent
state on the machine. But then we implemented with a fresh cookie jar
and an in-memory HTTP cache, rather than read-only layers, so then it
sort of became more like a means to avoid *any* leak of state.

I didn't do this before because, since the session cache is never
written to disk, sharing it doesn't contradict the original incognito
mode purpose. But maybe we're now changing it? If we are, then we
shouldn't leak the (read-only) HSTS state either. (And, if Tor are
going to use it, then that answers that question.)

For multi-profiles, Miranda said the HTTP cache was split simply
because they didn't trust websites to get caching right, not for any
other reason. So I didn't split the SSL session cache for each
profile. Not that I really object to it, but the CL was long enough
already.

> agl: Once concern with using a fixed string like this is that entering,
> exiting, and then re-entering incognito mode will allow previously
> cached sessions to be returned - in essence, 'leaking' state between
> incognito sessions.

Yea, I dunno. What does incognito mode mean? Whether this is a problem
really depends on what Tor think about it.

Cheers

AGL

Expand Messages | Collapse Messages