OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_pool.h" | 5 #include "net/socket/ssl_client_socket_pool.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
11 #include "base/feature_list.h" | |
11 #include "base/metrics/field_trial.h" | 12 #include "base/metrics/field_trial.h" |
12 #include "base/metrics/histogram_macros.h" | 13 #include "base/metrics/histogram_macros.h" |
13 #include "base/metrics/sparse_histogram.h" | 14 #include "base/metrics/sparse_histogram.h" |
14 #include "base/profiler/scoped_tracker.h" | 15 #include "base/profiler/scoped_tracker.h" |
15 #include "base/trace_event/trace_event.h" | 16 #include "base/trace_event/trace_event.h" |
16 #include "base/values.h" | 17 #include "base/values.h" |
17 #include "net/base/host_port_pair.h" | 18 #include "net/base/host_port_pair.h" |
18 #include "net/base/net_errors.h" | 19 #include "net/base/net_errors.h" |
19 #include "net/http/http_proxy_client_socket.h" | 20 #include "net/http/http_proxy_client_socket.h" |
20 #include "net/http/http_proxy_client_socket_pool.h" | 21 #include "net/http/http_proxy_client_socket_pool.h" |
21 #include "net/socket/client_socket_factory.h" | 22 #include "net/socket/client_socket_factory.h" |
22 #include "net/socket/client_socket_handle.h" | 23 #include "net/socket/client_socket_handle.h" |
23 #include "net/socket/socks_client_socket_pool.h" | 24 #include "net/socket/socks_client_socket_pool.h" |
24 #include "net/socket/ssl_client_socket.h" | 25 #include "net/socket/ssl_client_socket.h" |
25 #include "net/socket/transport_client_socket_pool.h" | 26 #include "net/socket/transport_client_socket_pool.h" |
26 #include "net/ssl/ssl_cert_request_info.h" | 27 #include "net/ssl/ssl_cert_request_info.h" |
27 #include "net/ssl/ssl_cipher_suite_names.h" | 28 #include "net/ssl/ssl_cipher_suite_names.h" |
28 #include "net/ssl/ssl_connection_status_flags.h" | 29 #include "net/ssl/ssl_connection_status_flags.h" |
29 #include "net/ssl/ssl_info.h" | 30 #include "net/ssl/ssl_info.h" |
30 | 31 |
31 namespace net { | 32 namespace net { |
32 | 33 |
34 namespace { | |
35 #if !defined(OS_NACL) | |
davidben
2016/07/29 12:26:58
#include "build/build_config.h" (assuming the comm
mab
2016/07/29 22:47:08
done
| |
36 const base::Feature kPostQuantumExperiment{"SSLPostQuantumExperiment", | |
37 base::FEATURE_DISABLED_BY_DEFAULT}; | |
davidben
2016/07/29 12:26:58
Having two base::Features for the same thing seems
mab
2016/07/29 22:47:08
You're right, and it's even expressly prohibited t
| |
38 #endif | |
39 } // namespace | |
40 | |
33 SSLSocketParams::SSLSocketParams( | 41 SSLSocketParams::SSLSocketParams( |
34 const scoped_refptr<TransportSocketParams>& direct_params, | 42 const scoped_refptr<TransportSocketParams>& direct_params, |
35 const scoped_refptr<SOCKSSocketParams>& socks_proxy_params, | 43 const scoped_refptr<SOCKSSocketParams>& socks_proxy_params, |
36 const scoped_refptr<HttpProxySocketParams>& http_proxy_params, | 44 const scoped_refptr<HttpProxySocketParams>& http_proxy_params, |
37 const HostPortPair& host_and_port, | 45 const HostPortPair& host_and_port, |
38 const SSLConfig& ssl_config, | 46 const SSLConfig& ssl_config, |
39 PrivacyMode privacy_mode, | 47 PrivacyMode privacy_mode, |
40 int load_flags, | 48 int load_flags, |
41 bool expect_spdy) | 49 bool expect_spdy) |
42 : direct_params_(direct_params), | 50 : direct_params_(direct_params), |
(...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
366 UMA_HISTOGRAM_ENUMERATION("Net.SSLVersion", SSLConnectionStatusToVersion( | 374 UMA_HISTOGRAM_ENUMERATION("Net.SSLVersion", SSLConnectionStatusToVersion( |
367 ssl_info.connection_status), | 375 ssl_info.connection_status), |
368 SSL_CONNECTION_VERSION_MAX); | 376 SSL_CONNECTION_VERSION_MAX); |
369 | 377 |
370 uint16_t cipher_suite = | 378 uint16_t cipher_suite = |
371 SSLConnectionStatusToCipherSuite(ssl_info.connection_status); | 379 SSLConnectionStatusToCipherSuite(ssl_info.connection_status); |
372 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_CipherSuite", cipher_suite); | 380 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_CipherSuite", cipher_suite); |
373 | 381 |
374 const char *str, *cipher_str, *mac_str; | 382 const char *str, *cipher_str, *mac_str; |
375 bool is_aead; | 383 bool is_aead; |
384 bool is_cecpq1 = false; | |
376 SSLCipherSuiteToStrings(&str, &cipher_str, &mac_str, &is_aead, | 385 SSLCipherSuiteToStrings(&str, &cipher_str, &mac_str, &is_aead, |
377 cipher_suite); | 386 cipher_suite); |
378 // UMA_HISTOGRAM_... macros cache the Histogram instance and thus only work | 387 // UMA_HISTOGRAM_... macros cache the Histogram instance and thus only work |
