net: split the SSL session cache between incognito and normal.

net/socket/ssl_client_socket.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_
 #pragma once
 
 #include <string>
 
@@ skipping 20 matching lines @@
   SSLClientSocketContext()
       : cert_verifier(NULL),
         origin_bound_cert_service(NULL),
         dns_cert_checker(NULL),
         ssl_host_info_factory(NULL) {}
 
   SSLClientSocketContext(CertVerifier* cert_verifier_arg,
                          OriginBoundCertService* origin_bound_cert_service_arg,
                          TransportSecurityState* transport_security_state_arg,
                          DnsCertProvenanceChecker* dns_cert_checker_arg,
-                         SSLHostInfoFactory* ssl_host_info_factory_arg)
+                         SSLHostInfoFactory* ssl_host_info_factory_arg,
+                         const std::string& session_cache_shard_arg)
       : cert_verifier(cert_verifier_arg),
         origin_bound_cert_service(origin_bound_cert_service_arg),
         transport_security_state(transport_security_state_arg),
         dns_cert_checker(dns_cert_checker_arg),
-        ssl_host_info_factory(ssl_host_info_factory_arg) {}
+        ssl_host_info_factory(ssl_host_info_factory_arg),
+        session_cache_shard(session_cache_shard_arg) {}
 
   CertVerifier* cert_verifier;
   OriginBoundCertService* origin_bound_cert_service;
   TransportSecurityState* transport_security_state;
   DnsCertProvenanceChecker* dns_cert_checker;
   SSLHostInfoFactory* ssl_host_info_factory;
+  // session_cache_shard is an opaque string that identifies a shard of the
+  // session cache. SSL sockets with the same session_cache_shard may resume

[wtc, 2011/12/10 01:22:37]

session cache => SSL session cache

[agl, 2011/12/12 22:18:20]

Done.

+  // each other's SSL sessions but we'll never sessions between shards.
+  const std::string session_cache_shard;
 };
 
 // A client socket that uses SSL as the transport layer.
 //
 // NOTE: The SSL handshake occurs within the Connect method after a TCP
 // connection is established.  If a SSL error occurs during the handshake,
 // Connect will fail.
 //
 class NET_EXPORT SSLClientSocket : public SSLSocket {
  public:
@@ skipping 48 matching lines @@
 
   static const char* NextProtoStatusToString(
       const SSLClientSocket::NextProtoStatus status);
 
   // Can be used with the second argument(|server_protos|) of |GetNextProto| to
   // construct a comma separated string of server advertised protocols.
   static std::string ServerProtosToString(const std::string& server_protos);
 
   static bool IgnoreCertError(int error, int load_flags);
 
+  // ClearSessionCache clears the SSL session cache, used to resume SSL
+  // sessions.
+  static void ClearSessionCache();
+
   virtual bool was_npn_negotiated() const;
 
   virtual bool set_was_npn_negotiated(bool negotiated);
 
   virtual bool was_spdy_negotiated() const;
 
   virtual bool set_was_spdy_negotiated(bool negotiated);
 
   // Returns true if an origin bound certificate was sent on this connection.
   // This may be useful for protocols, like SPDY, which allow the same
   // connection to be shared between multiple origins, each of which need
   // an origin bound certificate.
   virtual bool was_origin_bound_cert_sent() const;
 
   virtual bool set_was_origin_bound_cert_sent(bool sent);
 
  private:
   // True if NPN was responded to, independent of selecting SPDY or HTTP.
   bool was_npn_negotiated_;
   // True if NPN successfully negotiated SPDY.
   bool was_spdy_negotiated_;
   // True if an origin bound certificate was sent.
   bool was_origin_bound_cert_sent_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_H_