Unwind fallback metrics and SSLFailureState.

net/socket/ssl_client_socket_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_impl.h"
 
 #include <errno.h>
 #include <openssl/bio.h>
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
@@ skipping 30 matching lines @@
 #include "net/cert/ct_policy_status.h"
 #include "net/cert/ct_verifier.h"
 #include "net/cert/x509_certificate_net_log_param.h"
 #include "net/cert/x509_util_openssl.h"
 #include "net/http/transport_security_state.h"
 #include "net/ssl/scoped_openssl_types.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_client_session_cache.h"
 #include "net/ssl/ssl_connection_status_flags.h"
-#include "net/ssl/ssl_failure_state.h"
 #include "net/ssl/ssl_info.h"
 #include "net/ssl/ssl_private_key.h"
 #include "net/ssl/token_binding.h"
 
 #if !defined(OS_NACL)
 #include "net/ssl/ssl_key_logger.h"
 #endif
 
 #if defined(USE_NSS_CERTS)
 #include "net/cert_net/nss_ocsp.h"
@@ skipping 442 matching lines @@
       transport_(std::move(transport_socket)),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
       next_handshake_state_(STATE_NONE),
       disconnected_(false),
       npn_status_(kNextProtoUnsupported),
       channel_id_sent_(false),
       session_pending_(false),
       certificate_verified_(false),
-      ssl_failure_state_(SSL_FAILURE_NONE),
       signature_result_(kNoPendingResult),
       transport_security_state_(context.transport_security_state),
       policy_enforcer_(context.ct_policy_enforcer),
       pkp_bypassed_(false),
       net_log_(transport_->socket()->NetLog()),
       weak_factory_(this) {
   DCHECK(cert_verifier_);
   DCHECK(transport_security_state_);
   DCHECK(policy_enforcer_);
 }
@@ skipping 57 matching lines @@
     return ERR_FAILED;
 
   tb_signed_ekm_map_.Put(raw_public_key, *out);
   return OK;
 }
 
 crypto::ECPrivateKey* SSLClientSocketImpl::GetChannelIDKey() const {
   return channel_id_key_.get();
 }
 
-SSLFailureState SSLClientSocketImpl::GetSSLFailureState() const {
-  return ssl_failure_state_;
-}
-
 int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label,
                                               bool has_context,
                                               const base::StringPiece& context,
                                               unsigned char* out,
                                               unsigned int outlen) {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
 
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
@@ skipping 94 matching lines @@
   start_cert_verification_time_ = base::TimeTicks();
 
   npn_status_ = kNextProtoUnsupported;
   npn_proto_.clear();
 
   channel_id_sent_ = false;
   tb_was_negotiated_ = false;
   session_pending_ = false;
   certificate_verified_ = false;
   channel_id_request_.Cancel();
-  ssl_failure_state_ = SSL_FAILURE_NONE;
 
   signature_result_ = kNoPendingResult;
   signature_.clear();
 }
 
 bool SSLClientSocketImpl::IsConnected() const {
   // If the handshake has not yet completed.
   if (!completed_connect_)
     return false;
   // If an asynchronous operation is still pending.
@@ skipping 408 matching lines @@
       // If not done, stay in this state
       next_handshake_state_ = STATE_HANDSHAKE;
       return ERR_IO_PENDING;
     }
 
     LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code "
                << ssl_error << ", net_error " << net_error;
     net_log_.AddEvent(
         NetLog::TYPE_SSL_HANDSHAKE_ERROR,
         CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
-
-    // Classify the handshake failure. This is used to determine causes of the
-    // TLS version fallback.
-
-    // |cipher| is the current outgoing cipher suite, so it is non-null iff
-    // ChangeCipherSpec was sent.
-    const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
-    if (SSL_get_state(ssl_) == SSL3_ST_CR_SRVR_HELLO_A) {
-      ssl_failure_state_ = SSL_FAILURE_CLIENT_HELLO;
-    } else if (cipher && (SSL_CIPHER_get_id(cipher) ==
-                              TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
-                          SSL_CIPHER_get_id(cipher) ==
-                              TLS1_CK_RSA_WITH_AES_128_GCM_SHA256)) {
-      ssl_failure_state_ = SSL_FAILURE_BUGGY_GCM;
-    } else if (cipher && ssl_config_.send_client_cert) {
-      ssl_failure_state_ = SSL_FAILURE_CLIENT_AUTH;
-    } else if (ERR_GET_LIB(error_info.error_code) == ERR_LIB_SSL &&
-               ERR_GET_REASON(error_info.error_code) ==
-                   SSL_R_OLD_SESSION_VERSION_NOT_RETURNED) {
-      ssl_failure_state_ = SSL_FAILURE_SESSION_MISMATCH;
-    } else if (cipher && npn_status_ != kNextProtoUnsupported) {
-      ssl_failure_state_ = SSL_FAILURE_NEXT_PROTO;
-    } else {
-      ssl_failure_state_ = SSL_FAILURE_UNKNOWN;
-    }
   }
 
   next_handshake_state_ = STATE_HANDSHAKE_COMPLETE;
   return net_error;
 }
 
 int SSLClientSocketImpl::DoHandshakeComplete(int result) {
   if (result < 0)
     return result;
 
@@ skipping 1139 matching lines @@
   if (rv != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     return;
   }
 
   net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT,
                     base::Bind(&NetLogSSLInfoCallback, base::Unretained(this)));
 }
 
 }  // namespace net