net/socket/ssl_session_cache_openssl.h - Issue 328903004: SSL Connect Job Waiting

Side by Side Diff: net/socket/ssl_session_cache_openssl.h

Issue 328903004: SSL Connect Job Waiting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Added a command line flag that enables my changes. Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H	5 #ifndef NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H

6 #define NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H	6 #define NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H

7	7

8 #include <string>	8 #include <string>

9	9

10 #include "base/basictypes.h"	10 #include "base/basictypes.h"

(...skipping 95 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
106 // ensure that the value of \|cache_key\| matches the result of calling the	106 // ensure that the value of \|cache_key\| matches the result of calling the

107 // configuration's \|key_func\| function with the \|ssl\| as parameter.	107 // configuration's \|key_func\| function with the \|ssl\| as parameter.

108 //	108 //

109 // Every \|check_expiration_count\| call to either SetSSLSession() or	109 // Every \|check_expiration_count\| call to either SetSSLSession() or

110 // SetSSLSessionWithKey() triggers a check for, and removal of, expired	110 // SetSSLSessionWithKey() triggers a check for, and removal of, expired

111 // sessions.	111 // sessions.

112 //	112 //

113 // Return true iff a cached session was associated with the \|ssl\| connection.	113 // Return true iff a cached session was associated with the \|ssl\| connection.

114 bool SetSSLSessionWithKey(SSL* ssl, const std::string& cache_key);	114 bool SetSSLSessionWithKey(SSL* ssl, const std::string& cache_key);

115	115

	116 // Allows an SSLConnectionJob to determine if its intended connection is

	117 // in the session cache.
	wtc 2014/06/13 22:47:24 Nit: the documentation should ideally not refer to Nit: the documentation should ideally not refer to the intended user (SSLConnectJob). I think we can just delete this sentence. mshelley1 2014/06/16 19:02:51 Done. Show quoted text On 2014/06/13 22:47:24, wtc wrote: > > Nit: the documentation should ideally not refer to the intended user > (SSLConnectJob). I think we can just delete this sentence. Done.
	118 //

	119 // Return true iff a cached session was associated with the given cache_key.
	wtc 2014/06/13 22:47:24 Nit: put code in \|\|, for example, \|cache_key\|. Nit: put code in \|\|, for example, \|cache_key\|. mshelley1 2014/06/16 19:02:51 Done. Show quoted text On 2014/06/13 22:47:24, wtc wrote: > > Nit: put code in \|\|, for example, \|cache_key\|. Done.
	120 bool SessionIsInCache(const std::string& cache_key);
	wtc 2014/06/13 22:47:24 Nit: Mark this method const: bool SessionIsInCa Nit: Mark this method const: bool SessionIsInCache(const std::string& cache_key) const; mshelley1 2014/06/16 19:02:51 Done. Show quoted text On 2014/06/13 22:47:24, wtc wrote: > > Nit: Mark this method const: > > bool SessionIsInCache(const std::string& cache_key) const; Done.
	121

116 // Indicates that the SSL session associated with \|ssl\| is "good" - that is,	122 // Indicates that the SSL session associated with \|ssl\| is "good" - that is,

117 // that all associated cryptographic parameters that were negotiated,	123 // that all associated cryptographic parameters that were negotiated,

118 // including the peer's certificate, were successfully validated. Because	124 // including the peer's certificate, were successfully validated. Because

119 // OpenSSL does not provide an asynchronous certificate verification	125 // OpenSSL does not provide an asynchronous certificate verification

120 // callback, it's necessary to manually manage the sessions to ensure that	126 // callback, it's necessary to manually manage the sessions to ensure that

121 // only validated sessions are resumed.	127 // only validated sessions are resumed.

122 void MarkSSLSessionAsGood(SSL* ssl);	128 void MarkSSLSessionAsGood(SSL* ssl);

123	129

124 // Flush removes all entries from the cache. This is typically called when	130 // Flush removes all entries from the cache. This is typically called when

125 // the system's certificate store has changed.	131 // the system's certificate store has changed.

126 void Flush();	132 void Flush();

127	133

128 // TODO(digit): Move to client code.	134 // TODO(digit): Move to client code.

129 static const int kDefaultTimeoutSeconds = 60 * 60;	135 static const int kDefaultTimeoutSeconds = 60 * 60;

130 static const size_t kMaxEntries = 1024;	136 static const size_t kMaxEntries = 1024;

131 static const size_t kMaxExpirationChecks = 256;	137 static const size_t kMaxExpirationChecks = 256;

132	138

133 private:	139 private:

134 DISALLOW_COPY_AND_ASSIGN(SSLSessionCacheOpenSSL);	140 DISALLOW_COPY_AND_ASSIGN(SSLSessionCacheOpenSSL);

135	141

136 SSLSessionCacheOpenSSLImpl* impl_;	142 SSLSessionCacheOpenSSLImpl* impl_;

137 };	143 };

138	144

139 } // namespace net	145 } // namespace net

140	146

141 #endif // NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H	147 #endif // NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H

OLD	NEW

« net/socket/ssl_client_socket_pool.cc ('K') | « net/socket/ssl_client_socket_pool.cc ('k') | net/socket/ssl_session_cache_openssl.cc » ('j') | net/socket/ssl_session_cache_openssl.cc » ('J')