Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
353713005:
Implements new, more robust design for communicating between SSLConnectJobs. (Closed)
DescriptionThis CL is a better implementation of https://codereview.chromium.org/328903004/ .
It allows SSLConnectJob waiting even in the case of false start. Additionally, it groups all of the functions for communicating between SSLConnectJobs into one object, the SSLConnectJobMessenger.
R=mmenke@chromium.org,rsleevi@chromium.org,wtc@chromium.org
TBR=mek@chromium.org,asargent@chormium.org,thestig@chromium.org
BUG=398967
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=287408
Patch Set 1 : Implements new, more robust design for communicating between SSLConectJobs. #
Total comments: 63
Patch Set 2 : Fixed logical errors regarding connecting sockets, made cache communication more consistent, and ch… #Patch Set 3 : Adds test confirming that jobs wait for the leader to connect before connecting. #Patch Set 4 : Added a unit test for the case in which the leader job fails. #Patch Set 5 : Added checks to determine if false start connections fail, and moved location of enable_job_waiting… #
Total comments: 92
Patch Set 6 : Changed the structure of pending_sockets_and_callbacks_ and made cl compatible with nss. #Patch Set 7 : Changed the structure of pending_sockets_and_callbacks_ and made cl compatible with nss. (Fixed one… #
Total comments: 14
Patch Set 8 : Changed location of enable_connect_job_waiting_ and added documentation. #
Total comments: 95
Patch Set 9 : Implemented better memory management and callback handling. #
Total comments: 61
Patch Set 10 : Redesigned tests and fixed various other issues. #
Total comments: 28
Patch Set 11 : Moved OnHandshakeFailureCheck and fixed comments. #Patch Set 12 : Fixed error in SSLSessionIsInCache. #
Total comments: 95
Patch Set 13 : Fixed comment issues, addressed case where session is NULL #
Total comments: 42
Patch Set 14 : Changed Connect to use a state loop, and moved location of OnHandshakeFailure calls. #
Total comments: 24
Patch Set 15 : Accidentally compiled w/o use_openssl=true before; fixed compiler errors #
Total comments: 33
Patch Set 16 : Combined OnSocketFailure/Success callbacks and Added tests. #Patch Set 17 : Fixed comment I missed in the last patch. #
Total comments: 47
Patch Set 18 : Added a new state to SSLClientSocket Connect, fixed various comment issues. #
Total comments: 40
Patch Set 19 : Restructured Connect for MockSSLClientSockets, fixed tests. #Patch Set 20 : Rewrote the MockSSLClientSocket connect state loop to use the typical Chrome structure & fixed bugs… #
Total comments: 30
Patch Set 21 : Reordered MockSSLClientSocket methods, fixed other comments #Patch Set 22 : Prevent certain tests from running when USE_OPENSSL is not defined. #
Total comments: 26
Patch Set 23 : Updated tests for client sockets to confirm use of completion callback and switched messenger to us… #
Total comments: 8
Patch Set 24 : Updated SSLClientSocket tests & fixed bug in SSLSessionCacheOpenSSL #
Total comments: 31
Patch Set 25 : Rebase #Patch Set 26 : Moved tests back to ssl_client_socket_unittest.cc, fixed various other issues. #
Total comments: 46
Patch Set 27 : Removed additional arg from GetNextProto (was added in by rebase (?)) and fixed other small bugs. #
Total comments: 16
Patch Set 28 : Removed test from SSLClientSocketOpenSSL, removed false start test, inlined CreateAndConnectSSLClie… #
Total comments: 6
Patch Set 29 : Fixed nits from previous patchset. #
Total comments: 4
Patch Set 30 : Fixed typo & removed CapturingNetLog arg. #
Total comments: 6
Messages
Total messages: 74 (0 generated)
This is the first version of the new design that Ryan and I discussed. I still need to figure out a couple of things, namely where in the ssl_client_socket I should check for failed false start connections, and testing; but I believe this implementation roughly works.
Quick drive-by comments; I haven't really reviewed in depth yet. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_openssl.h:62: virtual void OnSocketFailure(const base::Closure& cb) OVERRIDE; For API simplicitly, we may want to combine these into a base::CompletionCallback, where 0/OK = success, and other statuses indicate an error. That said, it's more of a note than a request for change (at present) - still want to see how things shake out. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.cc:110: return ssl_socket.release(); STYLE: We prefer to return a scoped_ptr<SSLClientSocket> in the signature scoped_ptr<SSLClientSocket> SSLConnectJobMessenger::CanProceed(...) { return ssl_socket.Pass(); } https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.cc:120: return ssl_socket.release(); DANGER! You just gave up ownership of ssl_socket on line 117. You can't give ownership to someone else (.Pass() invalidates |ssl_socket|) https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:101: // SSLConnectJobs Surely there's more to say here ;) https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:106: class SSLPendingSocketsAndCallbacks { This class should be private (and forward declared), since it doesn't seem to be part of any of the interface under test. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:110: callbacks_ = std::vector<base::Closure>(); This isn't needed; callbacks_ default ctor will run fine. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:113: SSLPendingSocketsAndCallbacks(SSLPendingSocketsAndCallbacks& ref) { This is a pretty dangerous constructor. Why was it necessary? Further pedantry: Normally, if you're going to allow copying, you implement the copy-ctor (which is const-ref), the assignment operator (operator=, which takes in a const-ref). If you want to allow swapping, you actually implement a method called swap (except there are a whole bunch of special, hidden rules in C++ you actually need to follow) https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:119: const base::Closure& cb) { naming: AddSocket? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:125: void clear() { style: clear() -> Clear() https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:135: it->Run(); style: braces on multi-lines. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:139: return pending_sockets_[0]->Pass(); safety: DCHECK(!pending_sockets_.empty()) ? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:142: base::Closure GetFirstCallback() { return callbacks_[0]; } ditto safety https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:144: void EraseFirstEntry() { DANGER: if .begin() == .end(), this will explode. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:155: // SSL connection. STYLE: We don't pass output values as-ref; always as pointers. That is, input values as const-ref (or, if intrinsic, by-val), input/output and outputs as pointers (typically). This also doesn't document what the returned Socket is, or who owns it. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:161: const base::Closure& cb); Ditto here. You're transferring ownership, but what is it you're returning? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:250: ssl_to_callback_map_.insert(SSLtoCallbackMap::value_type(ssl, temp)); Note: You can just use ssl_to_callback_map_[ssl] = temp; here https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:258: return; // this shouldn't actually happen ever So then add a NOTREACHED() here. Why shouldn't it happen? Is that actually part of your SSLSessionCacheOpenSSL *contract* (eg: it MUST never happen), or is it just an implementation detail of the Pool?
Review comments on patch set 1: I haven't reviewed ssl_client_socket_pool.*. This version seems harder to understand. I'll try to review it again tomorrow morning. https://codereview.chromium.org/353713005/diff/20001/chrome/browser/chrome_br... File chrome/browser/chrome_browser_main.cc (right): https://codereview.chromium.org/353713005/diff/20001/chrome/browser/chrome_br... chrome/browser/chrome_browser_main.cc:1359: } Nit: omit curly braces, which is the style used in this file for simple if statements. https://codereview.chromium.org/353713005/diff/20001/chrome/common/chrome_swi... File chrome/common/chrome_switches.cc (right): https://codereview.chromium.org/353713005/diff/20001/chrome/common/chrome_swi... chrome/common/chrome_switches.cc:618: const char kEnableSSLConnectJobWaiting[] = "enable-ssl-connect-job-waiting"; Nit: most of the '=' signs in this file seem to be aligned. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket.h:87: // The cache key consists of a host_and_poart concatenated with a session Typo: poart => port https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket.h:93: virtual void OnSocketFailure(const base::Closure& cb) = 0; 1. Document these two methods. 2. Don't abbreviate the parameter names. They should be named 'callback' or 'closure'. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket.h:201: base::Closure error_callback_; Delete this? SSLClientSocketOpenSSL has a same-named member. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_openssl.cc:92: std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) { Nit: this function probably should become a method of SSLClientSocketOpenSSL. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_openssl.cc:381: error_callback_ = cb; IMPORTANT: the error_callback_ member is not being used. This means your OnSocketFailure() calls have no effect. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:180: // Note: the SSLConnectJob does not own pending_jobs_list This comment needs to be updated because there is no |own pending_jobs_list| in this CL. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:300: typedef std::map<SSL*, std::pair<const base::Closure&, int> > What is the "int" in the std::pair? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:301: SSLtoCallbackMap; Nit: the "to" in "SSLtoCallbackMap" should be capitalized: SSLToCallbackMap. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:513: SSLtoCallbackMap ssl_to_callback_map_; Is this member protected by |lock_|? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.h:11: #include "base/memory/scoped_ptr.h" You should not need to include scoped_ptr.h because scoped_ptr is not used in this file. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.h:13: #include "net/socket/ssl_client_socket_openssl.h" You should not need to include this header. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.h:121: // Informs the cache that it should notify the messenger when |socket|'s 1. notify the messenger => run the callback |cb| 2. |socket| is not a parameter of this function. Perhaps you meant |ssl|? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.h:123: void NotifyOnSessionAdded(SSL* ssl, const base::Closure& cb); cb => callback or closure ? Our Style Guide recommends against using abbreviations for variable/parameter names in general.
https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket.h:87: // The cache key consists of a host_and_poart concatenated with a session On 2014/06/27 00:36:49, wtc wrote: > > Typo: poart => port Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket.h:93: virtual void OnSocketFailure(const base::Closure& cb) = 0; On 2014/06/27 00:36:49, wtc wrote: > > 1. Document these two methods. > > 2. Don't abbreviate the parameter names. They should be named 'callback' or > 'closure'. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket.h:201: base::Closure error_callback_; On 2014/06/27 00:36:49, wtc wrote: > > Delete this? SSLClientSocketOpenSSL has a same-named member. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_openssl.cc:92: std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) { On 2014/06/27 00:36:49, wtc wrote: > > Nit: this function probably should become a method of SSLClientSocketOpenSSL. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_openssl.cc:381: error_callback_ = cb; On 2014/06/27 00:36:49, wtc wrote: > > IMPORTANT: the error_callback_ member is not being used. > > This means your OnSocketFailure() calls have no effect. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_openssl.h:62: virtual void OnSocketFailure(const base::Closure& cb) OVERRIDE; On 2014/06/26 01:47:16, Ryan Sleevi wrote: > For API simplicitly, we may want to combine these into a > base::CompletionCallback, where 0/OK = success, and other statuses indicate an > error. > > That said, it's more of a note than a request for change (at present) - still > want to see how things shake out. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.cc:110: return ssl_socket.release(); On 2014/06/26 01:47:16, Ryan Sleevi wrote: > STYLE: We prefer to return a scoped_ptr<SSLClientSocket> in the signature > > scoped_ptr<SSLClientSocket> SSLConnectJobMessenger::CanProceed(...) { > > return ssl_socket.Pass(); > } Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.cc:120: return ssl_socket.release(); On 2014/06/26 01:47:16, Ryan Sleevi wrote: > DANGER! You just gave up ownership of ssl_socket on line 117. You can't give > ownership to someone else (.Pass() invalidates |ssl_socket|) Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:101: // SSLConnectJobs On 2014/06/26 01:47:16, Ryan Sleevi wrote: > Surely there's more to say here ;) Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:106: class SSLPendingSocketsAndCallbacks { On 2014/06/26 01:47:16, Ryan Sleevi wrote: > This class should be private (and forward declared), since it doesn't seem to be > part of any of the interface under test. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:110: callbacks_ = std::vector<base::Closure>(); On 2014/06/26 01:47:16, Ryan Sleevi wrote: > This isn't needed; callbacks_ default ctor will run fine. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:113: SSLPendingSocketsAndCallbacks(SSLPendingSocketsAndCallbacks& ref) { My intent was to implement the copy constructor -- I forgot the const part though clearly! I need to be able to copy the object so that I can make a copy, clear the object, and then run the callbacks stored in the copy. Are the special, hidden rules that you're referring to the "swap and copy idiom"? I just implemented the assignment operator according to that, but wasn't positive if that was what you meant. On 2014/06/26 01:47:16, Ryan Sleevi wrote: > This is a pretty dangerous constructor. Why was it necessary? > > Further pedantry: > Normally, if you're going to allow copying, you implement the copy-ctor (which > is const-ref), the assignment operator (operator=, which takes in a const-ref). > If you want to allow swapping, you actually implement a method called swap > (except there are a whole bunch of special, hidden rules in C++ you actually > need to follow) https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:119: const base::Closure& cb) { On 2014/06/26 01:47:16, Ryan Sleevi wrote: > naming: AddSocket? Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:125: void clear() { On 2014/06/26 01:47:16, Ryan Sleevi wrote: > style: clear() -> Clear() Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:135: it->Run(); Isn't the body of this loop only one line though? On 2014/06/26 01:47:16, Ryan Sleevi wrote: > style: braces on multi-lines. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:139: return pending_sockets_[0]->Pass(); On 2014/06/26 01:47:16, Ryan Sleevi wrote: > safety: DCHECK(!pending_sockets_.empty()) ? Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:142: base::Closure GetFirstCallback() { return callbacks_[0]; } On 2014/06/26 01:47:16, Ryan Sleevi wrote: > ditto safety Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:144: void EraseFirstEntry() { On 2014/06/26 01:47:16, Ryan Sleevi wrote: > DANGER: if .begin() == .end(), this will explode. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:155: // SSL connection. On 2014/06/26 01:47:16, Ryan Sleevi wrote: > STYLE: We don't pass output values as-ref; always as pointers. > > That is, input values as const-ref (or, if intrinsic, by-val), input/output and > outputs as pointers (typically). > > This also doesn't document what the returned Socket is, or who owns it. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:161: const base::Closure& cb); On 2014/06/26 01:47:16, Ryan Sleevi wrote: > Ditto here. You're transferring ownership, but what is it you're returning? Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:180: // Note: the SSLConnectJob does not own pending_jobs_list On 2014/06/27 00:36:49, wtc wrote: > > This comment needs to be updated because there is no |own pending_jobs_list| in > this CL. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:250: ssl_to_callback_map_.insert(SSLtoCallbackMap::value_type(ssl, temp)); So I tried that initially, but received "cannot use default assignment operator" error -- I assume because I'm mapping to a pair? On 2014/06/26 01:47:16, Ryan Sleevi wrote: > Note: You can just use > > ssl_to_callback_map_[ssl] = temp; here https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:258: return; // this shouldn't actually happen ever Oops -- honestly I put that statement/comment in while I was mocking out these functions and forgot to delete it. The way things are implemented now this actually can happen. On 2014/06/26 01:47:16, Ryan Sleevi wrote: > So then add a NOTREACHED() here. > > Why shouldn't it happen? Is that actually part of your SSLSessionCacheOpenSSL > *contract* (eg: it MUST never happen), or is it just an implementation detail of > the Pool? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:300: typedef std::map<SSL*, std::pair<const base::Closure&, int> > The int is used to determine whether or not the session has completed. In order for a connection to technically be complete, it must have passed through MarkSSLSessionAsGood as well as NewSessionCallbackStatic; each time this happens I increment the int so that I can see when both methods have been called. On 2014/06/27 00:36:50, wtc wrote: > > What is the "int" in the std::pair? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:301: SSLtoCallbackMap; On 2014/06/27 00:36:50, wtc wrote: > > Nit: the "to" in "SSLtoCallbackMap" should be capitalized: SSLToCallbackMap. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.cc:513: SSLtoCallbackMap ssl_to_callback_map_; No it is not...sorry didn't notice the comment above. I'll move this. On 2014/06/27 00:36:50, wtc wrote: > > Is this member protected by |lock_|? https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.h:11: #include "base/memory/scoped_ptr.h" On 2014/06/27 00:36:50, wtc wrote: > > You should not need to include scoped_ptr.h because scoped_ptr is not used in > this file. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.h:13: #include "net/socket/ssl_client_socket_openssl.h" On 2014/06/27 00:36:50, wtc wrote: > > You should not need to include this header. Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.h:121: // Informs the cache that it should notify the messenger when |socket|'s On 2014/06/27 00:36:50, wtc wrote: > > 1. notify the messenger => run the callback |cb| > > 2. |socket| is not a parameter of this function. Perhaps you meant |ssl|? Done. https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_session_c... net/socket/ssl_session_cache_openssl.h:123: void NotifyOnSessionAdded(SSL* ssl, const base::Closure& cb); On 2014/06/27 00:36:50, wtc wrote: > > cb => callback or closure ? > > Our Style Guide recommends against using abbreviations for variable/parameter > names in general. Done.
Review comments on patch set 5: I need to review this carefully again. It seems that there are holes in the logic. I didn't review the tests. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.cc:1455: return false; This is simply return data_->is_in_session_cache_; https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:32: #include "net/socket/ssl_client_socket_openssl.h" IMPORTANT: this header should not need to include "net/socket/ssl_client_socket_openssl.h". https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:340: bool is_leader_; is_leader_ should be documented because its meaning is not obvious. I can guess what is_in_session_cache_ means. Since none of the other members are documented, it is fine to not document is_in_session_cache_. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:640: // Tell the client socket factory that the leading job has connected. Nit: Tell => Tells https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:641: static void LeaderConnected(); Name this method "SetLeaderConnected". https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:644: static bool IsLeaderConnected(); IMPORTANT: it seems that the leader connect job is a notion of the client socket pool rather than the client socket factory. So I don't know why we need to add these two methods to MockClientSocketFactory. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:671: static NET_EXPORT bool leader_connected_; Use NET_EXPORT_PRIVATE instead. But, is this really necessary? https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:991: bool IsGoodOrdering() const; Document this method. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:998: mutable base::Closure process_pending_jobs_callback_; Why does this member need to be marked mutable? Can this be avoided? https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:92: // its SSLConnectJobMessenger upon the session's completion. I don't understand what "session's completion" means. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:99: // Sets the |is_leader_| variable to true. This header doesn't have the "is_leader_" variable (or member?), so this method needs to be documented without referring to "is_leader_". https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:158: static NET_EXPORT void EnableJobWaiting(bool enable); EnableJobWaiting => EnableConnectJobWaiting. GetEnableJobWaiting => GetEnableConnectJobWaiting enable_job_waiting_ => enable_connect_job_waiting_ https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:382: context->session_cache()->NotifyOnSessionAdded(ssl_, callback); IMPORTANT: in the destructor, we should remove the entry for ssl_ from context->session_cache(). https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:396: error_callback_.Run(); Should we reset error_callback_? https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1051: int SSLClientSocketOpenSSL::DoReadLoop(int result) {if (result < 0) Move "if (result < 0)" to the next line. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1097: OnSocketFailure(); Why do we need to call OnSocketFailure after the failure of the very first SSL_read or SSL_write call? It seems that we should call OnSocketFailure after the failure of SSL_do_handshake instead. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:57: } Rename this method "GetSessionCacheKey". The original name was appropriate when this was a free function (as opposed to a class method). https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:65: virtual void SetIsLeader(); Add "OVERRIDE". https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:101: connecting_sockets_.push_back(ssl_socket); IMPORTANT: it is better for CanProceed() to me a simply boolean query that has no side effect, and let the caller of this function push ssl_socket to connecting_sockets_ when CanProceed() returns true. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:134: ssl_socket->SetIsLeader(); Move the ssl_socket->SetIsLeader() call into MonitorConnectionResult(). Both of the MonitorConnectionResult() callers call ssl_socket->SetIsLeader(). https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:412: messenger_->OnJobFailed(); IMPORTANT: move lines 411-412 to DoSSLConnectComplete(), so that this is done for both synchronous and asynchronous failures of ssl_socket_->Connect(). https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:445: } Remove the curly braces, unless these were added by git cl format. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:544: next_state_ = STATE_SSL_CONNECT; Delete this line. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:661: context_.ssl_session_cache_shard; This should be abstracted into a function. Ideally there should only be one function that constructs the cache key. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:101: // SSLConnectJobs. Please point out these SSLConnectJobs have the same SSL session cache key. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:106: class NET_EXPORT SSLConnectJobMessenger { Use NET_EXPORT_PRIVATE instead. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:108: // Sets rv to true if the given |ssl_socket| should continue its By "Sets rv to true", did you mean "Returns true"? There is no |rv| in this function. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:141: callback_it != ref.callbacks_.end()) { BUG: this while loop is wrong. You need two while loops to copy pending_sockets_ and callbacks_, respectively. But you should be able to just copy the two std::vectors directly: pending_sockets_ = ref.pending_sockets_; callbacks_ = ref.callbacks_; By the way, the parameter of the copy constructor is usually named |other|. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:150: temp.Swap(*this); I don't know why the Swap method is needed. You should be able to just do member-wise copy. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:154: void Swap(SSLPendingSocketsAndCallbacks ref) throw() { Do we need "throw()" here? This is the first time I see it used in the Chromium source tree. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:171: for (std::vector<base::Closure>::iterator it = callbacks_.begin(); Use const_iterator? https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:203: std::vector<base::Closure> callbacks_; IMPORTANT: it seems that you should instead define a simple struct: struct SocketAndCallback { SSLClientSocket* socket; base::Closure callback; }; Then SSLPendingSocketsAndCallbacks is just std::vector<SocketAndCallback>. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:250: ssl_to_callback_map_.insert(SSLToCallbackMap::value_type(ssl, temp)); This can be written using the associative array notation" ssl_to_callback_map_[ssl] = temp; Nit: use a more meaningful variable name such as "entry" or "item" instead of "temp". https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:260: (it->second.second)++; Nit: you can omit the parentheses. I know it's not clear whether the struct member operators (-> and .) or ++ have precedence. You should memorize that struct member operators have the highest priority. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:262: // The session has been MarkedAsGood and Added, so it can be used. Please document that these can occur in either order. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:263: it->second.first.Run(); Should we remove the entry for |ssl| from ssl_to_callback_map_ after running the callback? Perhaps it is safer to just let the SSLClientSocketOpenSSL destructor remove the entry? https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:299: typedef std::map<SSL*, std::pair<const base::Closure&, int> > I think we may need to use "base::Closure" instead of "const base::Closure&" in the std::pair. A reference is really just syntactic sugar for a pointer. I think it is safer to for the std::pair to hold a copy of the base::Closure object rather than a reference. It seems that base::Closure just have two data members: a scoped_refptr and a function pointer. So it is cheap to copy base::Closure. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:385: static void RemoveSessionCallbackStatic(SSL_CTX* ctx, SSL_SESSION* session) { Should we decrement the session's completion count here? https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:11: #include "base/callback.h" Include base/callback_forward.h instead for the forward declaration of base::Closure. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:120: // Informs the cache that it should run the messenger's callback when |ssl|'s Remove "messenger's". In this file, "messenger" isn't defined. https://codereview.chromium.org/353713005/diff/160001/net/spdy/spdy_test_util... File net/spdy/spdy_test_util_common.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/spdy/spdy_test_util... net/spdy/spdy_test_util_common.cc:624: // The functions below are not expected to be called. Note this comment. Therefore, the three new methods should be below this line only if they are not expected to be called. https://codereview.chromium.org/353713005/diff/160001/net/spdy/spdy_test_util... net/spdy/spdy_test_util_common.cc:655: void OnSocketFailure(const base::Closure& cb) { return; } Are you sure we need to add these three methods? They don't match the new SSLClientSocket methods exactly. They are not declared with "virtual" and "OVERRIDE".
