net: split the SSL session cache between incognito and normal.

net/socket/ssl_client_socket.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_
 #pragma once
 
 #include <string>
 
@@ skipping 20 matching lines @@
   SSLClientSocketContext()
       : cert_verifier(NULL),
         origin_bound_cert_service(NULL),
         dns_cert_checker(NULL),
         ssl_host_info_factory(NULL) {}
 
   SSLClientSocketContext(CertVerifier* cert_verifier_arg,
                          OriginBoundCertService* origin_bound_cert_service_arg,
                          TransportSecurityState* transport_security_state_arg,
                          DnsCertProvenanceChecker* dns_cert_checker_arg,
-                         SSLHostInfoFactory* ssl_host_info_factory_arg)
+                         SSLHostInfoFactory* ssl_host_info_factory_arg,
+                         const std::string& ssl_session_cache_shard_arg)
       : cert_verifier(cert_verifier_arg),
         origin_bound_cert_service(origin_bound_cert_service_arg),
         transport_security_state(transport_security_state_arg),
         dns_cert_checker(dns_cert_checker_arg),
-        ssl_host_info_factory(ssl_host_info_factory_arg) {}
+        ssl_host_info_factory(ssl_host_info_factory_arg),
+        ssl_session_cache_shard(ssl_session_cache_shard_arg) {}
 
   CertVerifier* cert_verifier;
   OriginBoundCertService* origin_bound_cert_service;
   TransportSecurityState* transport_security_state;
   DnsCertProvenanceChecker* dns_cert_checker;
   SSLHostInfoFactory* ssl_host_info_factory;
+  // ssl_session_cache_shard is an opaque string that identifies a shard of the
+  // SSL session cache. SSL sockets with the same ssl_session_cache_shard may
+  // resume each other's SSL sessions but we'll never sessions between shards.
+  const std::string ssl_session_cache_shard;
 };
 
 // A client socket that uses SSL as the transport layer.
 //
 // NOTE: The SSL handshake occurs within the Connect method after a TCP
 // connection is established.  If a SSL error occurs during the handshake,
 // Connect will fail.
 //
 class NET_EXPORT SSLClientSocket : public SSLSocket {
  public:
@@ skipping 49 matching lines @@
 
   static const char* NextProtoStatusToString(
       const SSLClientSocket::NextProtoStatus status);
 
   // Can be used with the second argument(|server_protos|) of |GetNextProto| to
   // construct a comma separated string of server advertised protocols.
   static std::string ServerProtosToString(const std::string& server_protos);
 
   static bool IgnoreCertError(int error, int load_flags);
 
+  // ClearSessionCache clears the SSL session cache, used to resume SSL
+  // sessions.
+  static void ClearSessionCache();
+
   virtual bool was_npn_negotiated() const;
 
   virtual bool set_was_npn_negotiated(bool negotiated);
 
   virtual bool was_spdy_negotiated() const;
 
   virtual bool set_was_spdy_negotiated(bool negotiated);
 
   virtual SSLClientSocket::NextProto next_protocol_negotiated() const;
 
@@ skipping 15 matching lines @@
   bool was_spdy_negotiated_;
   // Protocol that we negotiated with the server.
   SSLClientSocket::NextProto next_protocol_;
   // True if an origin bound certificate was sent.
   bool was_origin_bound_cert_sent_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_H_