Don't use crypto/x509 in SSLClientSocketImpl.

Don't use crypto/x509 in SSLClientSocketImpl.

This knocks out one of the two major dependencies on crypto/x509 in
//net. With this, SSL_SESSIONs in the session cache no longer retain the
expensive X509* objects. This is especially exciting on non-Android
platforms where net::X509Certificate already did not use X509*. (On
Android, net::X509Certificate still needs to be rewritten and, in
particular, is retained in the certificate verification cache.)

BUG=671420
Review-Url: https://codereview.chromium.org/2728303005
Cr-Commit-Position: refs/heads/master@{#455782}
Committed: https://chromium.googlesource.com/chromium/src/+/a35b40c351e773c864301ef0eb075a7eca1a2f2f

[davidben, 2017-03-08 19:44:40]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-08 19:45:21]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[davidben, 2017-03-08 19:47:45]

Description was changed from

==========
Work-in-progress X509 => CRYPTO_BUFFER CL.

BUG=
==========

to

==========
Don't use crypto/x509 in SSLClientSocketImpl.

This knocks out one of the two major dependencies on crypto/x509 in
//net. With this, SSL_SESSIONs in the session cache no longer retain the
expensive X509* objects. This is especially exciting on non-Android
platforms where net::X509Certificate already did not use X509*. (On
Android, net::X509Certificate still needs to be rewritten.)

BUG=671420
==========

[davidben, 2017-03-08 19:48:31]

Description was changed from

==========
Don't use crypto/x509 in SSLClientSocketImpl.

This knocks out one of the two major dependencies on crypto/x509 in
//net. With this, SSL_SESSIONs in the session cache no longer retain the
expensive X509* objects. This is especially exciting on non-Android
platforms where net::X509Certificate already did not use X509*. (On
Android, net::X509Certificate still needs to be rewritten.)

BUG=671420
==========

to

==========
Don't use crypto/x509 in SSLClientSocketImpl.

This knocks out one of the two major dependencies on crypto/x509 in
//net. With this, SSL_SESSIONs in the session cache no longer retain the
expensive X509* objects. This is especially exciting on non-Android
platforms where net::X509Certificate already did not use X509*. (On
Android, net::X509Certificate still needs to be rewritten and, in
particular, is retained in the certificate verification cache.)

BUG=671420
==========

[commit-bot: I haz the power, 2017-03-08 19:55:26]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-08 19:55:26]

Dry run: Try jobs failed on following builders:
  ios-device on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device/builds...)
  ios-simulator on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...)
  ios-simulator-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator-xco...)

[davidben, 2017-03-08 20:00:59]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-08 20:01:53]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[davidben, 2017-03-08 20:06:35]

davidben@chromium.org changed reviewers:
+ mattm@chromium.org

[davidben, 2017-03-08 20:06:36]

https://codereview.chromium.org/2728303005/diff/40001/net/socket/ssl_client_s...
File net/socket/ssl_client_socket_impl.cc (right):

https://codereview.chromium.org/2728303005/diff/40001/net/socket/ssl_client_s...
net/socket/ssl_client_socket_impl.cc:313:
SSL_CTX_i_promise_to_verify_certs_after_the_handshake(ssl_ctx_.get());
Yyyyyup. :-)

This is a placeholder until the async callback exists, at which point we'll stop
doing the certificate verification after the handshake.

https://codereview.chromium.org/2728303005/diff/40001/net/socket/ssl_client_s...
net/socket/ssl_client_socket_impl.cc:1629: }
This is really obnoxious, but I'm assuming ultimately we'll have CRYPTO_BUFFERs
available here as part of your work?

[commit-bot: I haz the power, 2017-03-08 21:40:38]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-08 21:40:38]

Dry run: This issue passed the CQ dry run.

[mattm, 2017-03-09 04:37:55]

lgtm

https://codereview.chromium.org/2728303005/diff/40001/net/socket/ssl_client_s...
File net/socket/ssl_client_socket_impl.cc (right):

https://codereview.chromium.org/2728303005/diff/40001/net/socket/ssl_client_s...
net/socket/ssl_client_socket_impl.cc:1629: }
On 2017/03/08 20:06:36, davidben wrote:
> This is really obnoxious, but I'm assuming ultimately we'll have
CRYPTO_BUFFERs
> available here as part of your work?

yeah

[davidben, 2017-03-09 17:27:31]

The CQ bit was checked by davidben@chromium.org

[commit-bot: I haz the power, 2017-03-09 17:28:12]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-09 17:33:49]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1489080451122980,
"parent_rev": "0df0c5fffb5b95da4cb59bdededb180367dc5e50", "commit_rev":
"a35b40c351e773c864301ef0eb075a7eca1a2f2f"}

[commit-bot: I haz the power, 2017-03-09 17:34:35]

Description was changed from

==========
Don't use crypto/x509 in SSLClientSocketImpl.

This knocks out one of the two major dependencies on crypto/x509 in
//net. With this, SSL_SESSIONs in the session cache no longer retain the
expensive X509* objects. This is especially exciting on non-Android
platforms where net::X509Certificate already did not use X509*. (On
Android, net::X509Certificate still needs to be rewritten and, in
particular, is retained in the certificate verification cache.)

BUG=671420
==========

to

==========
Don't use crypto/x509 in SSLClientSocketImpl.

This knocks out one of the two major dependencies on crypto/x509 in
//net. With this, SSL_SESSIONs in the session cache no longer retain the
expensive X509* objects. This is especially exciting on non-Android
platforms where net::X509Certificate already did not use X509*. (On
Android, net::X509Certificate still needs to be rewritten and, in
particular, is retained in the certificate verification cache.)

BUG=671420

Review-Url: https://codereview.chromium.org/2728303005
Cr-Commit-Position: refs/heads/master@{#455782}
Committed:
https://chromium.googlesource.com/chromium/src/+/a35b40c351e773c864301ef0eb07...
==========

[commit-bot: I haz the power, 2017-03-09 17:34:36]

Committed patchset #3 (id:40001) as
https://chromium.googlesource.com/chromium/src/+/a35b40c351e773c864301ef0eb07...