A couple quick comments, still need to get up to speed on the code. Is there a bug filed for this issue? If not, there should be. If so, the description of this CL should have a "bug=#" line at the bottom. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:87: // The cache key consists of a host_and_port concatenated with a session I don't see any object named host_and_port. I think you mean a HostPortPair? Or just "a host and port". https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:131: base::Closure cb = pending_sockets_and_callbacks_.GetFirstCallback(); nit: Style guide discourages abbreviations - should just write out callback. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:218: base::WeakPtr<SSLConnectJob> SSLConnectJob::GetWeakPtr() { In general, weak pointers should not be publicly exposed, to keep lifetime expectations clearer. I don't think this function is even needed - looks like the only consumer is SSLConnectJob itself. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:425: scoped_ptr<MessengerMap> messenger_map_; There doesn't seem to be a need for this to be a scoped_ptr.
https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... net/socket/ssl_client_socket_pool.h:113: SSLPendingSocketsAndCallbacks(SSLPendingSocketsAndCallbacks& ref) { On 2014/07/01 02:35:22, mshelley wrote: > My intent was to implement the copy constructor -- I forgot the const part > though clearly! I need to be able to copy the object so that I can make a copy, > clear the object, and then run the callbacks stored in the copy. Are the > special, hidden rules that you're referring to the "swap and copy idiom"? I just > implemented the assignment operator according to that, but wasn't positive if > that was what you meant. > The style guide actively discourages this ( http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Copy_C... ) That said, if you are going to do it, yes, there are special rules. Scott Meyers' Effective C++ (which we have in the break room, but I'm happy to bring a copy if it's grown legs). Further, if you're going to declare a copy ctor, you need to play by the Rule of Three ( http://en.wikipedia.org/wiki/Rule_of_three_(C%2B%2B_programming) ) In general, we discourage this. This is covered a bit more in the discussion of http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Operat... , which mentions CopyFrom() as an alternative to operator=. Note that by introducing CopyCtor/operator=, new opportunities for performance bugs and impicit type conversions get introduced, hence the concern.
On 2014/07/08 22:34:01, Ryan Sleevi wrote: > https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... > File net/socket/ssl_client_socket_pool.h (right): > > https://codereview.chromium.org/353713005/diff/20001/net/socket/ssl_client_so... > net/socket/ssl_client_socket_pool.h:113: > SSLPendingSocketsAndCallbacks(SSLPendingSocketsAndCallbacks& ref) { > On 2014/07/01 02:35:22, mshelley wrote: > > My intent was to implement the copy constructor -- I forgot the const part > > though clearly! I need to be able to copy the object so that I can make a > copy, > > clear the object, and then run the callbacks stored in the copy. Are the > > special, hidden rules that you're referring to the "swap and copy idiom"? I > just > > implemented the assignment operator according to that, but wasn't positive if > > that was what you meant. > > > > The style guide actively discourages this ( > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Copy_C... > ) > > That said, if you are going to do it, yes, there are special rules. Scott > Meyers' Effective C++ (which we have in the break room, but I'm happy to bring a > copy if it's grown legs). > > Further, if you're going to declare a copy ctor, you need to play by the Rule of > Three ( http://en.wikipedia.org/wiki/Rule_of_three_(C%2B%2B_programming) ) > > In general, we discourage this. This is covered a bit more in the discussion of > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Operat... > , which mentions CopyFrom() as an alternative to operator=. > > Note that by introducing CopyCtor/operator=, new opportunities for performance > bugs and impicit type conversions get introduced, hence the concern. I decided to replace this class with a vector of structs, so luckily I won't need to implement the copy constructor and can avoid going against the style guide.
https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.cc:1455: return false; On 2014/07/08 01:25:41, wtc wrote: > > This is simply > return data_->is_in_session_cache_; Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:32: #include "net/socket/ssl_client_socket_openssl.h" On 2014/07/08 01:25:41, wtc wrote: > > IMPORTANT: this header should not need to include > "net/socket/ssl_client_socket_openssl.h". Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:340: bool is_leader_; On 2014/07/08 01:25:41, wtc wrote: > > is_leader_ should be documented because its meaning is not obvious. > > I can guess what is_in_session_cache_ means. Since none of the other members are > documented, it is fine to not document is_in_session_cache_. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:640: // Tell the client socket factory that the leading job has connected. On 2014/07/08 01:25:41, wtc wrote: > > Nit: Tell => Tells Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:641: static void LeaderConnected(); On 2014/07/08 01:25:41, wtc wrote: > > Name this method "SetLeaderConnected". Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:644: static bool IsLeaderConnected(); On 2014/07/08 01:25:41, wtc wrote: > > IMPORTANT: it seems that the leader connect job is a notion of the client socket > pool rather than the client socket factory. So I don't know why we need to add > these two methods to MockClientSocketFactory. I agree that it would make more sense to have these methods in the client socket pool. However, in this case I'm not using a mock client socket pool, so I couldn't add these methods there. The client socket factory seemed like the next most logical place to keep track of this information. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:671: static NET_EXPORT bool leader_connected_; On 2014/07/08 01:25:41, wtc wrote: > > Use NET_EXPORT_PRIVATE instead. But, is this really necessary? Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:991: bool IsGoodOrdering() const; On 2014/07/08 01:25:41, wtc wrote: > > Document this method. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/socket_test_... net/socket/socket_test_util.h:998: mutable base::Closure process_pending_jobs_callback_; On 2014/07/08 01:25:41, wtc wrote: > > Why does this member need to be marked mutable? Can this be avoided? This member was marked as mutable because I need to set its value inside of WatchSessionForCompletion, which is a const method. Normally, the callback passed into this method would be passed into the cache, and stored there to be called upon the connection's completion. However, because this test doesn't actually utilize the cache, I needed to set the member here. Instead of making this mutable I'll just change the base class so that the method is not const. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:87: // The cache key consists of a host_and_port concatenated with a session On 2014/07/08 21:02:05, mmenke wrote: > I don't see any object named host_and_port. I think you mean a HostPortPair? > Or just "a host and port". Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:92: // its SSLConnectJobMessenger upon the session's completion. On 2014/07/08 01:25:42, wtc wrote: > > I don't understand what "session's completion" means. This refers to the completion of the connection for that session. I'll update the comment to make that more clear. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:99: // Sets the |is_leader_| variable to true. On 2014/07/08 01:25:42, wtc wrote: > > This header doesn't have the "is_leader_" variable (or member?), so this method > needs to be documented without referring to "is_leader_". Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:158: static NET_EXPORT void EnableJobWaiting(bool enable); On 2014/07/08 01:25:42, wtc wrote: > > EnableJobWaiting => EnableConnectJobWaiting. > > GetEnableJobWaiting => GetEnableConnectJobWaiting > > enable_job_waiting_ => enable_connect_job_waiting_ Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:382: context->session_cache()->NotifyOnSessionAdded(ssl_, callback); On 2014/07/08 01:25:42, wtc wrote: > > IMPORTANT: in the destructor, we should remove the entry for ssl_ from > context->session_cache(). Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:396: error_callback_.Run(); On 2014/07/08 01:25:42, wtc wrote: > > Should we reset error_callback_? Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1051: int SSLClientSocketOpenSSL::DoReadLoop(int result) {if (result < 0) On 2014/07/08 01:25:42, wtc wrote: > > Move "if (result < 0)" to the next line. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1097: OnSocketFailure(); On 2014/07/08 01:25:42, wtc wrote: > > Why do we need to call OnSocketFailure after the failure of the very first > SSL_read or SSL_write call? It seems that we should call OnSocketFailure after > the failure of SSL_do_handshake instead. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:57: } On 2014/07/08 01:25:42, wtc wrote: > > Rename this method "GetSessionCacheKey". The original name was appropriate when > this was a free function (as opposed to a class method). Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:65: virtual void SetIsLeader(); On 2014/07/08 01:25:42, wtc wrote: > > Add "OVERRIDE". Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:101: connecting_sockets_.push_back(ssl_socket); On 2014/07/08 01:25:42, wtc wrote: > > IMPORTANT: it is better for CanProceed() to me a simply boolean query that has > no side effect, and let the caller of this function push ssl_socket to > connecting_sockets_ when CanProceed() returns true. Yeah I agree, moving connecting_sockets_ into MonitorConnectionResult should be an appropriate solution. I also thought about this a bit more, and came to the conclusion that the current way that I'm handling this is fundamentally flawed because it fails to differentiate between the two different cases in which CanProceed will return true. If the socket's session is already in the session cache, then the socket should proceed, but I don't need to monitor its connection, nor do I need to add it to connecting_sockets_, because any connections that follow it will be allowed to proceed because they too will be in the session cache. However, if the socket is not in the session cache, but connecting_sockets_ is empty, then this socket should be allowed to proceed as a leading connection. In this case, I do need to watch the connection nor do I need to add the socket to connecting_sockets_. To correct this issue, I added an if statement before MonitorConnectionResult that will allow the job to bypass this method if it is already in the session cache. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:131: base::Closure cb = pending_sockets_and_callbacks_.GetFirstCallback(); On 2014/07/08 21:02:05, mmenke wrote: > nit: Style guide discourages abbreviations - should just write out callback. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:134: ssl_socket->SetIsLeader(); On 2014/07/08 01:25:42, wtc wrote: > > Move the ssl_socket->SetIsLeader() call into MonitorConnectionResult(). Both of > the MonitorConnectionResult() callers call ssl_socket->SetIsLeader(). Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:218: base::WeakPtr<SSLConnectJob> SSLConnectJob::GetWeakPtr() { On 2014/07/08 21:02:05, mmenke wrote: > In general, weak pointers should not be publicly exposed, to keep lifetime > expectations clearer. I don't think this function is even needed - looks like > the only consumer is SSLConnectJob itself. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:412: messenger_->OnJobFailed(); On 2014/07/08 01:25:42, wtc wrote: > > IMPORTANT: move lines 411-412 to DoSSLConnectComplete(), so that this is done > for both synchronous and asynchronous failures of ssl_socket_->Connect(). Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:445: } On 2014/07/08 01:25:42, wtc wrote: > > Remove the curly braces, unless these were added by git cl format. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:544: next_state_ = STATE_SSL_CONNECT; On 2014/07/08 01:25:42, wtc wrote: > > Delete this line. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:661: context_.ssl_session_cache_shard; On 2014/07/08 01:25:42, wtc wrote: > > This should be abstracted into a function. Ideally there should only be one > function that constructs the cache key. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:101: // SSLConnectJobs. On 2014/07/08 01:25:42, wtc wrote: > > Please point out these SSLConnectJobs have the same SSL session cache key. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:106: class NET_EXPORT SSLConnectJobMessenger { On 2014/07/08 01:25:43, wtc wrote: > > Use NET_EXPORT_PRIVATE instead. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:108: // Sets rv to true if the given |ssl_socket| should continue its On 2014/07/08 01:25:43, wtc wrote: > > By "Sets rv to true", did you mean "Returns true"? There is no |rv| in this > function. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:141: callback_it != ref.callbacks_.end()) { On 2014/07/08 01:25:43, wtc wrote: > > BUG: this while loop is wrong. You need two while loops to copy pending_sockets_ > and callbacks_, respectively. > > But you should be able to just copy the two std::vectors directly: > > pending_sockets_ = ref.pending_sockets_; > callbacks_ = ref.callbacks_; > > By the way, the parameter of the copy constructor is usually named |other|. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:150: temp.Swap(*this); On 2014/07/08 01:25:43, wtc wrote: > > I don't know why the Swap method is needed. You should be able to just do > member-wise copy. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:154: void Swap(SSLPendingSocketsAndCallbacks ref) throw() { On 2014/07/08 01:25:43, wtc wrote: > > Do we need "throw()" here? This is the first time I see it used in the Chromium > source tree. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:171: for (std::vector<base::Closure>::iterator it = callbacks_.begin(); On 2014/07/08 01:25:42, wtc wrote: > > Use const_iterator? Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:203: std::vector<base::Closure> callbacks_; On 2014/07/08 01:25:42, wtc wrote: > > IMPORTANT: it seems that you should instead define a simple struct: > > struct SocketAndCallback { > SSLClientSocket* socket; > base::Closure callback; > }; > > Then SSLPendingSocketsAndCallbacks is just std::vector<SocketAndCallback>. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:425: scoped_ptr<MessengerMap> messenger_map_; On 2014/07/08 21:02:05, mmenke wrote: > There doesn't seem to be a need for this to be a scoped_ptr. The idea was that I didn't want it to be a plain pointer because that would potentially lead to it being leaked, and I didn't want it to be a non-pointer because then I wouldn't be able to insert to the map inside of NewConnectJob in ssl_client_socket_pool.cc (which is a const method). I considered changing NewConnectJob to not be const, but that would impact several other classes derived from the same base class as SSLConenctJobFactory so I figured that using a scoped_ptr was a simpler solution. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:250: ssl_to_callback_map_.insert(SSLToCallbackMap::value_type(ssl, temp)); On 2014/07/08 01:25:43, wtc wrote: > > This can be written using the associative array notation" > > ssl_to_callback_map_[ssl] = temp; > > Nit: use a more meaningful variable name such as "entry" or "item" instead of > "temp". I can't use this notation because the callback cannot use the default assignment operator. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:260: (it->second.second)++; On 2014/07/08 01:25:43, wtc wrote: > > Nit: you can omit the parentheses. I know it's not clear whether the struct > member operators (-> and .) or ++ have precedence. You should memorize that > struct member operators have the highest priority. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:262: // The session has been MarkedAsGood and Added, so it can be used. On 2014/07/08 01:25:43, wtc wrote: > > Please document that these can occur in either order. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:263: it->second.first.Run(); On 2014/07/08 01:25:43, wtc wrote: > > Should we remove the entry for |ssl| from ssl_to_callback_map_ after running the > callback? Perhaps it is safer to just let the SSLClientSocketOpenSSL destructor > remove the entry? Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:299: typedef std::map<SSL*, std::pair<const base::Closure&, int> > On 2014/07/08 01:25:43, wtc wrote: > > I think we may need to use "base::Closure" instead of "const base::Closure&" in > the std::pair. > > A reference is really just syntactic sugar for a pointer. I think it is safer to > for the std::pair to hold a copy of the base::Closure object rather than a > reference. It seems that base::Closure just have two data members: a > scoped_refptr and a function pointer. So it is cheap to copy base::Closure. Done. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:385: static void RemoveSessionCallbackStatic(SSL_CTX* ctx, SSL_SESSION* session) { On 2014/07/08 01:25:43, wtc wrote: > > Should we decrement the session's completion count here? My initial thought would be that it's best to just remove the entry from the map here. However, I just realized that at this point I no longer have access to the session's SSL*, which is how I indexed the map. As a result, I can neither delete the entry nor decrement its completion count at this point. I believe the only situation in which this could be problematic would be if the leading connect job's session was added to the cache, and then removed from the cache before the pending connections following it completed their connections. My understanding is that this probably wouldn't ever happen, or at least would happen only rarely? However, even if this did occur, the result would just be that some of the pending connections would be unable to use the resumption handshake. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:11: #include "base/callback.h" On 2014/07/08 01:25:43, wtc wrote: > > Include base/callback_forward.h instead for the forward declaration of > base::Closure. I'm not positive, but I think that I do need to include base/callback.h in order to call Run() on a Closure. I tried excluding it and got an incomplete type error. https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:120: // Informs the cache that it should run the messenger's callback when |ssl|'s On 2014/07/08 01:25:43, wtc wrote: > > Remove "messenger's". In this file, "messenger" isn't defined. Done. https://codereview.chromium.org/353713005/diff/160001/net/spdy/spdy_test_util... File net/spdy/spdy_test_util_common.cc (right): https://codereview.chromium.org/353713005/diff/160001/net/spdy/spdy_test_util... net/spdy/spdy_test_util_common.cc:624: // The functions below are not expected to be called. On 2014/07/08 01:25:43, wtc wrote: > > Note this comment. > > Therefore, the three new methods should be below this line only if they are not > expected to be called. Done. https://codereview.chromium.org/353713005/diff/160001/net/spdy/spdy_test_util... net/spdy/spdy_test_util_common.cc:655: void OnSocketFailure(const base::Closure& cb) { return; } On 2014/07/08 01:25:43, wtc wrote: > > Are you sure we need to add these three methods? > > They don't match the new SSLClientSocket methods exactly. They are not declared > with "virtual" and "OVERRIDE". Done.
With fresh eyes comes an unfortunate set of new comments of things that I've missed to date. I apologize that it's coming this late in the design, but some concerns about the layering below. https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:338: bool is_in_session_cache_; Probably needs a comment here as well, since connection_status has a bitflag for indicating whether or not resumption happened. https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool is_leader_; So, I'm a little confused by this - is this bookkeeping for the MockClientSocketFactory (which is responsible for determining if it's leader), is this something to expose to tests that is set by the factory, or is this something that the tests set to affect the factory? If it's something test sets, it seems like the wrong layer. If it's bookkeeping for the MCSF / for tests, it seems like the wrong layer, and we should be 'hiding' that a bit more. This is not a strong objection at present, but it is something I'm having a little trouble understanding. https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:645: static bool IsLeaderConnected(); Static variables are very bad, especially in tests. If you find you needed to make it static because there is not a path from the thing-that-needs-to-set-this to the MCSF, then we should fix it (either establishing a path, for finding a better way to thread this information through) https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:992: // the correct time relative to other sockets with the same host/port pair. Just from reading this, "the correct time" is unclear here, and so I'm not sure what it's supposed to reply, so I had to dig into the implementation. https://codereview.chromium.org/353713005/diff/240001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/240001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:88: std::string ssl_session_cache_shard); From a design perspective, I think this will cause us problems down the road. That there is a SessionCacheKey is merely an implementation detail that we're not passing along an SSLSessionCache object itself through. Exposing this as a static method bakes into the design the assumption the session cache is global, when it's not/shouldn't be. It might help if you list what places/purposes this is used for, and we can see how to work this through. It may be an acceptable solution, but I do want to make sure we've investigated alternatives -and know why they'd be less than desirable compared to this. https://codereview.chromium.org/353713005/diff/240001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:165: static NET_EXPORT bool GetEnableConnectJobWaiting(); I realize this is a comment late-to-the-game, but does this make more sense to set on the Pool (as a static), rather than the Socket? After all, the pool is responsible for coordinating and the concept of socket waiting. Recall that we use SSLClientSockets outside of pooled scenarios - notably, extensions and Pepper - and we won't have the pool coordinating between sockets here.
https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:338: bool is_in_session_cache_; On 2014/07/10 19:51:05, Ryan Sleevi wrote: > Probably needs a comment here as well, since connection_status has a bitflag for > indicating whether or not resumption happened. I just realized that this shouldn't even be here -- I originally intended to use a field like this, but replaced it with the is_in_session_cache_ member of the SSLSocketDataProvider because it was easier for me to set it from my unit test. https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool is_leader_; On 2014/07/10 19:51:05, Ryan Sleevi wrote: > So, I'm a little confused by this - is this bookkeeping for the > MockClientSocketFactory (which is responsible for determining if it's leader), > is this something to expose to tests that is set by the factory, or is this > something that the tests set to affect the factory? > > If it's something test sets, it seems like the wrong layer. > If it's bookkeeping for the MCSF / for tests, it seems like the wrong layer, and > we should be 'hiding' that a bit more. > > This is not a strong objection at present, but it is something I'm having a > little trouble understanding. This is something that the test sets to affect the factory (or rather, to affect the factory's bookkeeping). When you say that this seems like the wrong layer, do you mean that this information shouldn't go in the SSLSocketDataProvider? https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:645: static bool IsLeaderConnected(); On 2014/07/10 19:51:05, Ryan Sleevi wrote: > Static variables are very bad, especially in tests. > > If you find you needed to make it static because there is not a path from the > thing-that-needs-to-set-this to the MCSF, then we should fix it (either > establishing a path, for finding a better way to thread this information > through) Yeah I used the static variable because I wanted to have a way for all of the sockets to know if the leading socket had connected, so that I could confirm that the leading socket connected before all of the other sockets started connecting. I put the static bool/function in MockClientSocketFactory because it was the only mocked object that somewhat "connected" all of the sockets. Would it be terrible style to just add a client_socket_factory_ field to MockClientSocket, and then give each MCS a pointer to the MCSF so that it could access leader_connected_ that way? https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:992: // the correct time relative to other sockets with the same host/port pair. On 2014/07/10 19:51:05, Ryan Sleevi wrote: > Just from reading this, "the correct time" is unclear here, and so I'm not sure > what it's supposed to reply, so I had to dig into the implementation. Done. https://codereview.chromium.org/353713005/diff/240001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/240001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:88: std::string ssl_session_cache_shard); On 2014/07/10 19:51:05, Ryan Sleevi wrote: > From a design perspective, I think this will cause us problems down the road. > > That there is a SessionCacheKey is merely an implementation detail that we're > not passing along an SSLSessionCache object itself through. Exposing this as a > static method bakes into the design the assumption the session cache is global, > when it's not/shouldn't be. > > It might help if you list what places/purposes this is used for, and we can see > how to work this through. It may be an acceptable solution, but I do want to > make sure we've investigated alternatives -and know why they'd be less than > desirable compared to this. I implemented this in response to Wan-Teh's comment here: https://codereview.chromium.org/353713005/diff/160001/net/socket/ssl_client_s... Basically I needed to create a session cache key outside of the SSlCLientSocket so that I could index the messenger_map_ by cache key. I figured that creating this static function would standardize cache key creation between the connect job factory and the client socket. However, I just realized that after my changes in https://codereview.chromium.org/384873002/ I will no longer need to do this, because I don't add messengers to messenger_map_ until after the socket is created. Would it be acceptable to just leave this function here for now, but remove it in #384873002 where I no longer have any use for it? https://codereview.chromium.org/353713005/diff/240001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:165: static NET_EXPORT bool GetEnableConnectJobWaiting(); On 2014/07/10 19:51:05, Ryan Sleevi wrote: > I realize this is a comment late-to-the-game, but does this make more sense to > set on the Pool (as a static), rather than the Socket? After all, the pool is > responsible for coordinating and the concept of socket waiting. > > Recall that we use SSLClientSockets outside of pooled scenarios - notably, > extensions and Pepper - and we won't have the pool coordinating between sockets > here. Done.
