Index: net/quic/quic_stream_factory.h |
diff --git a/net/quic/quic_stream_factory.h b/net/quic/quic_stream_factory.h |
index 4be260fcdde9eed1c3c6624513669875689844c4..e31e5de9e439338b330c4a78f48a8c2b6aa3d9bb 100644 |
--- a/net/quic/quic_stream_factory.h |
+++ b/net/quic/quic_stream_factory.h |
@@ -185,6 +185,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
int idle_connection_timeout_seconds, |
bool migrate_sessions_on_network_change, |
bool migrate_sessions_early, |
+ bool race_cert_verification, |
const QuicTagVector& connection_options, |
bool enable_token_binding); |
~QuicStreamFactory() override; |
@@ -351,6 +352,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
private: |
class Job; |
+ class CertVerifierJob; |
friend class test::QuicStreamFactoryPeer; |
FRIEND_TEST_ALL_PREFIXES(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad); |
@@ -368,6 +370,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
typedef std::map<QuicServerId, RequestSet> ServerIDRequestsMap; |
typedef std::deque<enum QuicChromiumClientSession::QuicDisabledReason> |
DisabledReasonsQueue; |
+ typedef std::map<QuicServerId, CertVerifierJob*> CertVerifierJobMap; |
enum FactoryStatus { |
OPEN, // New streams may be created. |
@@ -387,8 +390,10 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
bool OnResolution(const QuicSessionKey& key, const AddressList& address_list); |
void OnJobComplete(Job* job, int rv); |
+ void OnCertVerifyJobComplete(CertVerifierJob* job, int rv); |
bool HasActiveSession(const QuicServerId& server_id) const; |
bool HasActiveJob(const QuicServerId& server_id) const; |
+ bool HasActiveCertVerifierJob(const QuicServerId& server_id) const; |
int CreateSession(const QuicSessionKey& key, |
int cert_verify_flags, |
std::unique_ptr<QuicServerInfo> quic_server_info, |
@@ -410,6 +415,12 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
bool CryptoConfigCacheIsEmpty(const QuicServerId& server_id); |
+ // Starts an asynchronous job for cert verification if certs have to be |
+ // verified. |
+ void StartCertVerifyJob(const QuicServerId& server_id, |
+ int cert_verify_flags, |
+ const BoundNetLog& net_log); |
+ |
// Initializes the cached state associated with |server_id| in |
// |crypto_config_| with the information in |server_info|. Populates |
// |connection_id| with the next server designated connection id, |
@@ -477,6 +488,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
ServerIDRequestsMap job_requests_map_; |
RequestMap active_requests_; |
+ CertVerifierJobMap active_cert_verifier_jobs_; |
+ |
QuicVersionVector supported_versions_; |
// Determine if we should consistently select a client UDP port. If false, |
@@ -559,6 +572,9 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
// experiences poor connectivity. |
const bool migrate_sessions_early_; |
+ // Set if we do want to race cert verification with host resolution. |
+ const bool race_cert_verification_; |
+ |
// Each profile will (probably) have a unique port_seed_ value. This value |
// is used to help seed a pseudo-random number generator (PortSuggester) so |
// that we consistently (within this profile) suggest the same ephemeral |