Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(416)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 8857002: net: split the SSL session cache between incognito and normal. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/socket/ssl_client_socket.h ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_nss_unittest.cc » ('j') | net/socket/ssl_client_socket_nss_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 442 matching lines...) Expand 10 before | Expand all | Expand 10 after
453 server_cert_nss_(NULL), 453 server_cert_nss_(NULL),
454 server_cert_verify_result_(NULL), 454 server_cert_verify_result_(NULL),
455 ssl_connection_status_(0), 455 ssl_connection_status_(0),
456 client_auth_cert_needed_(false), 456 client_auth_cert_needed_(false),
457 cert_verifier_(context.cert_verifier), 457 cert_verifier_(context.cert_verifier),
458 ob_cert_xtn_negotiated_(false), 458 ob_cert_xtn_negotiated_(false),
459 origin_bound_cert_service_(context.origin_bound_cert_service), 459 origin_bound_cert_service_(context.origin_bound_cert_service),
460 ob_cert_request_handle_(NULL), 460 ob_cert_request_handle_(NULL),
461 handshake_callback_called_(false), 461 handshake_callback_called_(false),
462 completed_handshake_(false), 462 completed_handshake_(false),
463 session_cache_shard_(context.session_cache_shard),
463 eset_mitm_detected_(false), 464 eset_mitm_detected_(false),
464 kaspersky_mitm_detected_(false), 465 kaspersky_mitm_detected_(false),
465 predicted_cert_chain_correct_(false), 466 predicted_cert_chain_correct_(false),
466 next_handshake_state_(STATE_NONE), 467 next_handshake_state_(STATE_NONE),
467 nss_fd_(NULL), 468 nss_fd_(NULL),
468 nss_bufs_(NULL), 469 nss_bufs_(NULL),
469 net_log_(transport_socket->socket()->NetLog()), 470 net_log_(transport_socket->socket()->NetLog()),
470 ssl_host_info_(ssl_host_info), 471 ssl_host_info_(ssl_host_info),
471 dns_cert_checker_(context.dns_cert_checker), 472 dns_cert_checker_(context.dns_cert_checker),
472 next_proto_status_(kNextProtoUnsupported), 473 next_proto_status_(kNextProtoUnsupported),
473 valid_thread_id_(base::kInvalidThreadId) { 474 valid_thread_id_(base::kInvalidThreadId) {
474 EnterFunction(""); 475 EnterFunction("");
475 } 476 }
476 477
477 SSLClientSocketNSS::~SSLClientSocketNSS() { 478 SSLClientSocketNSS::~SSLClientSocketNSS() {
478 EnterFunction(""); 479 EnterFunction("");
479 Disconnect(); 480 Disconnect();
480 LeaveFunction(""); 481 LeaveFunction("");
481 } 482 }
482 483
483 // static 484 // static
484 void SSLClientSocketNSS::ClearSessionCache() { 485 void SSLClientSocket::ClearSessionCache() {
485 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't 486 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't
486 // bother initializing NSS just to clear an empty SSL session cache. 487 // bother initializing NSS just to clear an empty SSL session cache.
487 if (!NSS_IsInitialized()) 488 if (!NSS_IsInitialized())
488 return; 489 return;
489 490
490 SSL_ClearSessionCache(); 491 SSL_ClearSessionCache();
491 } 492 }
492 493
493 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { 494 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
494 EnterFunction(""); 495 EnterFunction("");
(...skipping 627 matching lines...) Expand 10 before | Expand all | Expand 10 after
1122 // field at the beginning. PRNetAddr has a two-byte address 1123 // field at the beginning. PRNetAddr has a two-byte address
1123 // family field at the beginning. 1124 // family field at the beginning.
1124 peername.raw.family = ai->ai_addr->sa_family; 1125 peername.raw.family = ai->ai_addr->sa_family;
1125 1126
1126 memio_SetPeerName(nss_fd_, &peername); 1127 memio_SetPeerName(nss_fd_, &peername);
1127 1128
1128 // Set the peer ID for session reuse. This is necessary when we create an 1129 // Set the peer ID for session reuse. This is necessary when we create an
1129 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address 1130 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address
1130 // rather than the destination server's address in that case. 1131 // rather than the destination server's address in that case.
1131 std::string peer_id = host_and_port_.ToString(); 1132 std::string peer_id = host_and_port_.ToString();
1133 // If the session_cache_shard_ is non-empty, we append it to the peer id.
1134 // This will cause session cache misses between sockets with different values
1135 // of session_cache_shard_ and this is used to partition the session cache
1136 // for incognito mode.
1137 if (!session_cache_shard_.empty()) {
1138 peer_id += "/" + session_cache_shard_;
1139 }
1132 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); 1140 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
1133 if (rv != SECSuccess) 1141 if (rv != SECSuccess)
1134 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); 1142 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str());
1135 1143
1136 return OK; 1144 return OK;
1137 } 1145 }
1138 1146
1139 1147
1140 // Sets server_cert_ and server_cert_nss_ if not yet set. 1148 // Sets server_cert_ and server_cert_nss_ if not yet set.
1141 void SSLClientSocketNSS::UpdateServerCert() { 1149 void SSLClientSocketNSS::UpdateServerCert() {
(...skipping 1615 matching lines...) Expand 10 before | Expand all | Expand 10 after
2757 valid_thread_id_ = base::PlatformThread::CurrentId(); 2765 valid_thread_id_ = base::PlatformThread::CurrentId();
2758 } 2766 }
2759 2767
2760 bool SSLClientSocketNSS::CalledOnValidThread() const { 2768 bool SSLClientSocketNSS::CalledOnValidThread() const {
2761 EnsureThreadIdAssigned(); 2769 EnsureThreadIdAssigned();
2762 base::AutoLock auto_lock(lock_); 2770 base::AutoLock auto_lock(lock_);
2763 return valid_thread_id_ == base::PlatformThread::CurrentId(); 2771 return valid_thread_id_ == base::PlatformThread::CurrentId();
2764 } 2772 }
2765 2773
2766 } // namespace net 2774 } // namespace net
OLDNEW
« net/socket/ssl_client_socket.h ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_nss_unittest.cc » ('j') | net/socket/ssl_client_socket_nss_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698