Review comments on patch set 8: I decided to skip the tests in this review and focus on the the main code because I found several problems with the design and logic. Unfortunately I ran out of steam so I didn't suggest fixes for all the holes I found. I also suspect I haven't found all the bugs in ssl_client_socket_pool.cc. I will review that file again tomorrow. You may ignore all my suggestions for adding or improving comments so you can focus on getting the logic correct first. Let's go over my review comments tomorrow morning in person. It's more efficient that way. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... File net/socket/ssl_client_socket.h (right): https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket.h:84: // Format a unique key for the SSL session cache. This method Nit: Format => Formats See the Style Guide: These comments should be descriptive ("Opens the file") rather than imperative ("Open the file") ... http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Comments Please check the other function comments in this CL. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket.h:87: static std::string FormatSessionCacheKey(std::string host_and_port, IMPORTANT: this method should ideally be a virtual method of SSLClientSocket or ClientSocketFactory because the session cache key depends on the implementation of the SSLClientSocket. If this method is a static method of SSLClientSocket, it implies all subclasses of SSLClientSocket should use this method. In that case, we should also modify SSLClientSocketNSS to use this method. The code is in SSLClientSocketNSS::InitializeSSLPeerName. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket.h:88: std::string ssl_session_cache_shard); These two std::string input parameters should be const references to avoid copying. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket.h:91: // for the given cache key. Nit: the given cache key => the cache key of the SSL socket https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket.h:94: // cache shard. Please point out that these two pieces of info are passed to the constructor of most SSLClientSocket subclasses (except for the mocks). https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket.h:102: virtual void SetSocketFailureCallback(const base::Closure& callback) = 0; IMPORTANT: WatchSessionForCompletion and SetSocketFailureCallback are similar methods: both of them set a callback function. So their names should suggest this similarity. I suggest renaming WatchSessionForCompletion to SetHandshakeSuccessCallback or SetSessionAddedCallback. I think SetSocketFailureCallback should be renamed SetHandshakeFailureCallback because "socket failure" is broader than what this callback is for. Note: I suggest "Handshake" instead of "Connect" in the method names because Connect() returns prematurely when False Start is used. Your comments should also point out this issue. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket.h:105: virtual void SetIsLeader() = 0; IMPORTANT: Remove this method. It is not necessary. (SSLClientSocket is also the wrong place for this method, but we can simply remove this method.) The three functions WatchSessionForCompletion, SetSocketFailureCallback, and SetIsLeader are always called together. Therefore, in the SSLClientSocketOpenSSL class, the error_callback_ and is_leader_ members are set together and cleared together. So you just need the error_callback_ member. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket.h:108: virtual void OnSocketFailure() = 0; IMPORTANT: Remove OnSocketFailure from this header. OnSocketFailure is only used internal to SSLClientSocketOpenSSL, so OnSocketFailure should be a private, non-virtual method of SSLClientSocketOpenSSL. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... File net/socket/ssl_client_socket_openssl.cc (right): https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:337: has_written_(false), Initialize has_written_ to 0 because it is of the int type now. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:364: context->session_cache()->RemoveFromSSLToCallbackMap(ssl_); It may be better to do this in the Disconnect() method instead. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:369: // Return a string. Move this comment to the .h file. Delete "Return a string." It seems to be stating the obvious. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:401: } Change this to: if (!error_callback_.is_null()) base::ResetAndReturn(&error_callback_).Run(); https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:831: int rv = SSL_do_handshake(ssl_); IMPORTANT: if rv <= 0, we should also call OnSocketFailure(). https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:1102: // Failure of the first read attempt indicates a failed false start IMPORTANT: understanding this code requires intimate knowledge of False Start and OpenSSL. We should try to avoid this. One possible solution is to call OnSocketFailure on any error of SSL_do_handshake, SSL_read, or SSL_write before we get the "SessionAdded" notification from the SSL session cache. In other words, any error before the true completion of the handshake is a handshake failure. We can register a "SessionAdded" callback that reset error_callback_ and call the Messenger's OnJobSucceeded method. Also, we may abort the handshake, too. So we should also call OnSocketFailure in the Disconnect() method. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:1104: if (!has_read_ && rv != OK && IMPORTANT: SSL_read is an OpenSSL function, so its return value should not be compared with OK (a Chromium network stack return code). Test rv <= 0 instead. Note: if rv == 0, it means the peer closes the SSL connection either gracefully or abruptly. It is also a sign of handshake failure. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:1105: SSLClientSocketPool::GetEnableConnectJobWaiting()) Delete the SSLClientSocketPool::GetEnableConnectJobWaiting() test. The !error_callback_.is_null() test inside OnSocketFailure() is sufficient. Also delete the test on line 1163. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:1162: if (has_written_ == 1 && rv != OK && 1. Change has_written_ to has_written_ <= 1. 2. Change rv != OK to rv < 0. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.cc:1166: has_written_++; Nit: in theory this may overflow. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... File net/socket/ssl_client_socket_openssl.h (right): https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.h:58: std::string GetSessionCacheKey() const; This method should be private because it is only called by SSLClientSocketOpenSSL and SSLClientSocketOpenSSL::SSLContext (which is marked as a friend class). https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.h:167: int has_written_; The has_read_ and has_written_ members should have the same type. Alternatively, rename has_written_, for example, num_times_written_. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_openssl.h:228: bool is_leader_; Delete this member. It is equivalent to !error_callback_.is_null(). https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... File net/socket/ssl_client_socket_pool.cc (right): https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:103: return false; You can just say return ssl_socket->InSessionCache() || connecting_sockets_.empty(); https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:113: &SSLConnectJobMessenger::OnJobSucceeded, base::Unretained(this))); IMPORTANT: we need to convince ourselves that we don't need to pass weak pointers of the Messenger. I think this is correct, but this requires careful checking. In particular, this means the Messenger destructor needs to assert that connecting_sockets_ is empty. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:188: SSLConnectJob::~SSLConnectJob() {} IMPORTANT: we should remove the SSLClientSocket of the SSLConnectJob from the Messenger. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:366: if (SSLClientSocketPool::GetEnableConnectJobWaiting()) You can just test |messenger_|. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:398: if (ssl_socket_->InSessionCache()) Doing it this way means we are calling ssl_socket_->InSessionCache() twice. This should be avoided. You can go back to your old function prototype for CanProceed, or change CanProceed to return a three-value enum type. Another solution is to have messenger provide two methods: InSessionCache() HasConnectingSockets() https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:406: weak_factory_.GetWeakPtr())); IMPORTANT: this weak pointer only protects the job resumption callback, but note that we also pass the ssl_socket_ pointer to the Messenger, and the Messenger will use it at the end of OnJobFailed(): MonitorConnectionResult(ssl_socket); <== PROBLEM callback.Run(); <== Protected by the weak pointer https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:421: if (result != OK && SSLClientSocketPool::GetEnableConnectJobWaiting()) 1. BUG? : messenger_->OnJobFailed() will be invoked by SSLClientSocket, so I think we should delete lines 421-422. 2. (Only if this code should stay) We should be able to replace the SSLClientSocketPool::GetEnableConnectJobWaiting() test with |messenger_|: if (result != OK && messenger_) messenger_->OnJobFailed(); https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:665: context_.ssl_session_cache_shard); Move the |cache_key| declaration into the if statement. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:675: messenger = NULL; Nit: you can initialize |messager| to NULL on line 662 and delete this "else" block. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.cc:810: bool SSLClientSocketPool::enable_connect_job_waiting_ = false; We usually initialize static data members before the constructor. (I don't think the Style Guide has a recommendation for this.) https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... File net/socket/ssl_client_socket_pool.h (right): https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.h:14: #include "base/memory/scoped_vector.h" Delete this. You aren't using ScopedVector any more. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.h:114: : socket(ssl_socket), callback(job_resumption_callback) {} List the constructor before data members. See the Style Guide: http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Declaration_Order https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.h:137: void OnJobFailed(); I think OnJobSucceeded and OnJobFailed can be private. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.h:141: void RunAllJobs(std::vector<SocketAndCallback>& pending_socket_and_callbacks); RunAllJobs => RunAllCallbacks The input should be a const reference. Also, use the SSLPendingSocketsAndCallbacks typedef. void RunAllJobs(const SSLPendingSocketsAndCallbacks& pending_socket_and_callbacks); https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.h:144: std::vector<SSLClientSocket*> connecting_sockets_; IMPORTANT: if there can be only one connecting socket, this should be a simple pointer: SSLClientSocket* connecting_socket_; https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.h:321: static NET_EXPORT bool GetEnableConnectJobWaiting(); These setter and getter methods should be named in lowercase: static NET_EXPORT void set_enable_connect_job_waiting(bool enable); static NET_EXPORT bool enable_connect_job_waiting(); See the Style Guide: http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Names https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_c... net/socket/ssl_client_socket_pool.h:365: scoped_ptr<MessengerMap> messenger_map_; This doesn't need to be a scoped_ptr: MessengerMap messenger_map_; https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... File net/socket/ssl_session_cache_openssl.cc (right): https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.cc:244: return true; The last three lines are equivalent to: return it != key_index_.end(); https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.cc:261: if (it->second.count == 2) { Nit: this is often done like this: // Increment the session's completion count. if (++it->second.count == 2) { https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.cc:265: RemoveFromSSLToCallbackMap(ssl); It is more efficient to just do ssl_to_callback_map_.erase(it); I suggest you first erase the entry from the map and then run the callback, like this: base::Closure callback = it->second.callback; ssl_to_callback_map_.erase(it); callback.Run(); https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.cc:296: struct CallbackAndCompletionCount { Document this struct. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.cc:297: base::Closure callback; Nit: you can declare this field as const to prevent it from being modified after initialization. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.cc:298: int count; Document the |count| field. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.cc:302: : callback(completion_callback), count(completion_count) {} List methods (including constructors) before data members. See the Style Guide: http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Declaration_Order https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... File net/socket/ssl_session_cache_openssl.h (right): https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.h:11: #include "base/callback.h" Include "base/callback_forward.h" instead because we just need a forward declaration of base::Closure. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.h:121: void RemoveFromSSLToCallbackMap(SSL* ssl); 1. RemoveFromSSLToCallbackMap => RemoveSessionAddedCallback No need to reveal the implementation detail that the callbacks are stored in a map. 2. Nit: List this method after RegisterSessionAddedCallback to match the order in which they are called. https://chromiumcodereview.appspot.com/353713005/diff/260001/net/socket/ssl_s... net/socket/ssl_session_cache_openssl.h:125: void RegisterSessionAddedCallback(SSL* ssl, const base::Closure& callback); This class and ssl_client_socket.h should use either "Register" or "Set" consistently for functions that set callbacks.
https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:84: // Format a unique key for the SSL session cache. This method On 2014/07/11 00:48:53, wtc wrote: > > Nit: Format => Formats > > See the Style Guide: > > These comments should be descriptive ("Opens the file") rather than > imperative ("Open the file") ... > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Comments > > Please check the other function comments in this CL. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:87: static std::string FormatSessionCacheKey(std::string host_and_port, On 2014/07/11 00:48:53, wtc wrote: > > IMPORTANT: this method should ideally be a virtual method of SSLClientSocket or > ClientSocketFactory because the session cache key depends on the implementation > of the SSLClientSocket. > > If this method is a static method of SSLClientSocket, it implies all subclasses > of SSLClientSocket should use this method. In that case, we should also modify > SSLClientSocketNSS to use this method. The code is in > SSLClientSocketNSS::InitializeSSLPeerName. So basically I added this method because I needed to create a session cache key outside of the SSLCLientSocket so that I could index the messenger_map_ by cache key. I figured that creating this static function would standardize cache key creation between the connect job factory and the client socket. However, I've realized that after my changes in https://codereview.chromium.org/384873002/ I will no longer need to do this, because I don't add messengers to messenger_map_ until after the socket is created. As a result, I plan to remove this method entirely in my next patch to that CL. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:88: std::string ssl_session_cache_shard); On 2014/07/11 00:48:53, wtc wrote: > > These two std::string input parameters should be const references to avoid > copying. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:91: // for the given cache key. On 2014/07/11 00:48:53, wtc wrote: > > Nit: the given cache key => the cache key of the SSL socket Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:94: // cache shard. On 2014/07/11 00:48:54, wtc wrote: > > Please point out that these two pieces of info are passed to the constructor of > most SSLClientSocket subclasses (except for the mocks). Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:102: virtual void SetSocketFailureCallback(const base::Closure& callback) = 0; On 2014/07/11 00:48:53, wtc wrote: > > IMPORTANT: WatchSessionForCompletion and SetSocketFailureCallback are similar > methods: both of them set a callback function. So their names should suggest > this similarity. I suggest renaming WatchSessionForCompletion to > SetHandshakeSuccessCallback or SetSessionAddedCallback. > > I think SetSocketFailureCallback should be renamed SetHandshakeFailureCallback > because "socket failure" is broader than what this callback is for. > > Note: I suggest "Handshake" instead of "Connect" in the method names because > Connect() returns prematurely when False Start is used. Your comments should > also point out this issue. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:105: virtual void SetIsLeader() = 0; On 2014/07/11 00:48:53, wtc wrote: > > IMPORTANT: Remove this method. It is not necessary. (SSLClientSocket is also the > wrong place for this method, but we can simply remove this method.) > > The three functions WatchSessionForCompletion, SetSocketFailureCallback, and > SetIsLeader are always called together. Therefore, in the SSLClientSocketOpenSSL > class, the error_callback_ and is_leader_ members are set together and cleared > together. So you just need the error_callback_ member. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:108: virtual void OnSocketFailure() = 0; On 2014/07/11 00:48:53, wtc wrote: > > IMPORTANT: Remove OnSocketFailure from this header. OnSocketFailure is only used > internal to SSLClientSocketOpenSSL, so OnSocketFailure should be a private, > non-virtual method of SSLClientSocketOpenSSL. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:337: has_written_(false), On 2014/07/11 00:48:54, wtc wrote: > > Initialize has_written_ to 0 because it is of the int type now. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:364: context->session_cache()->RemoveFromSSLToCallbackMap(ssl_); On 2014/07/11 00:48:54, wtc wrote: > > It may be better to do this in the Disconnect() method instead. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:369: // Return a string. On 2014/07/11 00:48:54, wtc wrote: > > Move this comment to the .h file. > > Delete "Return a string." It seems to be stating the obvious. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:401: } On 2014/07/11 00:48:54, wtc wrote: > > Change this to: > > if (!error_callback_.is_null()) > base::ResetAndReturn(&error_callback_).Run(); Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:831: int rv = SSL_do_handshake(ssl_); On 2014/07/11 00:48:54, wtc wrote: > > IMPORTANT: if rv <= 0, we should also call OnSocketFailure(). Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1102: // Failure of the first read attempt indicates a failed false start On 2014/07/11 00:48:54, wtc wrote: > > IMPORTANT: understanding this code requires intimate knowledge of False Start > and OpenSSL. We should try to avoid this. > > One possible solution is to call OnSocketFailure on any error of > SSL_do_handshake, SSL_read, or SSL_write before we get the "SessionAdded" > notification from the SSL session cache. In other words, any error before the > true completion of the handshake is a handshake failure. We can register a > "SessionAdded" callback that reset error_callback_ and call the Messenger's > OnJobSucceeded method. > > Also, we may abort the handshake, too. So we should also call OnSocketFailure in > the Disconnect() method. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1104: if (!has_read_ && rv != OK && On 2014/07/11 00:48:54, wtc wrote: > > IMPORTANT: SSL_read is an OpenSSL function, so its return value should not be > compared with OK (a Chromium network stack return code). > > Test rv <= 0 instead. > > Note: if rv == 0, it means the peer closes the SSL connection either gracefully > or abruptly. It is also a sign of handshake failure. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1105: SSLClientSocketPool::GetEnableConnectJobWaiting()) On 2014/07/11 00:48:54, wtc wrote: > > Delete the SSLClientSocketPool::GetEnableConnectJobWaiting() test. The > !error_callback_.is_null() test inside OnSocketFailure() is sufficient. > > Also delete the test on line 1163. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1162: if (has_written_ == 1 && rv != OK && On 2014/07/11 00:48:54, wtc wrote: > > 1. Change has_written_ to has_written_ <= 1. > > 2. Change rv != OK to rv < 0. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1166: has_written_++; On 2014/07/11 00:48:54, wtc wrote: > > Nit: in theory this may overflow. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:58: std::string GetSessionCacheKey() const; On 2014/07/11 00:48:54, wtc wrote: > > This method should be private because it is only called by > SSLClientSocketOpenSSL and SSLClientSocketOpenSSL::SSLContext (which is marked > as a friend class). Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:167: int has_written_; On 2014/07/11 00:48:54, wtc wrote: > > The has_read_ and has_written_ members should have the same type. Alternatively, > rename has_written_, for example, num_times_written_. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:228: bool is_leader_; On 2014/07/11 00:48:54, wtc wrote: > > Delete this member. It is equivalent to !error_callback_.is_null(). Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:103: return false; On 2014/07/11 00:48:55, wtc wrote: > > You can just say > return ssl_socket->InSessionCache() || connecting_sockets_.empty(); Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:188: SSLConnectJob::~SSLConnectJob() {} On 2014/07/11 00:48:54, wtc wrote: > > IMPORTANT: we should remove the SSLClientSocket of the SSLConnectJob from the > Messenger. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:366: if (SSLClientSocketPool::GetEnableConnectJobWaiting()) On 2014/07/11 00:48:55, wtc wrote: > > You can just test |messenger_|. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:398: if (ssl_socket_->InSessionCache()) On 2014/07/11 00:48:55, wtc wrote: > > Doing it this way means we are calling ssl_socket_->InSessionCache() twice. This > should be avoided. > > You can go back to your old function prototype for CanProceed, or change > CanProceed to return a three-value enum type. > > Another solution is to have messenger provide two methods: > InSessionCache() > HasConnectingSockets() Acknowledged. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:406: weak_factory_.GetWeakPtr())); On 2014/07/11 00:48:55, wtc wrote: > > IMPORTANT: this weak pointer only protects the job resumption callback, but note > that we also pass the ssl_socket_ pointer to the Messenger, and the Messenger > will use it at the end of OnJobFailed(): > > MonitorConnectionResult(ssl_socket); <== PROBLEM > callback.Run(); <== Protected by the weak pointer Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:421: if (result != OK && SSLClientSocketPool::GetEnableConnectJobWaiting()) On 2014/07/11 00:48:54, wtc wrote: > > 1. BUG? : messenger_->OnJobFailed() will be invoked by SSLClientSocket, so I > think we should delete lines 421-422. > > 2. (Only if this code should stay) We should be able to replace the > SSLClientSocketPool::GetEnableConnectJobWaiting() test with |messenger_|: > > if (result != OK && messenger_) > messenger_->OnJobFailed(); Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:665: context_.ssl_session_cache_shard); On 2014/07/11 00:48:55, wtc wrote: > > Move the |cache_key| declaration into the if statement. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:675: messenger = NULL; On 2014/07/11 00:48:54, wtc wrote: > > Nit: you can initialize |messager| to NULL on line 662 and delete this "else" > block. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:810: bool SSLClientSocketPool::enable_connect_job_waiting_ = false; On 2014/07/11 00:48:55, wtc wrote: > > We usually initialize static data members before the constructor. (I don't think > the Style Guide has a recommendation for this.) Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:14: #include "base/memory/scoped_vector.h" On 2014/07/11 00:48:55, wtc wrote: > > Delete this. You aren't using ScopedVector any more. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:114: : socket(ssl_socket), callback(job_resumption_callback) {} On 2014/07/11 00:48:55, wtc wrote: > > List the constructor before data members. See the Style Guide: > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Declaration_Order Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:137: void OnJobFailed(); On 2014/07/11 00:48:55, wtc wrote: > > I think OnJobSucceeded and OnJobFailed can be private. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:141: void RunAllJobs(std::vector<SocketAndCallback>& pending_socket_and_callbacks); On 2014/07/11 00:48:55, wtc wrote: > > RunAllJobs => RunAllCallbacks > > The input should be a const reference. Also, use the > SSLPendingSocketsAndCallbacks typedef. > > void RunAllJobs(const SSLPendingSocketsAndCallbacks& > pending_socket_and_callbacks); Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:144: std::vector<SSLClientSocket*> connecting_sockets_; On 2014/07/11 00:48:55, wtc wrote: > > IMPORTANT: if there can be only one connecting socket, this should be a simple > pointer: > > SSLClientSocket* connecting_socket_; Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:321: static NET_EXPORT bool GetEnableConnectJobWaiting(); On 2014/07/11 00:48:55, wtc wrote: > > These setter and getter methods should be named in lowercase: > > static NET_EXPORT void set_enable_connect_job_waiting(bool enable); > > static NET_EXPORT bool enable_connect_job_waiting(); > > See the Style Guide: > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Names Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:365: scoped_ptr<MessengerMap> messenger_map_; On 2014/07/11 00:48:55, wtc wrote: > > This doesn't need to be a scoped_ptr: > > MessengerMap messenger_map_; Here I think it does need to be a pointer because I insert to it in NewConnectJob, which is a const method. After https://codereview.chromium.org/384873002/ this will no longer be necessary though, so this will be changed to a non-pointer. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:244: return true; On 2014/07/11 00:48:55, wtc wrote: > > The last three lines are equivalent to: > return it != key_index_.end(); Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:261: if (it->second.count == 2) { On 2014/07/11 00:48:56, wtc wrote: > > Nit: this is often done like this: > > // Increment the session's completion count. > if (++it->second.count == 2) { Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:265: RemoveFromSSLToCallbackMap(ssl); On 2014/07/11 00:48:55, wtc wrote: > > It is more efficient to just do > ssl_to_callback_map_.erase(it); > > I suggest you first erase the entry from the map and then run the callback, like > this: > > base::Closure callback = it->second.callback; > ssl_to_callback_map_.erase(it); > callback.Run(); Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:296: struct CallbackAndCompletionCount { On 2014/07/11 00:48:56, wtc wrote: > > Document this struct. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:297: base::Closure callback; On 2014/07/11 00:48:55, wtc wrote: > > Nit: you can declare this field as const to prevent it from being modified after > initialization. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:298: int count; On 2014/07/11 00:48:56, wtc wrote: > > Document the |count| field. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:302: : callback(completion_callback), count(completion_count) {} On 2014/07/11 00:48:55, wtc wrote: > > List methods (including constructors) before data members. See the Style Guide: > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Declaration_Order Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:11: #include "base/callback.h" On 2014/07/11 00:48:56, wtc wrote: > > Include "base/callback_forward.h" instead because we just need a forward > declaration of base::Closure. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:121: void RemoveFromSSLToCallbackMap(SSL* ssl); On 2014/07/11 00:48:56, wtc wrote: > > 1. RemoveFromSSLToCallbackMap => RemoveSessionAddedCallback > > No need to reveal the implementation detail that the callbacks are stored in a > map. > > 2. Nit: List this method after RegisterSessionAddedCallback to match the order > in which they are called. Done. https://codereview.chromium.org/353713005/diff/260001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:125: void RegisterSessionAddedCallback(SSL* ssl, const base::Closure& callback); On 2014/07/11 00:48:56, wtc wrote: > > This class and ssl_client_socket.h should use either "Register" or "Set" > consistently for functions that set callbacks. Done.