379 // if the histogram name is constant, so don't generate it dynamically. | 388 // if the histogram name is constant, so don't generate it dynamically. |
380 if (strncmp(str, "DHE_", 4) == 0) { | 389 if (strncmp(str, "DHE_", 4) == 0) { |
381 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.DHE", | 390 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.DHE", |
382 ssl_info.key_exchange_info); | 391 ssl_info.key_exchange_info); |
383 } else if (strncmp(str, "ECDHE_", 6) == 0) { | 392 } else if (strncmp(str, "ECDHE_", 6) == 0) { |
384 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.ECDHE", | 393 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_KeyExchange.ECDHE", |
385 ssl_info.key_exchange_info); | 394 ssl_info.key_exchange_info); |
386 } else if (strncmp(str, "CECPQ1_", 7) == 0) { | 395 } else if (strncmp(str, "CECPQ1_", 7) == 0) { |
387 // Nothing. | 396 is_cecpq1 = true; |
388 } else { | 397 } else { |
389 DCHECK_EQ(0, strcmp(str, "RSA")); | 398 DCHECK_EQ(0, strcmp(str, "RSA")); |
390 } | 399 } |
391 | 400 |
392 if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME) { | 401 if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME) { |
393 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Resume_Handshake", | 402 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Resume_Handshake", |
394 connect_duration, | 403 connect_duration, |
395 base::TimeDelta::FromMilliseconds(1), | 404 base::TimeDelta::FromMilliseconds(1), |
396 base::TimeDelta::FromMinutes(1), | 405 base::TimeDelta::FromMinutes(1), |
397 100); | 406 100); |
(...skipping 22 matching lines...) Expand all Loading... | |
420 base::TimeDelta::FromMilliseconds(1), | 429 base::TimeDelta::FromMilliseconds(1), |
421 base::TimeDelta::FromMinutes(1), | 430 base::TimeDelta::FromMinutes(1), |
422 100); | 431 100); |
423 } else if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_FULL) { | 432 } else if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_FULL) { |
424 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google_" | 433 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google_" |
425 "Full_Handshake", | 434 "Full_Handshake", |
426 connect_duration, | 435 connect_duration, |
427 base::TimeDelta::FromMilliseconds(1), | 436 base::TimeDelta::FromMilliseconds(1), |
428 base::TimeDelta::FromMinutes(1), | 437 base::TimeDelta::FromMinutes(1), |
429 100); | 438 100); |
439 #if !defined(OS_NACL) | |
agl
2016/07/29 00:00:29
(nit: I would have a blank line above this one.)
| |
440 // These are hosts that we expect to always offer CECPQ1. Connections | |
441 // to them, whether or not this browser is in the experiment group, form | |
442 // the basis of our comparisons. | |
443 bool cecpq1_supported = | |
444 (host == "play.google.com" || host == "checkout.google.com" || | |
445 host == "wallet.google.com"); | |
446 if (cecpq1_supported) { | |
447 UMA_HISTOGRAM_CUSTOM_TIMES( | |
448 "Net.SSL_Connection_Latency_PostQuantumSupported_Full_Handshake", | |
449 connect_duration, base::TimeDelta::FromMilliseconds(1), | |
450 base::TimeDelta::FromMinutes(1), 100); | |
451 if (base::FeatureList::IsEnabled(kPostQuantumExperiment)) { | |
452 // But don't trust that these hosts offer CECPQ1: make sure. If | |
453 // we're doing everything right on the server side, |is_cecpq1| | |
454 // should always be true if we get here. | |
455 UMA_HISTOGRAM_BOOLEAN("Net.SSL_Connection_PostQuantum_Negotiated", | |
456 is_cecpq1); | |
457 } | |
458 } | |
459 #endif | |
430 } | 460 } |
431 } | 461 } |
432 } | 462 } |
433 | 463 |
434 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(result)); | 464 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(result)); |
435 | 465 |
436 if (result == OK || IsCertificateError(result)) { | 466 if (result == OK || IsCertificateError(result)) { |
437 SetSocket(std::move(ssl_socket_)); | 467 SetSocket(std::move(ssl_socket_)); |
438 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { | 468 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
439 error_response_info_.cert_request_info = new SSLCertRequestInfo; | 469 error_response_info_.cert_request_info = new SSLCertRequestInfo; |
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
670 if (base_.CloseOneIdleSocket()) | 700 if (base_.CloseOneIdleSocket()) |
671 return true; | 701 return true; |
672 return base_.CloseOneIdleConnectionInHigherLayeredPool(); | 702 return base_.CloseOneIdleConnectionInHigherLayeredPool(); |
673 } | 703 } |
674 | 704 |
675 void SSLClientSocketPool::OnSSLConfigChanged() { | 705 void SSLClientSocketPool::OnSSLConfigChanged() { |
676 FlushWithError(ERR_NETWORK_CHANGED); | 706 FlushWithError(ERR_NETWORK_CHANGED); |
677 } | 707 } |
678 | 708 |
679 } // namespace net | 709 } // namespace net |
OLD | NEW |