Index: net/quic/quic_stream_factory.h |
diff --git a/net/quic/quic_stream_factory.h b/net/quic/quic_stream_factory.h |
index 2f014d1242105c7ca6459381dd2b78bda8c7f588..880e0a0be6fb83ec2a972669b38fba1637061933 100644 |
--- a/net/quic/quic_stream_factory.h |
+++ b/net/quic/quic_stream_factory.h |
@@ -192,6 +192,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
int idle_connection_timeout_seconds, |
bool migrate_sessions_on_network_change, |
bool migrate_sessions_early, |
+ bool race_cert_verification, |
const QuicTagVector& connection_options, |
bool enable_token_binding); |
~QuicStreamFactory() override; |
@@ -364,6 +365,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
private: |
class Job; |
+ class CertVerifierJob; |
friend class test::QuicStreamFactoryPeer; |
FRIEND_TEST_ALL_PREFIXES(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad); |
@@ -381,6 +383,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
typedef std::map<QuicServerId, RequestSet> ServerIDRequestsMap; |
typedef std::deque<enum QuicChromiumClientSession::QuicDisabledReason> |
DisabledReasonsQueue; |
+ typedef std::map<QuicServerId, std::unique_ptr<CertVerifierJob>> |
+ CertVerifierJobMap; |
enum FactoryStatus { |
OPEN, // New streams may be created. |
@@ -400,8 +404,10 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
bool OnResolution(const QuicSessionKey& key, const AddressList& address_list); |
void OnJobComplete(Job* job, int rv); |
+ void OnCertVerifyJobComplete(CertVerifierJob* job, int rv); |
bool HasActiveSession(const QuicServerId& server_id) const; |
bool HasActiveJob(const QuicServerId& server_id) const; |
+ bool HasActiveCertVerifierJob(const QuicServerId& server_id) const; |
int CreateSession(const QuicSessionKey& key, |
int cert_verify_flags, |
std::unique_ptr<QuicServerInfo> quic_server_info, |
@@ -423,6 +429,13 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
bool CryptoConfigCacheIsEmpty(const QuicServerId& server_id); |
+ // Starts an asynchronous job for cert verification if |
+ // |race_cert_verification_| is enabled and if there are cached certs for the |
+ // given |server_id|. |
+ QuicAsyncStatus StartCertVerifyJob(const QuicServerId& server_id, |
+ int cert_verify_flags, |
+ const BoundNetLog& net_log); |
+ |
// Initializes the cached state associated with |server_id| in |
// |crypto_config_| with the information in |server_info|. Populates |
// |connection_id| with the next server designated connection id, |
@@ -490,6 +503,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
ServerIDRequestsMap job_requests_map_; |
RequestMap active_requests_; |
+ CertVerifierJobMap active_cert_verifier_jobs_; |
+ |
QuicVersionVector supported_versions_; |
// Determine if we should consistently select a client UDP port. If false, |
@@ -572,6 +587,9 @@ class NET_EXPORT_PRIVATE QuicStreamFactory |
// experiences poor connectivity. |
const bool migrate_sessions_early_; |
+ // Set if cert verification is to be raced with host resolution. |
+ bool race_cert_verification_; |
+ |
// Each profile will (probably) have a unique port_seed_ value. This value |
// is used to help seed a pseudo-random number generator (PortSuggester) so |
// that we consistently (within this profile) suggest the same ephemeral |