I have mostly tried to focus on the tests, and haven't reviewed as much of the implementation. These are some high level comments that leave some design-aspects open-ended, but happy to discuss more. https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool is_leader_; On 2014/07/10 22:07:15, mshelley wrote: > This is something that the test sets to affect the factory (or rather, to affect > the factory's bookkeeping). When you say that this seems like the wrong layer, > do you mean that this information shouldn't go in the SSLSocketDataProvider? What I meant is that your tests that use this also use CreatePool - i.e. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... It seems like if anyone is going to determine who the leader is, it's the pool - since that's very much what the pool does. So it's odd for me to see this. As far as I can tell, it doesn't actually cause this job to be the leader (because the SSLClientSocketPool is never going to check this) The places where you check |is_leader_| seems like you could have handled this by having MockClientSocket::SetIsLeader() set some MockSSLClientSocket data to measure that it's the leader. That is, put differently, it seems like you're violating your test boundary, because you're not relying on SetIsLeader to actually configure you as the leader, but you're 'cheating' and using the test. This results in not testing the expected behaviour. https://codereview.chromium.org/353713005/diff/240001/net/socket/socket_test_... net/socket/socket_test_util.h:645: static bool IsLeaderConnected(); On 2014/07/10 22:07:15, mshelley wrote: > I put the static bool/function in MockClientSocketFactory because it was the > only mocked object that somewhat "connected" all of the sockets. Would it be > terrible style to just add a client_socket_factory_ field to MockClientSocket, > and then give each MCS a pointer to the MCSF so that it could access > leader_connected_ that way? The SocketDataProvider has a path to the ClientSocket. The factory has a path to the SocketDataProvider. Having the ClientSocket have a path to the Factory thus is a circular dependency, so yeah, it'd be somewhat terrible. I feel like the checks for good_ordering_ and is_leader_ belong to your actual unittests, and shouldn't be part of the MockSSLClientSocket. That is, what is good/bad ordering is not an aspect of the MSSLCS (which doesn't set the policy for leadership), but of your test / messenger. https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... net/socket/socket_test_util.cc:1403: error_callback_.Run(); This doesn't seem right. Is the behaviour of a normal socket that connects, out of sequence, to run its error callback? It seems far more likely that the regular SSLClientSocketOpenSSL / SSLConnectJob are going to run their success callback immediately after the socket connects. https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool is_in_session_cache_; Please update the SSLSocketDataProvider ctor to set values for these members, and to suitable defaults. It's not clear whether it should be false or true in order to match existing tests, which also sort of highlights the challenge here (this bookkeeping likely belongs in the Socket itself) Your previous comment indicated you were removing |is_in_session_cache_|, but that no longer seems correct - i.e. whether or not a session is in the cache IS a behaviour you want to control/mock before. However, is_leader_ seems to be testing a layer that the socket is not responsible for, but the pool/messenger are. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_nss.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_nss.cc:2904: NOTREACHED(); Is NOTREACHED() correct? It seems like it should be NOT_IMPLEMENTED() instead the default not implemented policy is to LOG(ERROR) at runtime, whereas NOTREACHED() will DCHECK(false) in debug builds (crashing the test)
Review comments on patch set 9: https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... net/socket/socket_test_util.h:711: virtual void SetIsLeader() OVERRIDE; Delete these two methods. https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... net/socket/socket_test_util.h:974: virtual void OnHandshakeFailure() OVERRIDE; Delete this method. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:87: static std::string FormatSessionCacheKey( Please add a TODO comment that this method will be deleted soon. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:97: // of SSLClientSocket. Move this to the previous line. (Unfortunately "git cl format" doesn't fix this kind of formatting issue.) https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:101: // its SSLConnectJobMessenger upon the session's handshake's completion. upon the session's handshake's completion => upon the session's being made available for resumption https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_nss.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_nss.h:77: virtual void OnSocketFailure() OVERRIDE; Delete these two methods. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:26: #include "net/socket/ssl_client_socket_pool.h" We should be able to remove this now. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:462: net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); Add if (rv < OK) OnHandshakeFailure(); https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:471: context->session_cache()->RemoveSessionAddedCallback(ssl_); Move these two lines into the if (ssl_) statement below, because that is where we will destroy ssl_. This makes it clear we remove the reference to ssl_ from the session cache before we destroy ssl_. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:832: OnHandshakeFailure(); Delete this. I think it's better to do this after DoHandshakeLoop() fails. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:962: DoConnectCallback(rv); I think we should do if (rv < OK) OnHandshakeFailure(); https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1104: // connection. Update this comment. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1105: if (rv <= OK) This should be if (rv <= 0) You can combine this with lines 1107-1108. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1161: if (rv <= 0) { This should be if (rv < 0) You can just call OnHandshakeFailure() on line 1170. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1163: } Omit the curly braces. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:103: break; ssl_socket can be in at most one of the vectors, so we can just return here. Same for line 113. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:127: // TODO(mshelley): Both of these callbacks will use weak_ptr in future CL. Nit: weak_ptr => WeakPtr https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:163: it->callback.Run(); Add curly braces. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:208: messenger_->RemoveSocket(ssl_socket_.get()); IMPORTANT: this needs to be done in the SSLClientSocket destructor instead, because SSLConnectJob may have released ssl_socket_ (using ssl_socket_.PassAs()). Alternatively, Messanger probably should hold pointers to SSLConnectJobs instead of SSLClientSockets. This requires adding a ssl_socket() getter method to SSLConnectJob. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:423: return OK; Rewrite these four lines as follows: if (!ssl_socket_->InSessionCache()) messenger_->MonitorConnectionResult(ssl_socket_.get()); return OK; https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:633: return enable_connect_job_waiting_; These two methods should be defined in the same order as they are declared in the .h file. Only the static data member initialization (lines 623-624) should be here, before the constructor definition. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:120: // if it is present in either. Nit: reformat this comment block. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:167: // so it must outlive the job. Nit: reformat this comment block. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:358: virtual ~SSLConnectJobFactory() {} We should delete the SSLConnectJobMessengers in messenger_map_. Please move the definition of the SSLConnectJobFactory destructor to the .cc file. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:380: scoped_ptr<MessengerMap> messenger_map_; Please add a TODO comment that this will be changed to a non-pointer. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:243: return it != key_index_.end(); IMPORTANT: I found that this function also needs to check if the session is good. Please copy the code from lines 222-230. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:249: ssl, CallbackAndCompletionCount(callback, 0))); Can we use the associative array notation? ssl_to_callback_map_[ssl] = CallbackAndCompletionCount(callback, 0); https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:396: GetCache(ssl->ctx)->CheckIfSessionAdded(ssl); Nit: save the return value of GetCache(ssl->ctx) in a local variable to avoid calling GetCache(ssl->ctx) twice.
https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool is_in_session_cache_; On 2014/07/12 00:12:15, Ryan Sleevi wrote: > Please update the SSLSocketDataProvider ctor to set values for these members, > and to suitable defaults. It's not clear whether it should be false or true in > order to match existing tests, which also sort of highlights the challenge here > (this bookkeeping likely belongs in the Socket itself) > > Your previous comment indicated you were removing |is_in_session_cache_|, but > that no longer seems correct - i.e. whether or not a session is in the cache IS > a behaviour you want to control/mock before. > > However, is_leader_ seems to be testing a layer that the socket is not > responsible for, but the pool/messenger are. Sorry -- my previous response was incorrect. There was a time when I made is_in_session_cache a member of the socket -- I thought I had forgotten to remove it but that wasn't the case. I moved it into the SSLSocketDataProvider because that made it easy for me to set and retrieve it's value. To avoid issues with other tests I could easily make it a member variable again and add setter/getter methods. In theory, no other tests should be calling InSessionCache and accessing this variable though. Yes, is_leader_ is used to test the messenger; namely the order in which the messenger allows sockets to connect. https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... net/socket/socket_test_util.h:711: virtual void SetIsLeader() OVERRIDE; On 2014/07/15 19:27:58, wtc wrote: > > Delete these two methods. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/socket_test_... net/socket/socket_test_util.h:974: virtual void OnHandshakeFailure() OVERRIDE; On 2014/07/15 19:27:58, wtc wrote: > > Delete this method. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:87: static std::string FormatSessionCacheKey( On 2014/07/15 19:27:58, wtc wrote: > > Please add a TODO comment that this method will be deleted soon. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:97: // of SSLClientSocket. On 2014/07/15 19:27:58, wtc wrote: > > Move this to the previous line. (Unfortunately "git cl format" doesn't fix this > kind of formatting issue.) Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:101: // its SSLConnectJobMessenger upon the session's handshake's completion. On 2014/07/15 19:27:58, wtc wrote: > > upon the session's handshake's completion => upon the session's being made > available for resumption Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_nss.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_nss.cc:2904: NOTREACHED(); On 2014/07/12 00:12:15, Ryan Sleevi wrote: > Is NOTREACHED() correct? It seems like it should be NOT_IMPLEMENTED() instead > > the default not implemented policy is to LOG(ERROR) at runtime, whereas > NOTREACHED() will DCHECK(false) in debug builds (crashing the test) Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_nss.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_nss.h:77: virtual void OnSocketFailure() OVERRIDE; On 2014/07/15 19:27:58, wtc wrote: > > Delete these two methods. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:26: #include "net/socket/ssl_client_socket_pool.h" On 2014/07/15 19:27:59, wtc wrote: > > We should be able to remove this now. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:462: net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); On 2014/07/15 19:27:59, wtc wrote: > > Add > if (rv < OK) > OnHandshakeFailure(); Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:471: context->session_cache()->RemoveSessionAddedCallback(ssl_); On 2014/07/15 19:27:58, wtc wrote: > > Move these two lines into the if (ssl_) statement below, because that is where > we will destroy ssl_. This makes it clear we remove the reference to ssl_ from > the session cache before we destroy ssl_. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:832: OnHandshakeFailure(); On 2014/07/15 19:27:59, wtc wrote: > > Delete this. I think it's better to do this after DoHandshakeLoop() fails. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:962: DoConnectCallback(rv); On 2014/07/15 19:27:59, wtc wrote: > > I think we should do > if (rv < OK) > OnHandshakeFailure(); Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1104: // connection. On 2014/07/15 19:27:59, wtc wrote: > > Update this comment. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1105: if (rv <= OK) On 2014/07/15 19:27:59, wtc wrote: > > This should be > if (rv <= 0) > > You can combine this with lines 1107-1108. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1161: if (rv <= 0) { On 2014/07/15 19:27:59, wtc wrote: > > This should be > if (rv < 0) > > You can just call OnHandshakeFailure() on line 1170. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1163: } On 2014/07/15 19:27:59, wtc wrote: > > Omit the curly braces. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:103: break; On 2014/07/15 19:28:00, wtc wrote: > > ssl_socket can be in at most one of the vectors, so we can just return here. > Same for line 113. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:127: // TODO(mshelley): Both of these callbacks will use weak_ptr in future CL. On 2014/07/15 19:28:00, wtc wrote: > > Nit: weak_ptr => WeakPtr Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:163: it->callback.Run(); On 2014/07/15 19:27:59, wtc wrote: > > Add curly braces. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:208: messenger_->RemoveSocket(ssl_socket_.get()); On 2014/07/15 19:27:59, wtc wrote: > > IMPORTANT: this needs to be done in the SSLClientSocket destructor instead, > because SSLConnectJob may have released ssl_socket_ (using > ssl_socket_.PassAs()). > > Alternatively, Messanger probably should hold pointers to SSLConnectJobs instead > of SSLClientSockets. This requires adding a ssl_socket() getter method to > SSLConnectJob. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:423: return OK; On 2014/07/15 19:28:00, wtc wrote: > > Rewrite these four lines as follows: > > if (!ssl_socket_->InSessionCache()) > messenger_->MonitorConnectionResult(ssl_socket_.get()); > return OK; Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:633: return enable_connect_job_waiting_; On 2014/07/15 19:27:59, wtc wrote: > > These two methods should be defined in the same order as they are declared in > the .h file. Only the static data member initialization (lines 623-624) should > be here, before the constructor definition. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:120: // if it is present in either. On 2014/07/15 19:28:00, wtc wrote: > > Nit: reformat this comment block. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:167: // so it must outlive the job. On 2014/07/15 19:28:00, wtc wrote: > > Nit: reformat this comment block. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:358: virtual ~SSLConnectJobFactory() {} On 2014/07/15 19:28:00, wtc wrote: > > We should delete the SSLConnectJobMessengers in messenger_map_. Please move the > definition of the SSLConnectJobFactory destructor to the .cc file. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:380: scoped_ptr<MessengerMap> messenger_map_; On 2014/07/15 19:28:00, wtc wrote: > > Please add a TODO comment that this will be changed to a non-pointer. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:243: return it != key_index_.end(); On 2014/07/15 19:28:00, wtc wrote: > > IMPORTANT: I found that this function also needs to check if the session is > good. Please copy the code from lines 222-230. Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:249: ssl, CallbackAndCompletionCount(callback, 0))); On 2014/07/15 19:28:00, wtc wrote: > > Can we use the associative array notation? > > ssl_to_callback_map_[ssl] = CallbackAndCompletionCount(callback, 0); Done. https://codereview.chromium.org/353713005/diff/300001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:396: GetCache(ssl->ctx)->CheckIfSessionAdded(ssl); On 2014/07/15 19:28:00, wtc wrote: > > Nit: save the return value of GetCache(ssl->ctx) in a local variable to avoid > calling GetCache(ssl->ctx) twice. Done.
Mostly a bunch of nits, still have a lot of code to go through. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:87: // TODO(mshelley) this method will be deleted soon. nit: When comments are complete sentences (Which most should be), capitalize (And end with a period, like you're already doing). https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:88: static std::string FormatSessionCacheKey( nit: Suggest calling this GetSessionCacheKey - think that's more consistent with naming used elsewhere in the network stack. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:89: const std::string& host_and_port, Suggest just taking a const HostPortPair& here, instead, since that's what all callers have to work with, anyways. May need to forward declare HostPortPair in this file. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:93: // for the cache key of the SSL socket. nit: Should use consistent capitalization of SSL. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:105: // Sets the callback to be used if the socket's ssl handshake should fail. nit: Should use consistent capitalization of SSL. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:90: nit: Remove extra blank line. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:810: base::ResetAndReturn(&error_callback_).Run(); Clear the success_callback_, too? Admittedly, shouldn't be possible for it to end up being called after this point, anyways, but seems best to be safe. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:964: OnHandShakeFailure(); If rv is ERR_IO_PENDING, we're still waiting for another response, so this is not a handshake failure. The test should go up into the previous if block. We should probably also have a test for that case. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:964: OnHandShakeFailure(); Instead of having two places that call into OnHandShakeFailure after a call to DoHandshakeLoop, could have just one call at the end of DoHandshakeLoop, when rv < OK && rv != ERR_IO_PENDING. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1107: // connection. This should be indented two more, and go after the else. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1109: OnHandshakeFailure(); nit: Use braces on both parts of an if statement, if one takes up more than one line. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:276: rv = DoCreateSSLSocket(); Not sure if this has been discussed, but one potential problem with this approach is that if the socket we're delaying all other connections on stalls for a while, the server may start timing out all the other sockets while we're waiting. Some servers may have very aggressive timeouts. I'm not positive this will be a problem, but it's something to be on the lookout for. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:105: class NET_EXPORT_PRIVATE SSLConnectJobMessenger { It doesn't look like this is being used directly in tests. Unless you plan on changing that, should get rid of the NET_EXPORT_PRIVATE. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:379: // TODO(mshelley) change this to a non-pointer. nit: Capitalize
https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:87: // TODO(mshelley) this method will be deleted soon. On 2014/07/17 19:21:31, mmenke wrote: > nit: When comments are complete sentences (Which most should be), capitalize > (And end with a period, like you're already doing). Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:88: static std::string FormatSessionCacheKey( On 2014/07/17 19:21:31, mmenke wrote: > nit: Suggest calling this GetSessionCacheKey - think that's more consistent > with naming used elsewhere in the network stack. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:89: const std::string& host_and_port, On 2014/07/17 19:21:31, mmenke wrote: > Suggest just taking a const HostPortPair& here, instead, since that's what all > callers have to work with, anyways. May need to forward declare HostPortPair in > this file. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:93: // for the cache key of the SSL socket. On 2014/07/17 19:21:31, mmenke wrote: > nit: Should use consistent capitalization of SSL. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:105: // Sets the callback to be used if the socket's ssl handshake should fail. On 2014/07/17 19:21:31, mmenke wrote: > nit: Should use consistent capitalization of SSL. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:90: On 2014/07/17 19:21:32, mmenke wrote: > nit: Remove extra blank line. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:810: base::ResetAndReturn(&error_callback_).Run(); On 2014/07/17 19:21:32, mmenke wrote: > Clear the success_callback_, too? Admittedly, shouldn't be possible for it to > end up being called after this point, anyways, but seems best to be safe. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:964: OnHandShakeFailure(); On 2014/07/17 19:21:32, mmenke wrote: > Instead of having two places that call into OnHandShakeFailure after a call to > DoHandshakeLoop, could have just one call at the end of DoHandshakeLoop, when rv > < OK && rv != ERR_IO_PENDING. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1107: // connection. On 2014/07/17 19:21:32, mmenke wrote: > This should be indented two more, and go after the else. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1109: OnHandshakeFailure(); On 2014/07/17 19:21:32, mmenke wrote: > nit: Use braces on both parts of an if statement, if one takes up more than one > line. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:276: rv = DoCreateSSLSocket(); On 2014/07/17 19:21:32, mmenke wrote: > Not sure if this has been discussed, but one potential problem with this > approach is that if the socket we're delaying all other connections on stalls > for a while, the server may start timing out all the other sockets while we're > waiting. Some servers may have very aggressive timeouts. > > I'm not positive this will be a problem, but it's something to be on the lookout > for. In the past we have talked about timing the leading socket's connection, and allowing the pending sockets to proceed prematurely if the leading socket stalls/takes too long. Perhaps that would prevent/minimize this issue? I guess the tricky part with that solution would be determining what qualifies as "too long". https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:105: class NET_EXPORT_PRIVATE SSLConnectJobMessenger { On 2014/07/17 19:21:32, mmenke wrote: > It doesn't look like this is being used directly in tests. Unless you plan on > changing that, should get rid of the NET_EXPORT_PRIVATE. Done. https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:379: // TODO(mshelley) change this to a non-pointer. On 2014/07/17 19:21:32, mmenke wrote: > nit: Capitalize Done.
https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/360001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:276: rv = DoCreateSSLSocket(); On 2014/07/17 21:12:49, mshelley wrote: > On 2014/07/17 19:21:32, mmenke wrote: > > Not sure if this has been discussed, but one potential problem with this > > approach is that if the socket we're delaying all other connections on stalls > > for a while, the server may start timing out all the other sockets while we're > > waiting. Some servers may have very aggressive timeouts. > > > > I'm not positive this will be a problem, but it's something to be on the > lookout > > for. > > In the past we have talked about timing the leading socket's connection, and > allowing the pending sockets to proceed prematurely if the leading socket > stalls/takes too long. Perhaps that would prevent/minimize this issue? > > I guess the tricky part with that solution would be determining what qualifies > as "too long". In bugs, I've heard of idle timeouts as low as 10 seconds, at least on never-used connections. At the socket pool level, we start a backup job if a connection attempt takes more than 250 milliseconds. Assuming an SSL handshake is going to take two round trips, after establishing the connection, that gives us an estimate of 500 milliseconds. Of course, there's more potential cost to guess wrong here than there is to connecting another socket. Anyhow, nothing to worry about in this CL, though I think we should probably add a histogram to try and catch that case before enabling the new behavior via a field trial.
Patch set 12 LGTM. 1. I didn't have time to review the test code, so please wait for Ryan and Matt's approval. 2. I reviewed the non-test code very carefully. I found only one hole in the logic, which are the two comments marked with "IMPORTANT" in ssl_session_cache_openssl.cc. I suggest dealing with that problem in a follow-up CL. I delved into the OpenSSL today to validate the assumptions made by the ssl_session_cache_openssl.cc changes, which is why I discovered the problem. https://codereview.chromium.org/353713005/diff/400001/chrome/common/chrome_sw... File chrome/common/chrome_switches.cc (right): https://codereview.chromium.org/353713005/diff/400001/chrome/common/chrome_sw... chrome/common/chrome_switches.cc:618: const char kEnableSSLConnectJobWaiting[] = "enable-ssl-connect-job-waiting"; Nit: see if you can align the '=' sign with the '=' signs of the next few options. It seems that most of them are aligned. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:284: is_in_session_cache_(true) { Why is |is_in_session_cache_| initialized to true? https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1380: rv = OK; Add curly braces to both the "if" and "else" branches. The local conventions in our network stack recommends the following: 1. Use curly braces if the condition or the branch spans more than one line. 2. If one branch uses curly braces, the other branch should also use curly braces. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1391: } else { We usually omit "else" after a return statement. The benefit is that the code doesn't need to be indented. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1394: } Omit curly braces. The local convention in our network stack usually omit curly braces when the branch is just one line. Also fix lines 1402-1404. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1430: return connected_; IMPORTANT: it seems better to just use the existing IsConnected() method, and define it as follows: return transport_->socket()->IsConnected() && connected_; I didn't review the test code, so this suggestion may be wrong. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool blocked_in_connect_; Nit: these two members look similar. I suggest naming the first one "should_block_in_connect_". https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:693: virtual bool IsConnectedSSL() const OVERRIDE; IMPORTANT: IsConnectedSSL is not a method of the StreamSocket interface. So this method should not be listed in this section (see the comment on line 689). Also, this method may not need to be a virtual method. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:717: // Resumes the connection of a socket that was paused for testing. This should say "Returns a callback that resumes the connection ..." https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:12: #include "net/base/host_port_pair.h" A forward declaration of class HostPortPair should be sufficient. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:102: // its SSLConnectJobMessenger upon the sessions being made available for inform its SSLConnectJobMessenger => runs the callback sessions => session https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:806: base::ResetAndReturn(&error_callback_).Run(); Nit: it is slightly better to do this as follows: if (!error_callback_.is_null()) { success_callback_.Reset(); base::ResetAndReturn(&error_callback_).Run(); } https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1050: OnHandShakeFailure(); Please move these two lines outside the do-while loop, right before the return statement. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1105: // Failure of a read attempt indicates a failed false start indicates => may indicate https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1160: // connection. Also move this comment to line 1167, and update it. // Failure of a write attempt may indicate a failed false start // connection. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:65: Delete this blank line. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:99: // either OnJobSucceeded or OnJobFailed will do this. Nit: perhaps we should rename this method "RemovePendingSocket" in light of this? https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:113: // sockets allow the connection to proceed. Punctuation nit: // If the session is in the session cache or there are no connecting // sockets, allow the connection to proceed. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:129: pending_sockets_and_callbacks_.push_back(SocketAndCallback(socket, callback)); Please DCHECK that connecting_sockets_.empty() is false. This validates the comment in the .h file: // Note: It is an error to call AddPendingSocket() without having first // called MonitorConnectionResult() and configuring a socket that WILL // have Connect() called on it. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:134: pending_sockets_and_callbacks_.clear(); Please use the swap trick: SSLPendingSocketsAndCallbacks temp_list; pending_sockets_and_callbacks_.swap(temp_list); This is more efficient. I suggest this order: connecting_sockets_.clear(); SSLPendingSocketsAndCallbacks temp_list; pending_sockets_and_callbacks_.swap(temp_list); RunAllCallbacks(temp_list); https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:143: connecting_sockets_.erase(connecting_sockets_.begin()); BUG: we should always erase connecting_sockets_. So this method should read: connecting_sockets_.clear(); <=== NOTE: I use the same form as line 135. if (pending_sockets_and_callbacks_.empty()) return; SSLClientSocket* ssl_socket = pending_sockets_and_callbacks_[0].socket; base::Closure callback = pending_sockets_and_callbacks_[0].callback; pending_sockets_and_callbacks_.erase(pending_sockets_and_callbacks_.begin()); MonitorConnectionResult(ssl_socket); callback.Run(); https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:421: weak_factory_.GetWeakPtr())); IMPORTANT: I believe we can just pass base::Unretained(this) here because the SSLConnectJob destructor calls messenger_->RemoveSocket(). This means we can also delete the weak_factory_ member. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:620: delete it->second; Add curly braces. But you should be able to use STLDeleteValues from "base/stl_util.h", which will also clear the map (so you can delete the next line as well). https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:107: struct SocketAndCallback { Design alternative: if we make the SSLConnectJob::ResumeSSLConnection method public and add a SSLConnectJob::ssl_socket() getter method, we can just store SSLConnectJob* instead of SocketAndCallback* in the pending sockets vector. job->ssl_socket() replaces the |socket| field of SocketAndCallback. job->ResumeSSLConnection() replaces the |callback.Run()|. If you like this alternative design, please make this change in a follow-up CL. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:109: base::Closure job_resumption_callback) This probably should be a const reference. Please find out how we usually declare base::Closure parameters. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:118: // Removes |socket| from |connecting_sockets_| or Delete "|connecting_sockets_| or" and "in either". https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:125: // Configure the SSLConnectJobMessenger to begin monitoring |ssl_socket|'s Nit: Configure => Configures https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:129: // callback asynchronously, so that the caller can call Connect() on them. The comment "notifying the associated callback asynchronously, so that the caller can call Connect() on them" is not very clear because I don't know what "the caller" refers to. I suggest just removing it. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:134: // to connect, it will asynchronously invoke |callback|. Callers should Same here: I don't know what "Callers" refers to. I think you can just delete "Callers should then ... the socket". https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:332: // Enable SSLConnectJob waiting if |enable| is true. Nit: Enable => Enables https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:248: DVLOG(2) << "Lookup session: " << session << " for " << cache_key; Delete this log message. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:255: return true; You can replace these three lines with: return session_is_good; https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:283: if (!session) IMPORTANT: we should find out whether |session| may be NULL here. It seems that |session| cannot be NULL based on the code at the beginning of ssl3_client_hello in third_party/openssl/openssl/ssl/s3_clnt.c: if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; if ((sess == NULL) || (sess->ssl_version != s->version) || #ifdef OPENSSL_NO_TLSEXT !sess->session_id_length || #else (!sess->session_id_length && !sess->tlsext_tick) || #endif (sess->not_resumable)) { if (!s->session_creation_enabled) { ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); goto err; } if (!ssl_get_new_session(s,0)) goto err; } /* else use the pre-loaded session */ If |session| is NULL, we will return early without calling CheckIfSessionAdded(ssl). This means the SessionAdded callback will not be called. The messenger will not be notified until SSLClientSocketOpenSSL calls its error_callback_ for some reason. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:306: // CallbackAndCompletionCounts are used to group callback a callback group callback a callback => group a callback https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:310: CallbackAndCompletionCount(base::Closure completion_callback, I think this input parameter should be a const reference. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:316: // has not been added to the session cache. |count| == 2 means that the The first sentence in this comment block is not accurate. It is missing "or has not been marked as good". Since the first sentence is stating the fact as the second sentence (in opposite ways), you can also just delete the first sentence. More imortant, this comment should state that |count| is incremented when the session is added to the cache and when the session is marked as good. This will explain why we're testing |count| == 2. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:408: cache->CheckIfSessionAdded(ssl); IMPORTANT: a server may indicate that a session should not be cached by returning an empty session_id in the Server Hello handshake message. See this excerpt from the TLS 1.2 RFC: session_id This is the identity of the session corresponding to this connection. ... ...................................................... The server may return an empty session_id to indicate that the session will not be cached and therefore cannot be resumed. ... In this case, OpenSSL won't call NewSessionCallbackStatic. See the ssl_update_cache function in third_party/openssl/openssl/ssl/ssl_lib.c: /* If the session_id_length is 0, we are not supposed to cache it, * and it would be rather hard to do anyway :-) */ if (s->session->session_id_length == 0) return; and so our completion count for |ssl| won't become 2. So I think we'll need to set an OpenSSL callback to receive handshake completion notification. The only thing I can find is SSL_CTX_set_info_callback, which will be called at handshake completion with the following arguments (see third_party/openssl/openssl/ssl/s3_clnt.c): if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:121: // session is added to the cache. Nit: reformat this comment block.
