Index: net/quic/chromium/quic_stream_factory.h |
diff --git a/net/quic/chromium/quic_stream_factory.h b/net/quic/chromium/quic_stream_factory.h |
index 35a6ac304492aba3b70802674293d75408f2ff9c..fad86dfbc8ac7a3f5ff4f4436471c19b08bcd2d2 100644 |
--- a/net/quic/chromium/quic_stream_factory.h |
+++ b/net/quic/chromium/quic_stream_factory.h |
@@ -194,6 +194,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
bool migrate_sessions_early, |
bool allow_server_migration, |
bool force_hol_blocking, |
+ bool race_cert_verification, |
const QuicTagVector& connection_options, |
bool enable_token_binding); |
~QuicStreamFactory() override; |
@@ -373,6 +374,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
private: |
class Job; |
+ class CertVerifierJob; |
friend class test::QuicStreamFactoryPeer; |
FRIEND_TEST_ALL_PREFIXES(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad); |
@@ -390,6 +392,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
typedef std::map<QuicServerId, RequestSet> ServerIDRequestsMap; |
typedef std::deque<enum QuicChromiumClientSession::QuicDisabledReason> |
DisabledReasonsQueue; |
+ typedef std::map<QuicServerId, std::unique_ptr<CertVerifierJob>> |
+ CertVerifierJobMap; |
enum FactoryStatus { |
OPEN, // New streams may be created. |
@@ -409,8 +413,10 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
bool OnResolution(const QuicSessionKey& key, const AddressList& address_list); |
void OnJobComplete(Job* job, int rv); |
+ void OnCertVerifyJobComplete(CertVerifierJob* job, int rv); |
bool HasActiveSession(const QuicServerId& server_id) const; |
bool HasActiveJob(const QuicServerId& server_id) const; |
+ bool HasActiveCertVerifierJob(const QuicServerId& server_id) const; |
int CreateSession(const QuicSessionKey& key, |
int cert_verify_flags, |
std::unique_ptr<QuicServerInfo> quic_server_info, |
@@ -432,6 +438,13 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
bool CryptoConfigCacheIsEmpty(const QuicServerId& server_id); |
+ // Starts an asynchronous job for cert verification if |
+ // |race_cert_verification_| is enabled and if there are cached certs for the |
+ // given |server_id|. |
+ QuicAsyncStatus StartCertVerifyJob(const QuicServerId& server_id, |
+ int cert_verify_flags, |
+ const BoundNetLog& net_log); |
+ |
// Initializes the cached state associated with |server_id| in |
// |crypto_config_| with the information in |server_info|. Populates |
// |connection_id| with the next server designated connection id, |
@@ -509,6 +522,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
ServerIDRequestsMap job_requests_map_; |
RequestMap active_requests_; |
+ CertVerifierJobMap active_cert_verifier_jobs_; |
+ |
QuicVersionVector supported_versions_; |
// Determine if we should consistently select a client UDP port. If false, |
@@ -598,6 +613,9 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
// If set, force HOL blocking. For measurement purposes. |
const bool force_hol_blocking_; |
+ // Set if cert verification is to be raced with host resolution. |
+ bool race_cert_verification_; |
+ |
// Each profile will (probably) have a unique port_seed_ value. This value |
// is used to help seed a pseudo-random number generator (PortSuggester) so |
// that we consistently (within this profile) suggest the same ephemeral |