Chromium Code Reviews Chromium Code Reviews
Issue 2607193002:
Adding Short Record Header feature. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 212 if (base::StringToInt(base::FieldTrialList::FindFullName(field_trial), | 212 if (base::StringToInt(base::FieldTrialList::FindFullName(field_trial), |
| 213 &override_buffer_size)) { | 213 &override_buffer_size)) { |
| 214 buffer_size = override_buffer_size; | 214 buffer_size = override_buffer_size; |
| 215 buffer_size = std::max(buffer_size, 1000); | 215 buffer_size = std::max(buffer_size, 1000); |
| 216 buffer_size = std::min(buffer_size, 2 * kDefaultOpenSSLBufferSize); | 216 buffer_size = std::min(buffer_size, 2 * kDefaultOpenSSLBufferSize); |
| 217 } | 217 } |
| 218 #endif // !defined(OS_NACL) | 218 #endif // !defined(OS_NACL) |
| 219 return buffer_size; | 219 return buffer_size; |
| 220 } | 220 } |
| 221 | 221 |
| 222 #if defined(OS_NACL) | 222 #if defined(OS_NACL) |
|
davidben
2017/01/02 10:48:10
Ooh, I guess we don't need to worry about build ta
| |
| 223 bool AreLegacyECDSACiphersEnabled() { | 223 bool AreLegacyECDSACiphersEnabled() { |
| 224 return false; | 224 return false; |
| 225 } | 225 } |
| 226 #else | 226 #else |
| 227 // TODO(davidben): Remove this after the ECDSA CBC removal sticks. | 227 // TODO(davidben): Remove this after the ECDSA CBC removal sticks. |
| 228 // https:/crbug.com/666191. | 228 // https:/crbug.com/666191. |
| 229 const base::Feature kLegacyECDSACiphersFeature{ | 229 const base::Feature kLegacyECDSACiphersFeature{ |
| 230 "SSLLegacyECDSACiphers", base::FEATURE_DISABLED_BY_DEFAULT}; | 230 "SSLLegacyECDSACiphers", base::FEATURE_DISABLED_BY_DEFAULT}; |
| 231 | 231 |
| 232 bool AreLegacyECDSACiphersEnabled() { | 232 bool AreLegacyECDSACiphersEnabled() { |
| 233 return base::FeatureList::IsEnabled(kLegacyECDSACiphersFeature); | 233 return base::FeatureList::IsEnabled(kLegacyECDSACiphersFeature); |
| 234 } | 234 } |
| 235 #endif | 235 #endif |
| 236 | 236 |
| 237 const base::Feature kShortRecordHeaderFeature{ | |
| 238 "SSLShortRecordHeader", base::FEATURE_DISABLED_BY_DEFAULT}; | |
|
davidben
2017/01/02 10:48:10
Should this go in testing/variations/fieldtrial_te
| |
| 239 | |
| 237 } // namespace | 240 } // namespace |
| 238 | 241 |
| 239 class SSLClientSocketImpl::SSLContext { | 242 class SSLClientSocketImpl::SSLContext { |
| 240 public: | 243 public: |
| 241 static SSLContext* GetInstance() { | 244 static SSLContext* GetInstance() { |
| 242 return base::Singleton<SSLContext>::get(); | 245 return base::Singleton<SSLContext>::get(); |
| 243 } | 246 } |
| 244 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } | 247 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } |
| 245 SSLClientSessionCache* session_cache() { return &session_cache_; } | 248 SSLClientSessionCache* session_cache() { return &session_cache_; } |
| 246 | 249 |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 282 | 285 |
| 283 // Disable the internal session cache. Session caching is handled | 286 // Disable the internal session cache. Session caching is handled |
| 284 // externally (i.e. by SSLClientSessionCache). | 287 // externally (i.e. by SSLClientSessionCache). |
| 285 SSL_CTX_set_session_cache_mode( | 288 SSL_CTX_set_session_cache_mode( |
| 286 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); | 289 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); |
| 287 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); | 290 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); |
| 288 SSL_CTX_set_timeout(ssl_ctx_.get(), 1 * 60 * 60 /* one hour */); | 291 SSL_CTX_set_timeout(ssl_ctx_.get(), 1 * 60 * 60 /* one hour */); |
| 289 | 292 |
| 290 SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1); | 293 SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1); |
| 291 | 294 |
| 295 if (base::FeatureList::IsEnabled(kShortRecordHeaderFeature)) { | |
| 296 SSL_CTX_set_short_header_enabled(ssl_ctx_.get(), 1); | |
| 297 } | |
| 298 | |
| 292 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, | 299 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, |
| 293 &TokenBindingAddCallback, | 300 &TokenBindingAddCallback, |
| 294 &TokenBindingFreeCallback, nullptr, | 301 &TokenBindingFreeCallback, nullptr, |
| 295 &TokenBindingParseCallback, nullptr)) { | 302 &TokenBindingParseCallback, nullptr)) { |
| 296 NOTREACHED(); | 303 NOTREACHED(); |
| 297 } | 304 } |
| 298 } | 305 } |
| 299 | 306 |
| 300 static int TokenBindingAddCallback(SSL* ssl, | 307 static int TokenBindingAddCallback(SSL* ssl, |
| 301 unsigned int extension_value, | 308 unsigned int extension_value, |
| (...skipping 1756 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2058 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2065 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 2059 !certificate_requested_) { | 2066 !certificate_requested_) { |
| 2060 net_error = ERR_SSL_PROTOCOL_ERROR; | 2067 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 2061 } | 2068 } |
| 2062 } | 2069 } |
| 2063 | 2070 |
| 2064 return net_error; | 2071 return net_error; |
| 2065 } | 2072 } |
| 2066 | 2073 |
| 2067 } // namespace net | 2074 } // namespace net |
| OLD | NEW |