More review comments on patch set 12: I reviewed the test code in socket_test_util.*. I am afraid that it still needs work, especially the MockSSLClientSocket::Connect method, which I don't fully understand because of its complexity. I'll review it again next week. Hopefully Ryan can suggest some improvements. I also realized I made a mistake in my review yesterday. Please see my new comment at ssl_client_socket_pool.cc:421. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:785: } You may want to assert NOTREACHED or NOTIMPLEMENTED in these two methods. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1385: if (data_->connect.mode == ASYNC) { IMPORTANT: in the original code, the "if (data_->connect.result == OK)" and "if (data_->connect.mode == ASYNC)" statements are peers at the same level. In the new code, they become nested. Please confirm this is intended. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1412: error_callback_.Run(); BUG: we need to reset a callback when we run it. We also need to reset the other callback. Please check the whole function. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1419: void MockSSLClientSocket::Disconnect() { Resurrect the blank line before this. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:342: bool is_in_session_cache_; Since SSLSocketDataProvider is a struct, the three new data members should follow the naming convention of struct members, without a trailing underscore. See the Style Guide: http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Variable_Names https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:662: virtual std::vector<MockSSLClientSocket*> GetSSLClientSockets(); 1. Please declare this method before the "ClientSocketFactory" comment on line 646 because this method is not part of the ClientSocketFactory interface. 2. This getter method should be named ssl_client_sockets(). See the Style Guide: http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Names 3. This getter method should be const and defined inline: virtual std::vector<MockSSLClientSocket*> ssl_client_sockets() const { return ssl_client_sockets_; } It may be OK for it to return a const reference. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:693: virtual bool IsConnectedSSL() const OVERRIDE; MockSSLClientSocket has the same problem on line 964. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:719: CompletionCallback GetResumptionCallback(); This is a getter method, so it should be named and declared as follows: CompletionCallback resumption_callback() const { return resumption_callback_; } https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:727: CompletionCallback resumption_callback_; 1. Declare this data member after line 731 because data members should be declared after methods. See the Style Guide: http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Declaration_Order 2. Since pausing the connection is a notion of SSLConnectJob rather than SSLClientSocket, it is not ideal to add this member and its getter method to MockClientSocket. Update: I found this member is the completion callback for Connect. It is not the same as the resumption callback of SSLConnectJob. So I think this member should be renamed "connect_callback_". https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:420: base::Bind(&net::SSLConnectJob::ResumeSSLConnection, Nit: Omit "net::". https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:421: weak_factory_.GetWeakPtr())); On 2014/07/18 01:17:15, wtc wrote: > > IMPORTANT: I believe we can just pass base::Unretained(this) here because the > SSLConnectJob destructor calls messenger_->RemoveSocket(). This means we can > also delete the weak_factory_ member. Please ignore this suggestion. I missed the fact that Messenger::OnJobSucceeded copies the pending_sockets_and_callbacks_ vector before running the callbacks. If the first callback causes a Job later in the vector to be deleted, the destructor of that Job object won't be able to remove itself from the temp_list local variable in Messenger::OnJobSucceeded, so these callbacks need to be bound to weak pointers. I don't know if it is possible for a Job's OnIOComplete method to cause another Job to be deleted, but unless we can rule that out, it is better to be prepared to handle it.
https://codereview.chromium.org/353713005/diff/400001/chrome/common/chrome_sw... File chrome/common/chrome_switches.cc (right): https://codereview.chromium.org/353713005/diff/400001/chrome/common/chrome_sw... chrome/common/chrome_switches.cc:618: const char kEnableSSLConnectJobWaiting[] = "enable-ssl-connect-job-waiting"; On 2014/07/18 01:17:13, wtc wrote: > > Nit: see if you can align the '=' sign with the '=' signs of the next few > options. It seems that most of them are aligned. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:284: is_in_session_cache_(true) { On 2014/07/18 01:17:14, wtc wrote: > > Why is |is_in_session_cache_| initialized to true? Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:785: } On 2014/07/18 15:39:16, wtc wrote: > > You may want to assert NOTREACHED or NOTIMPLEMENTED in these two methods. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1380: rv = OK; On 2014/07/18 01:17:14, wtc wrote: > > Add curly braces to both the "if" and "else" branches. > > The local conventions in our network stack recommends the following: > > 1. Use curly braces if the condition or the branch spans more than one line. > > 2. If one branch uses curly braces, the other branch should also use curly > braces. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1385: if (data_->connect.mode == ASYNC) { On 2014/07/18 15:39:16, wtc wrote: > > IMPORTANT: in the original code, the "if (data_->connect.result == OK)" and "if > (data_->connect.mode == ASYNC)" statements are peers at the same level. In the > new code, they become nested. Please confirm this is intended. That was not intended -- I fixed it. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1391: } else { On 2014/07/18 01:17:14, wtc wrote: > > We usually omit "else" after a return statement. The benefit is that the code > doesn't need to be indented. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1394: } On 2014/07/18 01:17:14, wtc wrote: > > Omit curly braces. > > The local convention in our network stack usually omit curly braces when the > branch is just one line. > > Also fix lines 1402-1404. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1412: error_callback_.Run(); On 2014/07/18 15:39:16, wtc wrote: > > BUG: we need to reset a callback when we run it. We also need to reset the other > callback. Please check the whole function. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1419: void MockSSLClientSocket::Disconnect() { On 2014/07/18 15:39:16, wtc wrote: > > Resurrect the blank line before this. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.cc:1430: return connected_; On 2014/07/18 01:17:14, wtc wrote: > > IMPORTANT: it seems better to just use the existing IsConnected() method, and > define it as follows: > > return transport_->socket()->IsConnected() && connected_; > > I didn't review the test code, so this suggestion may be wrong. That makes sense to me. It seemed strange that SSLClientSocket's IsConnected() method was really only returning whether or not the TCP socket was connected. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool blocked_in_connect_; On 2014/07/18 01:17:14, wtc wrote: > > Nit: these two members look similar. I suggest naming the first one > "should_block_in_connect_". Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:342: bool is_in_session_cache_; On 2014/07/18 15:39:17, wtc wrote: > > Since SSLSocketDataProvider is a struct, the three new data members should > follow the naming convention of struct members, without a trailing underscore. > See the Style Guide: > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Variable_Names Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:662: virtual std::vector<MockSSLClientSocket*> GetSSLClientSockets(); On 2014/07/18 15:39:17, wtc wrote: > > 1. Please declare this method before the "ClientSocketFactory" comment on line > 646 because this method is not part of the ClientSocketFactory interface. > > 2. This getter method should be named ssl_client_sockets(). See the Style Guide: > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Names > > 3. This getter method should be const and defined inline: > > virtual std::vector<MockSSLClientSocket*> ssl_client_sockets() const { > return ssl_client_sockets_; > } > > It may be OK for it to return a const reference. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:693: virtual bool IsConnectedSSL() const OVERRIDE; On 2014/07/18 01:17:14, wtc wrote: > > IMPORTANT: IsConnectedSSL is not a method of the StreamSocket interface. So this > method should not be listed in this section (see the comment on line 689). > > Also, this method may not need to be a virtual method. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:717: // Resumes the connection of a socket that was paused for testing. On 2014/07/18 01:17:14, wtc wrote: > > This should say "Returns a callback that resumes the connection ..." Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:719: CompletionCallback GetResumptionCallback(); On 2014/07/18 15:39:17, wtc wrote: > > This is a getter method, so it should be named and declared as follows: > > CompletionCallback resumption_callback() const { > return resumption_callback_; > } Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/socket_test_... net/socket/socket_test_util.h:727: CompletionCallback resumption_callback_; On 2014/07/18 15:39:16, wtc wrote: > > 1. Declare this data member after line 731 because data members should be > declared after methods. See the Style Guide: > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Declaration_Order > > 2. Since pausing the connection is a notion of SSLConnectJob rather than > SSLClientSocket, it is not ideal to add this member and its getter method to > MockClientSocket. > > Update: I found this member is the completion callback for Connect. It is not > the same as the resumption callback of SSLConnectJob. So I think this member > should be renamed "connect_callback_". Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:12: #include "net/base/host_port_pair.h" On 2014/07/18 01:17:14, wtc wrote: > > A forward declaration of class HostPortPair should be sufficient. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:102: // its SSLConnectJobMessenger upon the sessions being made available for On 2014/07/18 01:17:14, wtc wrote: > > inform its SSLConnectJobMessenger => runs the callback > > sessions => session Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:806: base::ResetAndReturn(&error_callback_).Run(); On 2014/07/18 01:17:14, wtc wrote: > > Nit: it is slightly better to do this as follows: > > if (!error_callback_.is_null()) { > success_callback_.Reset(); > base::ResetAndReturn(&error_callback_).Run(); > } Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1050: OnHandShakeFailure(); On 2014/07/18 01:17:14, wtc wrote: > > Please move these two lines outside the do-while loop, right before the return > statement. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1105: // Failure of a read attempt indicates a failed false start On 2014/07/18 01:17:14, wtc wrote: > > indicates => may indicate Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1160: // connection. On 2014/07/18 01:17:14, wtc wrote: > > Also move this comment to line 1167, and update it. > > // Failure of a write attempt may indicate a failed false start > // connection. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:65: On 2014/07/18 01:17:14, wtc wrote: > > Delete this blank line. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:99: // either OnJobSucceeded or OnJobFailed will do this. On 2014/07/18 01:17:15, wtc wrote: > > Nit: perhaps we should rename this method "RemovePendingSocket" in light of > this? Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:113: // sockets allow the connection to proceed. On 2014/07/18 01:17:15, wtc wrote: > > Punctuation nit: > > // If the session is in the session cache or there are no connecting > // sockets, allow the connection to proceed. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:129: pending_sockets_and_callbacks_.push_back(SocketAndCallback(socket, callback)); On 2014/07/18 01:17:14, wtc wrote: > > Please DCHECK that connecting_sockets_.empty() is false. This validates the > comment in the .h file: > > // Note: It is an error to call AddPendingSocket() without having first > // called MonitorConnectionResult() and configuring a socket that WILL > // have Connect() called on it. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:134: pending_sockets_and_callbacks_.clear(); On 2014/07/18 01:17:15, wtc wrote: > > Please use the swap trick: > SSLPendingSocketsAndCallbacks temp_list; > pending_sockets_and_callbacks_.swap(temp_list); > > This is more efficient. I suggest this order: > connecting_sockets_.clear(); > SSLPendingSocketsAndCallbacks temp_list; > pending_sockets_and_callbacks_.swap(temp_list); > RunAllCallbacks(temp_list); Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:143: connecting_sockets_.erase(connecting_sockets_.begin()); On 2014/07/18 01:17:15, wtc wrote: > > BUG: we should always erase connecting_sockets_. So this method should read: > > connecting_sockets_.clear(); <=== NOTE: I use the same form as line 135. > if (pending_sockets_and_callbacks_.empty()) > return; > SSLClientSocket* ssl_socket = pending_sockets_and_callbacks_[0].socket; > base::Closure callback = pending_sockets_and_callbacks_[0].callback; > pending_sockets_and_callbacks_.erase(pending_sockets_and_callbacks_.begin()); > MonitorConnectionResult(ssl_socket); > callback.Run(); Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:420: base::Bind(&net::SSLConnectJob::ResumeSSLConnection, On 2014/07/18 15:39:17, wtc wrote: > > Nit: Omit "net::". Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:421: weak_factory_.GetWeakPtr())); On 2014/07/18 15:39:17, wtc wrote: > > On 2014/07/18 01:17:15, wtc wrote: > > > > IMPORTANT: I believe we can just pass base::Unretained(this) here because the > > SSLConnectJob destructor calls messenger_->RemoveSocket(). This means we can > > also delete the weak_factory_ member. > > Please ignore this suggestion. I missed the fact that Messenger::OnJobSucceeded > copies the pending_sockets_and_callbacks_ vector before running the callbacks. > If the first callback causes a Job later in the vector to be deleted, the > destructor of that Job object won't be able to remove itself from the temp_list > local variable in Messenger::OnJobSucceeded, so these callbacks need to be bound > to weak pointers. > > I don't know if it is possible for a Job's OnIOComplete method to cause another > Job to be deleted, but unless we can rule that out, it is better to be prepared > to handle it. Acknowledged. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:620: delete it->second; On 2014/07/18 01:17:15, wtc wrote: > > Add curly braces. But you should be able to use STLDeleteValues from > "base/stl_util.h", which will also clear the map (so you can delete the next > line as well). Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:109: base::Closure job_resumption_callback) On 2014/07/18 01:17:15, wtc wrote: > > This probably should be a const reference. Please find out how we usually > declare base::Closure parameters. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:118: // Removes |socket| from |connecting_sockets_| or On 2014/07/18 01:17:15, wtc wrote: > > Delete "|connecting_sockets_| or" and "in either". Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:125: // Configure the SSLConnectJobMessenger to begin monitoring |ssl_socket|'s On 2014/07/18 01:17:15, wtc wrote: > > Nit: Configure => Configures Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:129: // callback asynchronously, so that the caller can call Connect() on them. On 2014/07/18 01:17:15, wtc wrote: > > The comment "notifying the associated callback asynchronously, so that the > caller can call Connect() on them" is not very clear because I don't know what > "the caller" refers to. > > I suggest just removing it. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:134: // to connect, it will asynchronously invoke |callback|. Callers should On 2014/07/18 01:17:15, wtc wrote: > > Same here: I don't know what "Callers" refers to. I think you can just delete > "Callers should then ... the socket". Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:332: // Enable SSLConnectJob waiting if |enable| is true. On 2014/07/18 01:17:15, wtc wrote: > > Nit: Enable => Enables Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:248: DVLOG(2) << "Lookup session: " << session << " for " << cache_key; On 2014/07/18 01:17:15, wtc wrote: > > Delete this log message. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:255: return true; On 2014/07/18 01:17:16, wtc wrote: > > You can replace these three lines with: > return session_is_good; Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:283: if (!session) On 2014/07/18 01:17:16, wtc wrote: > > IMPORTANT: we should find out whether |session| may be NULL here. It seems that > |session| cannot be NULL based on the code at the beginning of ssl3_client_hello > in third_party/openssl/openssl/ssl/s3_clnt.c: > > if (s->state == SSL3_ST_CW_CLNT_HELLO_A) > { > SSL_SESSION *sess = s->session; > if ((sess == NULL) || > (sess->ssl_version != s->version) || > #ifdef OPENSSL_NO_TLSEXT > !sess->session_id_length || > #else > (!sess->session_id_length && !sess->tlsext_tick) || > #endif > (sess->not_resumable)) > { > if (!s->session_creation_enabled) > { > > ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); > > SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); > goto err; > } > if (!ssl_get_new_session(s,0)) > goto err; > } > /* else use the pre-loaded session */ > > If |session| is NULL, we will return early without calling > CheckIfSessionAdded(ssl). This means the SessionAdded callback will not be > called. The messenger will not be notified until SSLClientSocketOpenSSL calls > its error_callback_ for some reason. The code you cited indicates to me that session cannot be null. However, if the session were null, that essentially would mean that it's not possible to do a resumption handshake for the connection correct? If that's the case, a simple solution may be to just add: if (!session) { base::Closure callback = ssl_to_callback_map_[ssl].callback; ssl_to_callback_map_.erase[ssl]; callback.Run(); return; } This will allow any pending jobs to proceed immediately because there's no point in them waiting for the leader to connect, given that they cannot do a resumption handshake. Perhaps it would be safest just to add those lines? I don't see how the session could be null, but it also seems strange that MarkSSLSessionAsGood would contain the early return if it wasn't somehow possible. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:306: // CallbackAndCompletionCounts are used to group callback a callback On 2014/07/18 01:17:15, wtc wrote: > > group callback a callback => group a callback Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:310: CallbackAndCompletionCount(base::Closure completion_callback, On 2014/07/18 01:17:15, wtc wrote: > > I think this input parameter should be a const reference. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:316: // has not been added to the session cache. |count| == 2 means that the On 2014/07/18 01:17:16, wtc wrote: > > The first sentence in this comment block is not accurate. It is missing "or has > not been marked as good". > > Since the first sentence is stating the fact as the second sentence (in opposite > ways), you can also just delete the first sentence. > > More imortant, this comment should state that |count| is incremented when the > session is added to the cache and when the session is marked as good. This will > explain why we're testing |count| == 2. Done. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:408: cache->CheckIfSessionAdded(ssl); On 2014/07/18 01:17:15, wtc wrote: > > IMPORTANT: a server may indicate that a session should not be cached by > returning an empty session_id in the Server Hello handshake message. See this > excerpt from the TLS 1.2 RFC: > > session_id > This is the identity of the session corresponding to this > connection. ... > ...................................................... The server > may return an empty session_id to indicate that the session will > not be cached and therefore cannot be resumed. ... > > In this case, OpenSSL won't call NewSessionCallbackStatic. See the > ssl_update_cache function in third_party/openssl/openssl/ssl/ssl_lib.c: > > /* If the session_id_length is 0, we are not supposed to cache it, > * and it would be rather hard to do anyway :-) */ > if (s->session->session_id_length == 0) return; > > and so our completion count for |ssl| won't become 2. > > So I think we'll need to set an OpenSSL callback to receive handshake completion > notification. The only thing I can find is SSL_CTX_set_info_callback, which will > be called at handshake completion with the following arguments (see > third_party/openssl/openssl/ssl/s3_clnt.c): > > if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); Hmm yeah I see, this is definitely an issue. I'm adding a TODO comment for now; I'll start looking into it. https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/400001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:121: // session is added to the cache. On 2014/07/18 01:17:16, wtc wrote: > > Nit: reformat this comment block. Done.
https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.cc:1369: if (!data_->blocked_in_connect) { When would this ever be true in a well-behaved client? That is, Connect() can only be called before Disconnect(), and can be called afterwards. This sort of goes back to my "don't stick state in data providers" https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.cc:1383: return ERR_IO_PENDING; This doesn't look right to me. We don't need to expose connect_callback_ to callers, we should instead have a method on the MockSSLClientSocket that says something like RestartPausedConnect(), which will then run connect_callback_ itself (and thus doesn't need to be on the base mock socket, and can exist only in the MockSSLClientSocket, and as a private member) https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.cc:1400: base::ResetAndReturn(&error_callback_).Run(); We may want to restructure this all into a more defined state machine DoConnect() DoConnectComplete() etc. The transitions are as follows: transport_->Connect() succeeds -> enters into the "CONNECT" state - Shouldn't block on connect - Immediately transitions to the ConnectComplete stage - ConnectComplete handles running error_callback_ vs connect_callback - Should block on Connect - Sets next stage to ConnectComplete, returns ERR_IO_PENDING, is up to the caller to call like RestartConnect - RestartConnect restarts the handshake loop - ConnectComplete again handles errors vs connect - ConnectComplete also is responsible for RunCallbackAsync https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool blocked_in_connect; So, as mentioned previously, the SSLSocketDataProvider should only hold data that affects the behaviour of the socket (as seen by tests), and never internal state for the mock sockets. For example, what does blocked_in_connect==true mean if should_block_in_connect==false ? I think should_block is fine (in that it affects external visibility), but blocked_in seems like state that should be on the socket. https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:646: virtual std::vector<MockSSLClientSocket*> ssl_client_sockets() const { So, thoughts: 1) If it's inline, it shouldn't be virtual. 2) It should probably be const-ref, rather than a copy. 3) It needs documentation to the effect that this can be unsafe - because each of the returned SSLSockets is owned by the caller of the factory, and they can delete at will! https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:705: virtual void SetHandshakeFailureCallback(const base::Closure& cb) OVERRIDE; For future cleanup, I suspect it may make more sense to make this a net::CompletionCallback, as discussed in the past (with either OK or an error) https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:720: // this method. This comments seems out of date? You no longer have a |resumption_callback_| member (I'm guessing it's |connect_callback_|) https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:733: CompletionCallback connect_callback_; So it's a little weird to have this member that has to be set by derived classes. Will have to dig in more to see about suggesting an alternative. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:88: // TODO(mshelley) This method will be deleted soon. Avoid words like soon in comments. Better to mention the bug attached to this. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1052: OnHandShakeFailure(); Rather than place this here, it should belong with the places that call DoHandshakeLoop() We don't call callbacks in the loop, because they're not the "terminal" place for the code (entry point / exit point) Also, typo-> HandShake -> Handshake https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1107: OnHandshakeFailure(); We don't want to synchronously make these calls here, because these callbacks may result in the underlying socket being deleted. We also want to make sure that all of the dependent variables have been updated, in case someone attempts to look at the SSLClientSocket* https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1167: OnHandshakeFailure(); Ditto https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:137: pending_sockets_and_callbacks_.swap(temp_list); Typically, when using the swap pattern, it's common to use recipient.swap(source) https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:147: pending_sockets_and_callbacks_.erase(pending_sockets_and_callbacks_.begin()); Simplified SocketAndCallback socket_and_callback = pending_sockets_and_callbacks_.front(); pending_sockets_and_callbacks_erase(pending_sockets_and_callbacks.begin()); MonitorConnectionResult(socket_and_callback.socket); socket_and_callback.callback.Run() https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:203: if (ssl_socket_.get() != NULL && messenger_ != NULL) if (ssl_socket.get() && messenger_) https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:383: if (messenger_ != NULL) if (messenger_) https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:104: // tell SSLConnectJobs when to pause or resume thier connections. typo: thier -> their https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:118: // Removes |socket| from |pending_sockets_and_callbacks_| if it is present. Rather than talking strictly about what this does, talk about what the guarantees are that this affords callers eg: // Removes |ssl_socket| from the set of sockets being monitored. This // guarantees that |job_resumption_callback| will not be called for // the socket. (if it actually does; i.e. no PostTask possibilities) https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:137: void AddPendingSocket(SSLClientSocket* socket, const base::Closure& callback); nit: variable naming - you call this ssl_socket for the other methods (119, 122, 128). Should probably do the same here. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:262: void CheckIfSessionAdded(SSL* ssl) { naming: CheckIfSessionFinished() ? Complete? https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:321: // thus |count| == 2 means that the session is ready for use. formatting https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:122: // to the cache. formatting
https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.cc:1383: return ERR_IO_PENDING; On 2014/07/18 22:01:16, Ryan Sleevi wrote: > This doesn't look right to me. > > We don't need to expose connect_callback_ to callers, we should instead have a > method on the MockSSLClientSocket that says something like > RestartPausedConnect(), which will then run connect_callback_ itself (and thus > doesn't need to be on the base mock socket, and can exist only in the > MockSSLClientSocket, and as a private member) Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.cc:1400: base::ResetAndReturn(&error_callback_).Run(); On 2014/07/18 22:01:16, Ryan Sleevi wrote: > We may want to restructure this all into a more defined state machine > > DoConnect() > DoConnectComplete() > > etc. > > The transitions are as follows: > transport_->Connect() succeeds -> enters into the "CONNECT" state > - Shouldn't block on connect > - Immediately transitions to the ConnectComplete stage > - ConnectComplete handles running error_callback_ vs connect_callback > - Should block on Connect > - Sets next stage to ConnectComplete, returns ERR_IO_PENDING, is up to the > caller to call like RestartConnect > - RestartConnect restarts the handshake loop > - ConnectComplete again handles errors vs connect > - ConnectComplete also is responsible for RunCallbackAsync Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:341: bool blocked_in_connect; On 2014/07/18 22:01:16, Ryan Sleevi wrote: > So, as mentioned previously, the SSLSocketDataProvider should only hold data > that affects the behaviour of the socket (as seen by tests), and never internal > state for the mock sockets. > > For example, what does blocked_in_connect==true mean if > should_block_in_connect==false ? > > I think should_block is fine (in that it affects external visibility), but > blocked_in seems like state that should be on the socket. Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:646: virtual std::vector<MockSSLClientSocket*> ssl_client_sockets() const { On 2014/07/18 22:01:16, Ryan Sleevi wrote: > So, thoughts: > 1) If it's inline, it shouldn't be virtual. > 2) It should probably be const-ref, rather than a copy. > 3) It needs documentation to the effect that this can be unsafe - because each > of the returned SSLSockets is owned by the caller of the factory, and they can > delete at will! Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:705: virtual void SetHandshakeFailureCallback(const base::Closure& cb) OVERRIDE; On 2014/07/18 22:01:17, Ryan Sleevi wrote: > For future cleanup, I suspect it may make more sense to make this a > net::CompletionCallback, as discussed in the past (with either OK or an error) Yeah that makes sense -- it's acceptable to make that change in a followup cl? https://codereview.chromium.org/353713005/diff/460001/net/socket/socket_test_... net/socket/socket_test_util.h:720: // this method. On 2014/07/18 22:01:16, Ryan Sleevi wrote: > This comments seems out of date? You no longer have a |resumption_callback_| > member (I'm guessing it's |connect_callback_|) Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:88: // TODO(mshelley) This method will be deleted soon. On 2014/07/18 22:01:17, Ryan Sleevi wrote: > Avoid words like soon in comments. Better to mention the bug attached to this. Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1052: OnHandShakeFailure(); On 2014/07/18 22:01:17, Ryan Sleevi wrote: > Rather than place this here, it should belong with the places that call > DoHandshakeLoop() > > We don't call callbacks in the loop, because they're not the "terminal" place > for the code (entry point / exit point) > > Also, typo-> HandShake -> Handshake Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1107: OnHandshakeFailure(); On 2014/07/18 22:01:17, Ryan Sleevi wrote: > We don't want to synchronously make these calls here, because these callbacks > may result in the underlying socket being deleted. > > We also want to make sure that all of the dependent variables have been updated, > in case someone attempts to look at the SSLClientSocket* Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1167: OnHandshakeFailure(); On 2014/07/18 22:01:17, Ryan Sleevi wrote: > Ditto Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:137: pending_sockets_and_callbacks_.swap(temp_list); On 2014/07/18 22:01:17, Ryan Sleevi wrote: > Typically, when using the swap pattern, it's common to use > recipient.swap(source) Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:147: pending_sockets_and_callbacks_.erase(pending_sockets_and_callbacks_.begin()); On 2014/07/18 22:01:17, Ryan Sleevi wrote: > Simplified > > SocketAndCallback socket_and_callback = pending_sockets_and_callbacks_.front(); > pending_sockets_and_callbacks_erase(pending_sockets_and_callbacks.begin()); > MonitorConnectionResult(socket_and_callback.socket); > socket_and_callback.callback.Run() Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:203: if (ssl_socket_.get() != NULL && messenger_ != NULL) On 2014/07/18 22:01:17, Ryan Sleevi wrote: > if (ssl_socket.get() && messenger_) Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:383: if (messenger_ != NULL) On 2014/07/18 22:01:17, Ryan Sleevi wrote: > if (messenger_) Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:104: // tell SSLConnectJobs when to pause or resume thier connections. On 2014/07/18 22:01:17, Ryan Sleevi wrote: > typo: thier -> their Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:118: // Removes |socket| from |pending_sockets_and_callbacks_| if it is present. On 2014/07/18 22:01:17, Ryan Sleevi wrote: > Rather than talking strictly about what this does, talk about what the > guarantees are that this affords callers > > eg: > // Removes |ssl_socket| from the set of sockets being monitored. This > // guarantees that |job_resumption_callback| will not be called for > // the socket. > > (if it actually does; i.e. no PostTask possibilities) Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:137: void AddPendingSocket(SSLClientSocket* socket, const base::Closure& callback); On 2014/07/18 22:01:17, Ryan Sleevi wrote: > nit: variable naming - you call this ssl_socket for the other methods (119, 122, > 128). Should probably do the same here. Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:262: void CheckIfSessionAdded(SSL* ssl) { On 2014/07/18 22:01:18, Ryan Sleevi wrote: > naming: CheckIfSessionFinished() ? Complete? Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:321: // thus |count| == 2 means that the session is ready for use. On 2014/07/18 22:01:17, Ryan Sleevi wrote: > formatting Done. https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.h (right): https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.h:122: // to the cache. On 2014/07/18 22:01:18, Ryan Sleevi wrote: > formatting Done.
Review comments on patch set 14: I can go over my review comments in person tomorrow morning. This patch set exposes an important issue: SSLClientSocketOpenSSL may need to run two callbacks: - If a Read call fails asynchronously, SSLClientSocketOpenSSL may need to run both error_callback_ and user_read_callback_. - Similarly for Connect and Write. We need to either run the two callbacks in the "right" order, or we need to detect if one callback causes the current object to be deleted, and not run the other callback. (Connect, Read, and Write are all defined to not run their callback if Disconnect is called or the object is deleted.) Right now we know error_callback_ is actually SSLConnectJobMessenger::OnJobFailed, which won't delete the current SSLClientSocketOpenSSL object (at least I don't think that is possible). So it is safe to first run the error_callback_ and then run user_read_callback_, etc. In general we don't know what error_callback_ is, so this is just a short-term solution. https://codereview.chromium.org/353713005/diff/500001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/500001/net/socket/socket_test_... net/socket/socket_test_util.h:989: // this method. Nit: reformat this comment block (the first line is too short). https://codereview.chromium.org/353713005/diff/500001/net/socket/socket_test_... net/socket/socket_test_util.h:996: STATE_NONE, Nit: list this state first? https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:445: net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); You can call OnHandshakeFailure() here. Then you don't need to test rv != ERR_IO_PENDING: if (rv == ERR_IO_PENDING) { user_connect_callback_ = callback; } else { net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); if (rv < OK) OnHandshakeFailure(); } return rv > OK ? OK : rv; https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:629: was_ever_used_ = true; 1. Similarly, you can call OnHandshakeFailure() here: if (rv == ERR_IO_PENDING) { user_read_callback_ = callback; } else { if (rv > 0) { was_ever_used_ = true; } else if (rv < 0) { // Failure of a read attempt may indicate a failed false start // connection. OnHandshakeFailure(); } user_read_buf_ = NULL; user_read_buf_len_ = 0; } return rv; 2. Make a similar change to SSLClientSocketOpenSSL::Write. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:635: // Failure of a write attempt may indicate a failed false start Typo: write => read https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:789: void SSLClientSocketOpenSSL::DoReadCallback(int rv) { IMPORTANT: if rv < 0, we also need to call OnHandshakeFailure(). https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:799: void SSLClientSocketOpenSSL::DoWriteCallback(int rv) { IMPORTANT: if rv < 0, we also need to call OnHandshakeFailure(). https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:821: base::ResetAndReturn(&error_callback_).Run(); BUG: this should read: if (!error_callback_.is_null()) { success_callback_.Reset(); base::ResetAndReturn(&error_callback_).Run(); } https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:974: OnHandshakeFailure(); 1. IMPORTANT: I would call these two callbacks in the reverse order: if (rv < OK) OnHandshakeFailure(); DoConnectCallback(rv); The issue is that the connect callback is more likely to cause the current object to be deleted. If that happens, we can't access the error_callback_ member in OnHandshakeFailure. 2. If we move if (rv < OK) OnHandshakeFailure(); into the DoConnectCallback function, it'd look more consistent with the code we add to DoReadCallback and DoWriteCallback. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1065: Delete this blank line. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:146: SocketAndCallback socket_and_callback = Nit: naming this variable "new_leader" would be more informative. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:284: callback.Run(); IMPORTANT: this code has two problems. 1. ssl_to_callback_map_ may not have an entry for |ssl|. The ssl_to_callback_map_[ssl] operation will add an empty entry if the entry doesn't exist. So you need to use ssl_to_callback_map_.find(ssl) instead. 2. More important: I think it is wrong to run the SessionAdded callback in this case. I think adding a CHECK(false) to assert that this case cannot happen is enough. Or equivalently: SSL_SESSION* session = SSL_get_session(ssl); CHECK(session); // Mark the session as good, allowing it to be used for future connections. SSL_SESSION_set_ex_data( ...
https://codereview.chromium.org/353713005/diff/520001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/socket_test_... net/socket/socket_test_util.h:339: bool should_block_in_connect; nit: Maybe in -> on? https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:369: success_callback_ = callback; optional: I think using one handshake complete callback and passing it a bool or a network error code may be a little simpler. Others may disagree, however. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:821: base::ResetAndReturn(&error_callback_).Run(); This should be: if (!error_callback_.is_null()) { success_callback_.Reset(); base::ResetAndReturn(&error_callback_).Run(); } Right? https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:974: OnHandshakeFailure(); This call isn't needed - we call OnHandshakeFailure in DoHandshakeLoop in this case. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1065: nit: Generally, we don't have extra line breaks after the start or before the end of a code block. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:112: bool SSLConnectJobMessenger::CanProceed(SSLClientSocket* ssl_socket) { I don't think this function is useful - after calling it, we call ssl_socket->InSessionCache() again, so we don't really seem to get anything out of it. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:150: socket_and_callback.callback.Run(); I defer to everyone else on this, but I wonder if it's better to just unleash all the connection attempts at this point, exactly like we do in the success case. Makes the worst case (every handshake times out) marginally less bad, and presumably only improves a relatively small number of cases. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:387: next_state_ = STATE_SSL_CONNECT; optional: Think it's a little cleaner to just move this check into STATE_CHECK_FOR_RESUME, and return OK if messenger_ is NULL, just after setting next_state_. Keeps the messenger logic a bit more contained, and seems a bit less regression prone (If someone adds something that should always be done in DoCheckForResume, for instance, it's clearer what will be skipped in the NULL messenger_ case). https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:561: DCHECK_EQ(next_state_, STATE_SSL_CONNECT); Hrm... This currently works, but wonder about changes where the socket is Disconnected and then hangs out a bit after a connect failure. I guess this is unlikely to change, and we should be fine. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:391: static bool enable_connect_job_waiting_; Can we make this an HttpNetworkSession::Param or something, instead of a global? We should be reducing the number of configuration globals, not increasing them. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:329: TEST_P(SSLClientSocketPoolTest, SimultaneousConnectJobsSuccess) { Suggest also a test with multiple failures, where we only let one through at a time.
More test suggestions - noticed this while looking at one of the followups CLs. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:106: pending_sockets_and_callbacks_.erase(it); No test currently depends on this code working, should add two tests: Have the second socket is destroyed before the first one finishes its handshake. Should have the first one succeed in one test, fail in another.
Review comments on patch set 15: mostly responding to Matt's comments. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:369: success_callback_ = callback; On 2014/07/22 16:24:11, mmenke wrote: > optional: I think using one handshake complete callback and passing it a bool > or a network error code may be a little simpler. Others may disagree, however. I believe all three reviewers suggested this. Mackenzie, please add a TODO comment to ssl_client_socket.h for this change. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:112: bool SSLConnectJobMessenger::CanProceed(SSLClientSocket* ssl_socket) { Matt: did you mean this function is very simple and we only call it once, so the code is more readable if we just inline this function? I would agree with that. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:150: socket_and_callback.callback.Run(); On 2014/07/22 16:24:11, mmenke wrote: > I defer to everyone else on this, but I wonder if it's better to just unleash > all the connection attempts at this point, exactly like we do in the success > case. Hmm... you're probably right. If the first handshake fails, the other handshakes are likely to fail for the same reason, so it would be better to unleash all of them and fail faster. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:387: next_state_ = STATE_SSL_CONNECT; On 2014/07/22 16:24:11, mmenke wrote: > optional: Think it's a little cleaner to just move this check into > STATE_CHECK_FOR_RESUME, and return OK if messenger_ is NULL, just after setting > next_state_. Yes, I agree. We can further simplify the state machine by removing STATE_CHECK_FOR_RESUME and inlining the DoCheckForResume() code at the end of this function. But you may prefer to keep STATE_CHECK_FOR_RESUME so that this function doesn't get too long. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:257: // ssl_to_callback_map_[ssl] = CallbackAndCompletionCount(callback, 0); Delete this line (which is commented out). I suspect the associated array notation requires a default constructor (which takes no argument) for CallbackAndCompletionCount. If so, it shows the associated array notation is more expensive even though it is more readable. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:289: } I still suggest simply replacing this (lines 283-289) with CHECK(session). If you want to fix this code, it should read: if (!session) { SSLToCallbackMap::iterator it = ssl_to_callback_map_.find(ssl); if (it != ssl_to_callback_map_.end()) { base::Closure callback = it->second.callback; ssl_to_callback_map_.erase(it); <== NOTE the use of |it| callback.Run(); } return; }
https://codereview.chromium.org/353713005/diff/500001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/500001/net/socket/socket_test_... net/socket/socket_test_util.h:989: // this method. On 2014/07/22 02:25:21, wtc wrote: > > Nit: reformat this comment block (the first line is too short). Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/socket_test_... net/socket/socket_test_util.h:996: STATE_NONE, On 2014/07/22 02:25:21, wtc wrote: > > Nit: list this state first? Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:445: net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); On 2014/07/22 02:25:21, wtc wrote: > > You can call OnHandshakeFailure() here. Then you don't need to test rv != > ERR_IO_PENDING: > > if (rv == ERR_IO_PENDING) { > user_connect_callback_ = callback; > } else { > net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); > if (rv < OK) > OnHandshakeFailure(); > } > > return rv > OK ? OK : rv; Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:629: was_ever_used_ = true; On 2014/07/22 02:25:21, wtc wrote: > > 1. Similarly, you can call OnHandshakeFailure() here: > > if (rv == ERR_IO_PENDING) { > user_read_callback_ = callback; > } else { > if (rv > 0) { > was_ever_used_ = true; > } else if (rv < 0) { > // Failure of a read attempt may indicate a failed false start > // connection. > OnHandshakeFailure(); > } > user_read_buf_ = NULL; > user_read_buf_len_ = 0; > } > > return rv; > > 2. Make a similar change to SSLClientSocketOpenSSL::Write. Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:635: // Failure of a write attempt may indicate a failed false start On 2014/07/22 02:25:21, wtc wrote: > > Typo: write => read Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:789: void SSLClientSocketOpenSSL::DoReadCallback(int rv) { On 2014/07/22 02:25:21, wtc wrote: > > IMPORTANT: if rv < 0, we also need to call OnHandshakeFailure(). Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:799: void SSLClientSocketOpenSSL::DoWriteCallback(int rv) { On 2014/07/22 02:25:21, wtc wrote: > > IMPORTANT: if rv < 0, we also need to call OnHandshakeFailure(). Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:821: base::ResetAndReturn(&error_callback_).Run(); On 2014/07/22 02:25:21, wtc wrote: > > BUG: this should read: > > if (!error_callback_.is_null()) { > success_callback_.Reset(); > base::ResetAndReturn(&error_callback_).Run(); > } Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:974: OnHandshakeFailure(); On 2014/07/22 02:25:21, wtc wrote: > > 1. IMPORTANT: I would call these two callbacks in the reverse order: > > if (rv < OK) > OnHandshakeFailure(); > DoConnectCallback(rv); > > The issue is that the connect callback is more likely to cause the current > object to be deleted. If that happens, we can't access the error_callback_ > member in OnHandshakeFailure. > > 2. If we move > > if (rv < OK) > OnHandshakeFailure(); > > into the DoConnectCallback function, it'd look more consistent with the code we > add to DoReadCallback and DoWriteCallback. Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1065: On 2014/07/22 02:25:21, wtc wrote: > > Delete this blank line. Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:146: SocketAndCallback socket_and_callback = On 2014/07/22 02:25:21, wtc wrote: > > Nit: naming this variable "new_leader" would be more informative. Done. https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:284: callback.Run(); On 2014/07/22 02:25:21, wtc wrote: > > IMPORTANT: this code has two problems. > > 1. ssl_to_callback_map_ may not have an entry for |ssl|. The > ssl_to_callback_map_[ssl] operation will add an empty entry if the entry doesn't > exist. So you need to use ssl_to_callback_map_.find(ssl) instead. > > 2. More important: I think it is wrong to run the SessionAdded callback in this > case. I think adding a CHECK(false) to assert that this case cannot happen is > enough. Or equivalently: > SSL_SESSION* session = SSL_get_session(ssl); > CHECK(session); > // Mark the session as good, allowing it to be used for future connections. > SSL_SESSION_set_ex_data( > ... > Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/socket_test_... net/socket/socket_test_util.h:339: bool should_block_in_connect; On 2014/07/22 16:24:11, mmenke wrote: > nit: Maybe in -> on? Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:369: success_callback_ = callback; On 2014/07/22 16:24:11, mmenke wrote: > optional: I think using one handshake complete callback and passing it a bool > or a network error code may be a little simpler. Others may disagree, however. Ryan and Wan-Teh have suggested this as well. My plan was to change that in a follow up CL -- I'll add a TODO comment now though. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:369: success_callback_ = callback; On 2014/07/23 02:03:26, wtc wrote: > > On 2014/07/22 16:24:11, mmenke wrote: > > optional: I think using one handshake complete callback and passing it a bool > > or a network error code may be a little simpler. Others may disagree, > however. > > I believe all three reviewers suggested this. Mackenzie, please add a TODO > comment to ssl_client_socket.h for this change. Since we decided to treat failures and successes in the same way, I just went ahead and made this change. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:821: base::ResetAndReturn(&error_callback_).Run(); On 2014/07/22 16:24:11, mmenke wrote: > This should be: > > if (!error_callback_.is_null()) { > success_callback_.Reset(); > base::ResetAndReturn(&error_callback_).Run(); > } > > Right? Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:974: OnHandshakeFailure(); On 2014/07/22 16:24:11, mmenke wrote: > This call isn't needed - we call OnHandshakeFailure in DoHandshakeLoop in this > case. In response to Ryan's comment on line 1052 of https://codereview.chromium.org/353713005/diff/460001/net/socket/ssl_client_s..., I moved all of the OnHandshakeFailure calls into the callers of DoHanshakeLoop, and removed the call from DoHandshakeLoop. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1065: On 2014/07/22 16:24:11, mmenke wrote: > nit: Generally, we don't have extra line breaks after the start or before the > end of a code block. Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:106: pending_sockets_and_callbacks_.erase(it); On 2014/07/22 18:03:54, mmenke wrote: > No test currently depends on this code working, should add two tests: Have the > second socket is destroyed before the first one finishes its handshake. Should > have the first one succeed in one test, fail in another. Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:112: bool SSLConnectJobMessenger::CanProceed(SSLClientSocket* ssl_socket) { On 2014/07/22 16:24:11, mmenke wrote: > I don't think this function is useful - after calling it, we call > ssl_socket->InSessionCache() again, so we don't really seem to get anything out > of it. Yes, the handling of this is somewhat repetitive right now. https://codereview.chromium.org/384873002/ fixes this issue. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:150: socket_and_callback.callback.Run(); On 2014/07/22 16:24:11, mmenke wrote: > I defer to everyone else on this, but I wonder if it's better to just unleash > all the connection attempts at this point, exactly like we do in the success > case. > > Makes the worst case (every handshake times out) marginally less bad, and > presumably only improves a relatively small number of cases. Yeah, that makes sense to me. Ryan/Wan-Teh, do you agree? In the past we've also talked about testing out different combinations of letting sockets proceed/holding them back, and seeing what works best. So I could try both? https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:150: socket_and_callback.callback.Run(); On 2014/07/23 02:03:27, wtc wrote: > > On 2014/07/22 16:24:11, mmenke wrote: > > I defer to everyone else on this, but I wonder if it's better to just unleash > > all the connection attempts at this point, exactly like we do in the success > > case. > > Hmm... you're probably right. If the first handshake fails, the other handshakes > are likely to fail for the same reason, so it would be better to unleash all of > them and fail faster. In that case, OnJobSucceeded and OnJobFailed will literally do exactly the same thing, meaning that the OnHandshakeFailure and OnHandshakeSuccess callbacks should definitely be combined now. I'll add OnJobComplete method and a OnHandshakeComplete method to replace these methods. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:387: next_state_ = STATE_SSL_CONNECT; On 2014/07/22 16:24:11, mmenke wrote: > optional: Think it's a little cleaner to just move this check into > STATE_CHECK_FOR_RESUME, and return OK if messenger_ is NULL, just after setting > next_state_. Keeps the messenger logic a bit more contained, and seems a bit > less regression prone (If someone adds something that should always be done in > DoCheckForResume, for instance, it's clearer what will be skipped in the NULL > messenger_ case). Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:391: static bool enable_connect_job_waiting_; On 2014/07/22 16:24:11, mmenke wrote: > Can we make this an HttpNetworkSession::Param or something, instead of a global? > We should be reducing the number of configuration globals, not increasing them. Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:329: TEST_P(SSLClientSocketPoolTest, SimultaneousConnectJobsSuccess) { On 2014/07/22 16:24:11, mmenke wrote: > Suggest also a test with multiple failures, where we only let one through at a > time. Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:257: // ssl_to_callback_map_[ssl] = CallbackAndCompletionCount(callback, 0); On 2014/07/23 02:03:27, wtc wrote: > > Delete this line (which is commented out). > > I suspect the associated array notation requires a default constructor (which > takes no argument) for CallbackAndCompletionCount. If so, it shows the > associated array notation is more expensive even though it is more readable. Done. https://codereview.chromium.org/353713005/diff/520001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:289: } On 2014/07/23 02:03:27, wtc wrote: > > I still suggest simply replacing this (lines 283-289) with CHECK(session). If > you want to fix this code, it should read: > > if (!session) { > SSLToCallbackMap::iterator it = ssl_to_callback_map_.find(ssl); > if (it != ssl_to_callback_map_.end()) { > base::Closure callback = it->second.callback; > ssl_to_callback_map_.erase(it); <== NOTE the use of |it| > callback.Run(); > } > return; > } Done.
Review comments on patch set 17: The changes to the non-testing code are good in general. The MockSSLClientSocket class still needs work. The MockSSLClientSocket::ConnectCallback method, which handles transport socket Connect completion, should be merged into your state machine. The difference between should_block_on_connect and connect.mode == ASYNC should be explained. The link between should_block_on_connect and RestartPausedConnect should also be explained. I think should_block_on_connect should be renamed something like "should_break_on_connect" or "should_pause_on_connect" to suggest its relation to RestartPausedConnect. https://codereview.chromium.org/353713005/diff/560001/chrome/browser/chrome_b... File chrome/browser/chrome_browser_main.cc (right): https://codereview.chromium.org/353713005/diff/560001/chrome/browser/chrome_b... chrome/browser/chrome_browser_main.cc:136: #include "net/socket/ssl_client_socket_pool.h" Please remove this line. It's no longer needed. https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_threa... File chrome/browser/io_thread.cc (right): https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_threa... chrome/browser/io_thread.cc:653: } 1. Omit curly braces. 2. Nit: move this before line 636, if you reordered the fields. https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_threa... chrome/browser/io_thread.cc:992: globals_->enable_ssl_connect_job_waiting; Nit: move this before line 949, if you reordered the fields. https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_thread.h File chrome/browser/io_thread.h (right): https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_threa... chrome/browser/io_thread.h:155: bool ignore_certificate_errors; Nit: I suggest declaring enable_ssl_connect_job_waiting before ignore_certificate_errors to match their order in HttpNetworkSession::Params. https://codereview.chromium.org/353713005/diff/560001/net/http/http_stream_fa... File net/http/http_stream_factory_impl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/http/http_stream_fa... net/http/http_stream_factory_impl_unittest.cc:423: NULL), // net_log Please align all the comments. I wonder why "git cl format" doesn't do this correctly. Perhaps "git cl format" only aligns the consecutive comments? https://codereview.chromium.org/353713005/diff/560001/net/socket/client_socke... File net/socket/client_socket_pool_manager_impl.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/client_socke... net/socket/client_socket_pool_manager_impl.h:119: bool enable_ssl_connect_job_waiting_; Reverse these two fields to match the constructor parameter order. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:768: return true; Add a comment to explain why this returns true. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1320: void MockSSLClientSocket::ConnectCallback( This function seems wrong. This is a pre-existing problem. When we get here, the transport_->socket()->Connect() call is finished. If rv == OK, we should then test if data_->connect.result is OK. I think this function should read: if (rv == OK) { if (data_->connect.result == OK) connected_ = true; rv = data_->connect.result; } callback.Run(rv); https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1366: next_connect_state_ = STATE_CONNECT_COMPLETE; Move this line after line 1369. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1371: if (data_->should_block_on_connect) { It seems that data_->should_block_on_connect is the same as data_->connect.mode == ASYNC. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1375: connected_ = true; I think these two lines should be deleted. We should only set |connected_| to true in DoConnectComplete. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1377: } else { Omit "else" after a return statement. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1386: // The presence of |success_callback_| indicates that SSL Connect Job success_callback_ => completion_callback_ https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.h:666: private: Resurrect the blank line before this line. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.h:727: CompletionCallback connect_callback_; Should this be moved to the MockSSLClientSocket class? https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.h:1013: base::Closure completion_callback_; Please name this field "handshake_completion_callback_". https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:105: // upon the session failing. I think this comment should now just talk about (true) handshake completion, with no reference to sessions. Please add a TODO comment about providing a "bool success" or "int result" input parameter to the callback. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:657: } Replace lines 644-657 with the following: if (rv == ERR_IO_PENDING) { user_write_callback_ = callback; } else { if (rv > 0) { was_ever_used_ = true; } else { // Failure of a write attempt may indicate a failed false start // connection. OnHandshakeCompletion(); } user_write_buf_ = NULL; user_write_buf_len_ = 0; } https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:946: OnHandshakeCompletion(); BUG: this should be outside the "if (!user_connect_callback_.is_null())" block. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1057: Nit: undo this change. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:219: base::Closure completion_callback_; Name this field "handshake_completion_callback_". https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:145: void OnJobCompleted(); Nit: I suggest renaming this method OnHandshakeCompletion and avoiding "Job" in the name. The reason is that the true handshake completion may occur after SSLConnectJob::Connect() is finished. You can just add a TODO comment. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:137: bool enable_ssl_connect_job_waiting = false) { Don't use default arguments. In general the Style Guide prohibits default arguments. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:285: } Please replace lines 282-285 with CHECK(session);
https://codereview.chromium.org/353713005/diff/560001/chrome/browser/chrome_b... File chrome/browser/chrome_browser_main.cc (right): https://codereview.chromium.org/353713005/diff/560001/chrome/browser/chrome_b... chrome/browser/chrome_browser_main.cc:136: #include "net/socket/ssl_client_socket_pool.h" On 2014/07/23 22:53:32, wtc wrote: > > Please remove this line. It's no longer needed. Done. https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_threa... File chrome/browser/io_thread.cc (right): https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_threa... chrome/browser/io_thread.cc:653: } On 2014/07/23 22:53:32, wtc wrote: > > 1. Omit curly braces. > > 2. Nit: move this before line 636, if you reordered the fields. Done. https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_threa... chrome/browser/io_thread.cc:992: globals_->enable_ssl_connect_job_waiting; On 2014/07/23 22:53:32, wtc wrote: > > Nit: move this before line 949, if you reordered the fields. Done. https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_thread.h File chrome/browser/io_thread.h (right): https://codereview.chromium.org/353713005/diff/560001/chrome/browser/io_threa... chrome/browser/io_thread.h:155: bool ignore_certificate_errors; On 2014/07/23 22:53:32, wtc wrote: > > Nit: I suggest declaring enable_ssl_connect_job_waiting before > ignore_certificate_errors to match their order in HttpNetworkSession::Params. Done. https://codereview.chromium.org/353713005/diff/560001/net/http/http_stream_fa... File net/http/http_stream_factory_impl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/http/http_stream_fa... net/http/http_stream_factory_impl_unittest.cc:423: NULL), // net_log On 2014/07/23 22:53:32, wtc wrote: > > Please align all the comments. I wonder why "git cl format" doesn't do this > correctly. Perhaps "git cl format" only aligns the consecutive comments? Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/client_socke... File net/socket/client_socket_pool_manager_impl.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/client_socke... net/socket/client_socket_pool_manager_impl.h:119: bool enable_ssl_connect_job_waiting_; On 2014/07/23 22:53:32, wtc wrote: > > Reverse these two fields to match the constructor parameter order. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:768: return true; On 2014/07/23 22:53:32, wtc wrote: > > Add a comment to explain why this returns true. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1320: void MockSSLClientSocket::ConnectCallback( On 2014/07/23 22:53:32, wtc wrote: > > This function seems wrong. This is a pre-existing problem. > > When we get here, the transport_->socket()->Connect() call is finished. If rv == > OK, we should then test if data_->connect.result is OK. I think this function > should read: > > if (rv == OK) { > if (data_->connect.result == OK) > connected_ = true; > rv = data_->connect.result; > } > callback.Run(rv); Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1366: next_connect_state_ = STATE_CONNECT_COMPLETE; On 2014/07/23 22:53:32, wtc wrote: > > Move this line after line 1369. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1375: connected_ = true; On 2014/07/23 22:53:32, wtc wrote: > > I think these two lines should be deleted. We should only set |connected_| to > true in DoConnectComplete. The reason I left this here was so that I'd be able to confirm that a socket had entered the connect phase after returning to my test here. I suppose I could just check that should_block_on_connect_ has been set to false, but I think that violates what Ryan has told me about the intended purpose of the data_ struct. Perhaps I should just add a separate member variable that can be used to determine this? https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1377: } else { On 2014/07/23 22:53:32, wtc wrote: > > Omit "else" after a return statement. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.cc:1386: // The presence of |success_callback_| indicates that SSL Connect Job On 2014/07/23 22:53:32, wtc wrote: > > success_callback_ => completion_callback_ Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.h:666: private: On 2014/07/23 22:53:32, wtc wrote: > > Resurrect the blank line before this line. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.h:727: CompletionCallback connect_callback_; On 2014/07/23 22:53:32, wtc wrote: > > Should this be moved to the MockSSLClientSocket class? Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/socket_test_... net/socket/socket_test_util.h:1013: base::Closure completion_callback_; On 2014/07/23 22:53:32, wtc wrote: > > Please name this field "handshake_completion_callback_". Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:105: // upon the session failing. On 2014/07/23 22:53:33, wtc wrote: > > I think this comment should now just talk about (true) handshake completion, > with no reference to sessions. > > Please add a TODO comment about providing a "bool success" or "int result" input > parameter to the callback. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:657: } On 2014/07/23 22:53:33, wtc wrote: > > Replace lines 644-657 with the following: > if (rv == ERR_IO_PENDING) { > user_write_callback_ = callback; > } else { > if (rv > 0) { > was_ever_used_ = true; > } else { > // Failure of a write attempt may indicate a failed false start > // connection. > OnHandshakeCompletion(); > } > user_write_buf_ = NULL; > user_write_buf_len_ = 0; > } Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:946: OnHandshakeCompletion(); On 2014/07/23 22:53:33, wtc wrote: > > BUG: this should be outside the "if (!user_connect_callback_.is_null())" block. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:1057: On 2014/07/23 22:53:33, wtc wrote: > > Nit: undo this change. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:219: base::Closure completion_callback_; On 2014/07/23 22:53:33, wtc wrote: > > Name this field "handshake_completion_callback_". Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:145: void OnJobCompleted(); On 2014/07/23 22:53:33, wtc wrote: > > Nit: I suggest renaming this method OnHandshakeCompletion and avoiding "Job" in > the name. The reason is that the true handshake completion may occur after > SSLConnectJob::Connect() is finished. > > You can just add a TODO comment. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:137: bool enable_ssl_connect_job_waiting = false) { On 2014/07/23 22:53:33, wtc wrote: > > Don't use default arguments. In general the Style Guide prohibits default > arguments. Done. https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/560001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:285: } On 2014/07/23 22:53:33, wtc wrote: > > Please replace lines 282-285 with > CHECK(session); Done.
Looking so much better! A few comments, but if things are done a certain way because of an earlier comment that I missed, point me at it first before going overboard and changing. https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... net/socket/socket_test_util.cc:770: return true; This does seem really weird to me. It also couples a little bit of the internal details (e.g. we ideally wouldn't mention "OpenSSL" here) https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... net/socket/socket_test_util.cc:1407: int rv; So this tripped me up when reviewing, and violated my expectations regarding how our normal callbacks/re-entrant bits work I would instead recommend this be split into Connect(const CompletionCallback&) int rv = DoConnectLoop(OK); if (rv != ERR_IO_PENDING) return rv; connect_callback_ = cb; return rv; } int DoConnectLoop(int rv) { do { .... } while (rv != ERR_IO_PENDING && next_connect_state_ != STATE_NONE); return rv; } void OnSomethingNamedHere(int rv) { int rv = DoConnectLoop(rv); if (rv == ERR_IO_PENDING) return; base::ResetAndReturn(&connect_cb_).Run(rv); } void RestartPausedConnect() { DCHECK_EQ(???, next_state_); return OnSomethingNamedHere(OK); } https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... net/socket/socket_test_util.h:340: bool is_in_session_cache; comment here // Whether or not the Socket should behave like there is a pre-existing // session to resume. Whether or not such a session is reported as // resumed is controlled by |connection_status|. https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... net/socket/socket_test_util.h:644: // Note: this method is unsafe; the elements of the returned vecotor typo: vector https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:105: // TODO(mshelley) Provide a "result" input parameter to the callback. Comment nit: "true handshake completion" is ambiguous here // Sets |callback| to be run when the handshake has fully completed. // For example, in the case of False Start, Connect() will return // early, before the peer's TLS Finished message has been verified, // in order to allow the caller to call Write() and send application // data with the client's Finished message. // In such situations, |callback| will be invoked sometime after // Connect() - either during a Write() or Read() call, and before // invoking the Read() or Write() callback. // Otherwise, during a traditional TLS connection (i.e. no False // Start), this will be called right before the Connect() callback // is called. // // Note that it's not valid to mutate this socket during such // callbacks, including deleting the socket. // // TODO(mshelley): Provide additional details about whether or not // the handshake actually succeeded or not. This can be inferred // from the result to Connect()/Read()/Write(), but may be useful // to inform here as well. Note that other wordings are fine, I was primarily trying to focus on explicitly spelling out the preconditions and post-conditions. The most useful one here is a guaranteed ordering about when this callback will be called in relation to the others (Read/Write/Connect), and what's legal to do on the socket (e.g. Disconnect()) https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_nss.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_nss.cc:2897: } Out of date. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_nss.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_nss.h:75: const base::Closure& callback) OVERRIDE; These are out of date. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:449: OnHandshakeCompletion(); This surprises me, since we traditionally don't call callbacks during Disconnect() ( it's actually documented like that in http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/socket.h / http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/stream_socket.h ) https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:628: } I would actually move this to line 632 if (rv != ERR_IO_PENDING && rv < 0) OnHandshakeCompletion() In this case, we shouldn't call the callback until the state updates on line 629/630 and 654/655 have happened (in part, this matches lines 786/787 and 798/799 in maintaining the ordering of variable assignments before callbacks) https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:947: OnHandshakeCompletion(); This surprises me, as it's inverted from your order of events on line 788/799 and 800/801, in which you call your callback than the user's callback. All the more reason for the expanded comment/documentation on the exact sequencing of events. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:121: // TODO(mshelley): Both of these callbacks will use WeakPtr in future CL. 1) Comment update? "Both"? 2) Still planned/necessary? Seems like our lifetimes are better defined now. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:145: // TODO(mshelley) Rename this method to something not involving the word job. Let's fix this TODO before landing then. Ideas? :) https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:372: // TODO(mshelley) Change this to a non-pointer. Document why it's a pointer, and if it's a cleanup bug, file a bug that can be mentioned here as well. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:137: bool enable_ssl_connect_job_waiting) { Why make this an argument to CreatePool? You could just make it a member variable to set before CreatePool, and thus have to update fewer call sites. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:238: // prior to it fail. More detail is needed in this comment, explaining a bit more about the overall flow, and then what each "chunk" is doing. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:310: // Tests that sockets will still connect in parellel if the parallel https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:365: (*it)->RestartPausedConnect(); This is... Surprising. I'm not sure I understand why this is, other than perhaps for testing. But it seems to 'break' the normal API, hence weirdness. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:368: callback3.WaitForResult(); Mention why you don't check callback1/2 https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:256: // Add this SSL* to the SSLtoCallbackMap. Add |ssl| SSLToCallbackMap
https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:121: // TODO(mshelley): Both of these callbacks will use WeakPtr in future CL. On 2014/07/25 01:36:37, Ryan Sleevi wrote: > 1) Comment update? "Both"? > 2) Still planned/necessary? Seems like our lifetimes are better defined now. Right, saw https://codereview.chromium.org/364943002/ now The concern is the Socket outliving the Messenger, which should only happen if the Socket outlives the Pool, right? Which shouldn't happen with the layering, but OK.
https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... net/socket/socket_test_util.cc:770: return true; On 2014/07/25 01:36:34, Ryan Sleevi wrote: > This does seem really weird to me. It also couples a little bit of the internal > details (e.g. we ideally wouldn't mention "OpenSSL" here) Perhaps it would just be better to put: NOTIMPLEMENTED(); return false; (You typically return false in not implemented functions with a bool return type, correct?) In theory this method should never be called by anything but an SSLClientSocketOpenSSL or a MockSSLClientSocket. https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... net/socket/socket_test_util.h:340: bool is_in_session_cache; On 2014/07/25 01:36:34, Ryan Sleevi wrote: > comment here > > // Whether or not the Socket should behave like there is a pre-existing > // session to resume. Whether or not such a session is reported as > // resumed is controlled by |connection_status|. Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... net/socket/socket_test_util.h:644: // Note: this method is unsafe; the elements of the returned vecotor On 2014/07/25 01:36:34, Ryan Sleevi wrote: > typo: vector Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:105: // TODO(mshelley) Provide a "result" input parameter to the callback. On 2014/07/25 01:36:35, Ryan Sleevi wrote: > Comment nit: "true handshake completion" is ambiguous here > > // Sets |callback| to be run when the handshake has fully completed. > // For example, in the case of False Start, Connect() will return > // early, before the peer's TLS Finished message has been verified, > // in order to allow the caller to call Write() and send application > // data with the client's Finished message. > // In such situations, |callback| will be invoked sometime after > // Connect() - either during a Write() or Read() call, and before > // invoking the Read() or Write() callback. > // Otherwise, during a traditional TLS connection (i.e. no False > // Start), this will be called right before the Connect() callback > // is called. > // > // Note that it's not valid to mutate this socket during such > // callbacks, including deleting the socket. > // > // TODO(mshelley): Provide additional details about whether or not > // the handshake actually succeeded or not. This can be inferred > // from the result to Connect()/Read()/Write(), but may be useful > // to inform here as well. > > > Note that other wordings are fine, I was primarily trying to focus on explicitly > spelling out the preconditions and post-conditions. The most useful one here is > a guaranteed ordering about when this callback will be called in relation to the > others (Read/Write/Connect), and what's legal to do on the socket (e.g. > Disconnect()) Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_nss.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_nss.cc:2897: } On 2014/07/25 01:36:36, Ryan Sleevi wrote: > Out of date. Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_nss.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_nss.h:75: const base::Closure& callback) OVERRIDE; On 2014/07/25 01:36:36, Ryan Sleevi wrote: > These are out of date. Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:449: OnHandshakeCompletion(); On 2014/07/25 01:36:36, Ryan Sleevi wrote: > This surprises me, since we traditionally don't call callbacks during > Disconnect() ( it's actually documented like that in > http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/socket.h / > http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/stream_socket.h ) The idea here was that we want to ensure that if a socket is randomly deleted, its messenger will be notified so that it can delete any pending jobs dependent upon that socket's connection. Would it be more appropriate to make this call before Disconnect in the destructor? https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:628: } On 2014/07/25 01:36:36, Ryan Sleevi wrote: > I would actually move this to line 632 > > if (rv != ERR_IO_PENDING && rv < 0) > OnHandshakeCompletion() > > In this case, we shouldn't call the callback until the state updates on line > 629/630 and 654/655 have happened (in part, this matches lines 786/787 and > 798/799 in maintaining the ordering of variable assignments before callbacks) Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:947: OnHandshakeCompletion(); On 2014/07/25 01:36:36, Ryan Sleevi wrote: > This surprises me, as it's inverted from your order of events on line 788/799 > and 800/801, in which you call your callback than the user's callback. > > All the more reason for the expanded comment/documentation on the exact > sequencing of events. Ah yes, this is wrong; it should be called before user_connect_callback_ is run. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:145: // TODO(mshelley) Rename this method to something not involving the word job. On 2014/07/25 01:36:37, Ryan Sleevi wrote: > Let's fix this TODO before landing then. Ideas? :) OnConnectionCompleted? https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:372: // TODO(mshelley) Change this to a non-pointer. On 2014/07/25 01:36:37, Ryan Sleevi wrote: > Document why it's a pointer, and if it's a cleanup bug, file a bug that can be > mentioned here as well. Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:137: bool enable_ssl_connect_job_waiting) { On 2014/07/25 01:36:37, Ryan Sleevi wrote: > Why make this an argument to CreatePool? You could just make it a member > variable to set before CreatePool, and thus have to update fewer call sites. Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:238: // prior to it fail. On 2014/07/25 01:36:37, Ryan Sleevi wrote: > More detail is needed in this comment, explaining a bit more about the overall > flow, and then what each "chunk" is doing. Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:310: // Tests that sockets will still connect in parellel if the On 2014/07/25 01:36:37, Ryan Sleevi wrote: > parallel Done. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:365: (*it)->RestartPausedConnect(); On 2014/07/25 01:36:37, Ryan Sleevi wrote: > This is... Surprising. I'm not sure I understand why this is, other than perhaps > for testing. But it seems to 'break' the normal API, hence weirdness. The idea here was to confirm that every socket started connecting immediately -- i.e. the sockets behaved as they usually would without SSLConnectJob waiting enabled. Then, I restart all of the sockets so that I can confirm that they actually connect successfully. However, I just realized that I should probably be restarting the sockets in a separate for loop, because here I technically restart the leading job (potentially allowing it to finish its connection) before checking to see that the other jobs have started to connect. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:368: callback3.WaitForResult(); On 2014/07/25 01:36:37, Ryan Sleevi wrote: > Mention why you don't check callback1/2 I was assuming that since 1/2 begin before 3, they would finish before 3. Therefore, I'd only need to check 3. I'm starting to think that might not necessarily be the case now, so I should probably check all of them.. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:256: // Add this SSL* to the SSLtoCallbackMap. On 2014/07/25 01:36:37, Ryan Sleevi wrote: > Add |ssl| > > SSLToCallbackMap Done.
https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/socket_test_... net/socket/socket_test_util.cc:770: return true; On 2014/07/26 00:58:27, mshelley wrote: > On 2014/07/25 01:36:34, Ryan Sleevi wrote: > > This does seem really weird to me. It also couples a little bit of the > internal > > details (e.g. we ideally wouldn't mention "OpenSSL" here) > > Perhaps it would just be better to put: > > NOTIMPLEMENTED(); > return false; > > (You typically return false in not implemented functions with a bool return > type, correct?) > > In theory this method should never be called by anything but an > SSLClientSocketOpenSSL or a MockSSLClientSocket. I think that will work, but you have to use appropriate compile-time guards for the tests, potentially. That is, your unittests will run on all build types. One way is to compile-guard them. Another way is to have the test check if something is supported and not run. I'm just not sure that NOTIMPLEMENTED() will work across the diversity of bots, for !use_openssl builds https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:449: OnHandshakeCompletion(); On 2014/07/26 00:58:27, mshelley wrote: > The idea here was that we want to ensure that if a socket is randomly deleted, > its messenger will be notified so that it can delete any pending jobs dependent > upon that socket's connection. Right, I got that part. > > Would it be more appropriate to make this call before Disconnect in the > destructor? I think it's OK to call here, but it means you need to beef up the documentation for this class (and setting the handshake callback), so that you're explicitly documenting in the reader the 'edge' cases that can come up (similar to the previous comments regarding ordering of callback execution), and what is or is not 'acceptable' behaviour to do in such a callback. https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/580001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:145: // TODO(mshelley) Rename this method to something not involving the word job. On 2014/07/26 00:58:27, mshelley wrote: > On 2014/07/25 01:36:37, Ryan Sleevi wrote: > > Let's fix this TODO before landing then. Ideas? :) > > OnConnectionCompleted? Sure, that or OnSSLHandshakeCompleted (since it's not just the ConnectJob, but the full handshake, that you're waiting for, right?)
Patch set 20 LGTM. I have reviewed everything carefully, including the testing code. I suggest some minor changes below, mostly coding style fixes. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.cc:799: void MockSSLClientSocket::RestartPausedConnect() { Move this method to the MockSSLClientSocket section. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.cc:1379: } Omit curly braces. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.cc:1446: void MockSSLClientSocket::Disconnect() { Please invalidate the weak pointers here: weak_factory_.InvalidateWeakPtrs(); because Disconnect() aborts the completion callback for Connect(). https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.cc:1496: } Move these two methods before the MockSSLClientSocket::GetSSLCertRequestInfo method (line 1477). https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:995: STATE_TCP_CONNECT_COMPLETE, Nit: I suggest renaming these two states STATE_TRANSPORT_CONNECT, STATE_TRANSPORT_CONNECT_COMPLETE, and renaming the corresponding functions int DoTransportConnect(); int DoTransportComplete(int result); because the |transport_| socket doesn't need to be TCP. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:1008: int DoSSLConnectComplete(int result); Please make sure these six private methods are defined in the .cc file in this order. They should all be defined after the GetServerBoundCertService() and RestartPausedConnect() methods. Note that the MockSSLClientSocket methods in the .cc file don't match the declaration order in the .h file exactly. So just try your best to match the order. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:1010: // Callback to be used to resume the connection of a paused socket. This comment is wrong. Please delete or fix this comment. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:1011: CompletionCallback connect_callback_; Nit: move this member down to be close to the related next_connect_state_ member. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:1023: base::Closure handshake_completion_callback_; Nit: if you think this member name is too long, we can shorten it to handshake_callback_. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:624: } Remove the curly braces. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:650: } Remove the curly braces. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:791: OnHandshakeCompletion(); Please copy the comment on lines 628-629 here. // Failure of a read attempt may indicate a failed false start // connection. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:803: OnHandshakeCompletion(); Please copy the comment on lines 654-655 here. // Failure of a write attempt may indicate a failed false start // connection. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:219: base::Closure handshake_completion_callback_; Nit: If you think this member name is too long, we can shorten it to handshake_callback_. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:345: next_state_ = STATE_CREATE_SSL_SOCKET; Nit: I now suggest we undo the early return changes to DoTransportConnectComplete and DoSOCKSConnectComplete because we use this pattern in MockSSLClientSocket::DoTCPConnectComplete. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:316: socket_factory_.ssl_client_sockets(); Delete these two lines. |sockets| is not used.
https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.cc:799: void MockSSLClientSocket::RestartPausedConnect() { On 2014/07/29 20:59:33, wtc wrote: > > Move this method to the MockSSLClientSocket section. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.cc:1379: } On 2014/07/29 20:59:34, wtc wrote: > > Omit curly braces. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.cc:1446: void MockSSLClientSocket::Disconnect() { On 2014/07/29 20:59:33, wtc wrote: > > Please invalidate the weak pointers here: > > weak_factory_.InvalidateWeakPtrs(); > > because Disconnect() aborts the completion callback for Connect(). Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.cc:1496: } On 2014/07/29 20:59:34, wtc wrote: > > Move these two methods before the MockSSLClientSocket::GetSSLCertRequestInfo > method (line 1477). Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:995: STATE_TCP_CONNECT_COMPLETE, On 2014/07/29 20:59:34, wtc wrote: > > Nit: I suggest renaming these two states > STATE_TRANSPORT_CONNECT, > STATE_TRANSPORT_CONNECT_COMPLETE, > and renaming the corresponding functions > int DoTransportConnect(); > int DoTransportComplete(int result); > because the |transport_| socket doesn't need to be TCP. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:1008: int DoSSLConnectComplete(int result); On 2014/07/29 20:59:34, wtc wrote: > > Please make sure these six private methods are defined in the .cc file in this > order. They should all be defined after the GetServerBoundCertService() and > RestartPausedConnect() methods. > > Note that the MockSSLClientSocket methods in the .cc file don't match the > declaration order in the .h file exactly. So just try your best to match the > order. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:1010: // Callback to be used to resume the connection of a paused socket. On 2014/07/29 20:59:34, wtc wrote: > > This comment is wrong. Please delete or fix this comment. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/socket_test_... net/socket/socket_test_util.h:1011: CompletionCallback connect_callback_; On 2014/07/29 20:59:34, wtc wrote: > > Nit: move this member down to be close to the related next_connect_state_ > member. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:624: } On 2014/07/29 20:59:34, wtc wrote: > > Remove the curly braces. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:650: } On 2014/07/29 20:59:34, wtc wrote: > > Remove the curly braces. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:791: OnHandshakeCompletion(); On 2014/07/29 20:59:34, wtc wrote: > > Please copy the comment on lines 628-629 here. > > // Failure of a read attempt may indicate a failed false start > // connection. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:803: OnHandshakeCompletion(); On 2014/07/29 20:59:34, wtc wrote: > > Please copy the comment on lines 654-655 here. > > // Failure of a write attempt may indicate a failed false start > // connection. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:345: next_state_ = STATE_CREATE_SSL_SOCKET; On 2014/07/29 20:59:34, wtc wrote: > > Nit: I now suggest we undo the early return changes to > DoTransportConnectComplete and DoSOCKSConnectComplete because we use this > pattern in MockSSLClientSocket::DoTCPConnectComplete. Done. https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/680001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:316: socket_factory_.ssl_client_sockets(); On 2014/07/29 20:59:35, wtc wrote: > > Delete these two lines. |sockets| is not used. Done.
Patch set 21 LGTM. Please edit the CL's description 1. Add line breaks. 2. Add the reviewer line: R=mmenke@chromium.org,rsleevi@chromium.org,wtc@chromium.org 3. If you have filed a bug report for this feature, add a bug line: BUG=<bug number>
Yes, to echo wtc, we want to make sure there is a BUG= filed. I have one bit, marked FIXME, that we want to fix below before committing. I realize it's going on in a separate review, but since it may represent a SECURITY BUG (use after free), we should not commit the code until the other CL has been reviewed, then you can integrate it in here. Let me know if there are concerns. Otherwise, LGTM https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... net/socket/socket_test_util.cc:1367: return transport_->socket()->IsConnected() && connected_; This seems to violate the SSLClientSocket behaviour - where IsConnected() doesn't return true until the handshake has completed. See comments below. https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... net/socket/socket_test_util.cc:1471: DCHECK(!connect_callback_.is_null()); You can remove this DCHECK. It's implied by line 1472. https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... net/socket/socket_test_util.cc:1485: DCHECK_EQ(OK, rv); DCHECKs in test code are (generally) not desirable. I think you're fine to remove these two DCHECKS (also on 1491) https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... net/socket/socket_test_util.cc:1525: connected_ = true; Doesn't this belong after lines 1527-1528? Your "should_block_on_connect" is meant to simulate "not yet connected", so it seems odd. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:451: // are allowed to resume if this socket is disconnected. This comment is a bit of a layering violation. That is, you don't know *why* people set the callback, you're just following your API :) // If a handshake was pending (Connect() had been called), notify interested parties that it's been aborted // now. If the handshake had already completed, this is a no-op. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:137: ssl_socket->SetHandshakeCompletionCallback( FIXME here https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:146: // Processes pending callbacks when a socket completes its SSL Handshake -- s/Handshake/handshake https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:244: #if !defined(USE_OPENSSL) There are several ways to do this #if defined(USE_OPENSSL) #define MAYBE_Foo Foo #else #define MAYBE_Foo DISABLED_Foo #endif This will cause the test to *compile*, but will be excluded at runtime, but CAN be manually invoked via command-line #if defined(USE_OPENSSL) TEST_P(....) { } #endif This will cause the test to *not compile*, and not run. If there are multiple tests, like there are here bool SupportsConnectJobWaiting() { #if defined(USE_OPENSSL) return true; #else return false; #endif } TEST_P(...) { if (!SupportsConnectJobWaiting()) { return; } https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:240: bool SSLSessionIsInCache(const std::string& cache_key) const { Document :) https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:256: // Add |ssl| to the SSLtoCallbackMap. s/SSLtoCallbackMap/SSLToCallbackMap/ (to -> To) https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:263: void CheckIfSessionFinished(SSL* ssl) { Shuffle documentation around Namely, document here, rather than in the body, that a session needs to have been both Add() and MarkAsGood() called, which can happen in any order, in order for it to be considered Finished. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:282: CHECK(session); 1: Delete the blank line on 281 2: Are we sure this is correct? I'm usually anxious when moving from a safe-handle to a hard-fail, so perhaps point me to where/why it's ok? (Or an earlier CL comment if I missed it) https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:305: // run when a certian sesssion is added to the session cache with an integer s/certian/certain/
https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... net/socket/socket_test_util.cc:1471: DCHECK(!connect_callback_.is_null()); On 2014/07/29 23:19:22, Ryan Sleevi wrote: > You can remove this DCHECK. It's implied by line 1472. Done. https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... net/socket/socket_test_util.cc:1485: DCHECK_EQ(OK, rv); On 2014/07/29 23:19:22, Ryan Sleevi wrote: > DCHECKs in test code are (generally) not desirable. I think you're fine to > remove these two DCHECKS (also on 1491) Done. https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... net/socket/socket_test_util.cc:1525: connected_ = true; On 2014/07/29 23:19:22, Ryan Sleevi wrote: > Doesn't this belong after lines 1527-1528? > > Your "should_block_on_connect" is meant to simulate "not yet connected", so it > seems odd. Right now its set up this way so that I can use connected_ to determine that the socket started to connect in my tests. I intend to add a different member var to use for that purpose, and then block before setting connected (hence the todo comment). https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:451: // are allowed to resume if this socket is disconnected. On 2014/07/29 23:19:22, Ryan Sleevi wrote: > This comment is a bit of a layering violation. That is, you don't know *why* > people set the callback, you're just following your API :) > > // If a handshake was pending (Connect() had been called), notify interested > parties that it's been aborted > // now. If the handshake had already completed, this is a no-op. Done. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:137: ssl_socket->SetHandshakeCompletionCallback( On 2014/07/29 23:19:22, Ryan Sleevi wrote: > FIXME here Done. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.h (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.h:146: // Processes pending callbacks when a socket completes its SSL Handshake -- On 2014/07/29 23:19:22, Ryan Sleevi wrote: > s/Handshake/handshake Done. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:244: #if !defined(USE_OPENSSL) On 2014/07/29 23:19:22, Ryan Sleevi wrote: > There are several ways to do this > > #if defined(USE_OPENSSL) > #define MAYBE_Foo Foo > #else > #define MAYBE_Foo DISABLED_Foo > #endif > > This will cause the test to *compile*, but will be excluded at runtime, but CAN > be manually invoked via command-line > > #if defined(USE_OPENSSL) > TEST_P(....) { > > } > #endif > > This will cause the test to *not compile*, and not run. > > If there are multiple tests, like there are here > > bool SupportsConnectJobWaiting() { > #if defined(USE_OPENSSL) > return true; > #else > return false; > #endif > } > > TEST_P(...) { > if (!SupportsConnectJobWaiting()) { > return; > } As we discussed yesterday, this check isn't actually necessary here. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:240: bool SSLSessionIsInCache(const std::string& cache_key) const { On 2014/07/29 23:19:22, Ryan Sleevi wrote: > Document :) Done. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:256: // Add |ssl| to the SSLtoCallbackMap. On 2014/07/29 23:19:22, Ryan Sleevi wrote: > s/SSLtoCallbackMap/SSLToCallbackMap/ (to -> To) Done. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:263: void CheckIfSessionFinished(SSL* ssl) { On 2014/07/29 23:19:22, Ryan Sleevi wrote: > Shuffle documentation around > > Namely, document here, rather than in the body, that a session needs to have > been both Add() and MarkAsGood() called, which can happen in any order, in order > for it to be considered Finished. Done. https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:282: CHECK(session); On 2014/07/29 23:19:22, Ryan Sleevi wrote: > 1: Delete the blank line on 281 > 2: Are we sure this is correct? I'm usually anxious when moving from a > safe-handle to a hard-fail, so perhaps point me to where/why it's ok? (Or an > earlier CL comment if I missed it) See Wan-Teh's comment on line 284 of https://codereview.chromium.org/353713005/diff/500001/net/socket/ssl_session_... for an explanation of the CHECK(session) https://codereview.chromium.org/353713005/diff/710001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:305: // run when a certian sesssion is added to the session cache with an integer On 2014/07/29 23:19:22, Ryan Sleevi wrote: > s/certian/certain/ Done.
Patch set 23 LGTM. https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/710001/net/socket/socket_test_... net/socket/socket_test_util.cc:1471: DCHECK(!connect_callback_.is_null()); On 2014/07/29 23:19:22, Ryan Sleevi wrote: > You can remove this DCHECK. It's implied by line 1472. Why is this DCHECK implied by line 1472? https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:212: bool ran_completion_callback_; Because of the "TestCompletionCallback callback_" member on line 208, the name "ran_completion_callback_" may be misunderstood to mean we ran |callback_|. I think this member should be renamed "ran_handshake_completion_callback_". https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (left): https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:946: EXPECT_FALSE(sock->IsConnected()); Why did you delete this EXPECT_FALSE? https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:602: void RecordCompletionCallbackRun() { ran_completion_callback_ = true; } In ssl_client_socket_openssl_unittest.cc, this method is named "RecordCompletedHandshake". Please use the same name. (The name should contain "Handshake" to avoid confusion with the "TestCompletionCallback callback_" member.) https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:666: bool ran_completion_callback_; Same here: this member should be renamed "ran_handshake_completion_callback_" to avoid confusion with the "TestCompletionCallback callback_" member on line 671. https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:949: Why don't you call sock->SetHandshakeCompletionCallback here? https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:266: // considered finished. These two events can occur in either order. I think Ryan wanted you to move this comment before the function (line 264).
https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:212: bool ran_completion_callback_; On 2014/07/30 21:56:57, wtc wrote: > > Because of the "TestCompletionCallback callback_" member on line 208, the name > "ran_completion_callback_" may be misunderstood to mean we ran |callback_|. I > think this member should be renamed "ran_handshake_completion_callback_". Done. https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_session_... File net/socket/ssl_session_cache_openssl.cc (right): https://codereview.chromium.org/353713005/diff/730001/net/socket/ssl_session_... net/socket/ssl_session_cache_openssl.cc:266: // considered finished. These two events can occur in either order. On 2014/07/30 21:56:58, wtc wrote: > > I think Ryan wanted you to move this comment before the function (line 264). Done.
Review comments on patch set 24: I will review ssl_client_socket_openssl_unittest.cc tomorrow. Here are some suggested changes. https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... net/socket/socket_test_util.cc:1524: reached_connect_ = true; Move this to MockSSLClientSocket::Connect(), at line 1357. https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... net/socket/socket_test_util.cc:1542: if (data_->connect.result == OK) data_->connect.result => result https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... net/socket/socket_test_util.h:720: bool DidReachConnect() const; 1. Add a blank line to separate this method from the methods above, which form a group ("SSLClientSocket implementation"). 2. The Style Guide recommends naming this getter method "reached_connect", matching the name of the corresponding data member. See http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Names Also, it is usually defined inline: bool reached_connect() const { return reached_connect_; } https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:423: if (!handshake_completion_callback_.is_null()) { 1. Don't separate the Init() call from the check for its failure (lines 431-434). 2. Why is it necessary to call context->session_cache()->SetSessionAddedCallback() after the Init() call? https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:21: #include "base/run_loop.h" Do we need to include this? https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:42: #include "net/socket/ssl_client_socket_test_util.cc" Delete this line. Note that you are including a .cc file. Is that a typo? https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:117: printf("%s\n", "hi"); Delete this debug printf statement. (By the way, printf("hi\n") is more efficient.) https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:594: std::vector<MockSSLClientSocket*>::iterator it = sockets.begin(); Use const_iterator. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:596: // The first socket should have had connect called on it. connect => Connect https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:600: // No other socket should have reached connected yet. connected => connect https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:603: } Omit curly braces. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:610: // The second socket should have connected. Update this comment -- "should have reached connect". https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:675: std::vector<MockSSLClientSocket*>::iterator it = sockets.begin(); Use const_iterator. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:679: // All other sockets should not be connected. Change to: No other socket should have reached connect yet. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:682: } Omit curly braces. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (left): https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:38: Add back this blank line. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:41: // WrappedStreamSocket is a base class that wraps an existing StreamSocket, If this big chunk of code is dead code, please delete it in a separate CL. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:28: #include "net/socket/ssl_client_socket_test_util.cc" Delete this line.
https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... net/socket/socket_test_util.cc:1524: reached_connect_ = true; On 2014/07/31 02:02:24, wtc wrote: > > Move this to MockSSLClientSocket::Connect(), at line 1357. Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... net/socket/socket_test_util.cc:1542: if (data_->connect.result == OK) On 2014/07/31 02:02:24, wtc wrote: > > data_->connect.result => result Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/socket_test_... net/socket/socket_test_util.h:720: bool DidReachConnect() const; On 2014/07/31 02:02:24, wtc wrote: > > 1. Add a blank line to separate this method from the methods above, which form a > group ("SSLClientSocket implementation"). > > 2. The Style Guide recommends naming this getter method "reached_connect", > matching the name of the corresponding data member. See > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Names > > Also, it is usually defined inline: > > bool reached_connect() const { return reached_connect_; } Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:423: if (!handshake_completion_callback_.is_null()) { On 2014/07/31 02:02:24, wtc wrote: > > 1. Don't separate the Init() call from the check for its failure (lines > 431-434). > > 2. Why is it necessary to call > context->session_cache()->SetSessionAddedCallback() after the Init() call? Init() initializes ssl_, which is what I map to callbacks in the session cache. If i call SetSessionAddedCallback before Init(), then I'm just mapping to an empty pointer, which means the cache will never notify the messenger when a session completes successfully. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:594: std::vector<MockSSLClientSocket*>::iterator it = sockets.begin(); On 2014/07/31 02:02:25, wtc wrote: > > Use const_iterator. Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:596: // The first socket should have had connect called on it. On 2014/07/31 02:02:24, wtc wrote: > > connect => Connect Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:600: // No other socket should have reached connected yet. On 2014/07/31 02:02:24, wtc wrote: > > connected => connect Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:603: } On 2014/07/31 02:02:25, wtc wrote: > > Omit curly braces. Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:610: // The second socket should have connected. On 2014/07/31 02:02:25, wtc wrote: > > Update this comment -- "should have reached connect". Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:675: std::vector<MockSSLClientSocket*>::iterator it = sockets.begin(); On 2014/07/31 02:02:24, wtc wrote: > > Use const_iterator. Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:679: // All other sockets should not be connected. On 2014/07/31 02:02:25, wtc wrote: > > Change to: No other socket should have reached connect yet. Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:682: } On 2014/07/31 02:02:25, wtc wrote: > > Omit curly braces. Done. https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/770001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:28: #include "net/socket/ssl_client_socket_test_util.cc" On 2014/07/31 02:02:25, wtc wrote: > > Delete this line. Done.
Review comments on patch set 26: 1. There seem to be several merge errors related to the GetNextProto method. Those changes are unrelated to your feature so I think they shouldn't be part of the CL. 2. I found two bugs. The rebase required me to go over the CL again, which is why I could not review patch set 26 quickly. I am afraid that we won't be able to finish the review today. https://codereview.chromium.org/353713005/diff/810001/net/cert/multi_threaded... File net/cert/multi_threaded_cert_verifier.cc (left): https://codereview.chromium.org/353713005/diff/810001/net/cert/multi_threaded... net/cert/multi_threaded_cert_verifier.cc:619: Please add this line back so that this file is excluded from the CL. https://codereview.chromium.org/353713005/diff/810001/net/http/http_stream_fa... File net/http/http_stream_factory_impl_job.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/http/http_stream_fa... net/http/http_stream_factory_impl_job.cc:925: ssl_socket->GetNextProto(&proto, &server_protos); IMPORTANT: is this change part of the CL? It is unrelated to your feature. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.cc:802: std::string* server_protos) { IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.cc:1416: std::string* server_protos) { IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.cc:1474: } Nit: omit curly braces. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.cc:1489: rv = DoTransportConnectComplete(rv); BUG: add a break statement after this line. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.h:717: std::string* server_protos) OVERRIDE; IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.h:978: std::string* server_protos) OVERRIDE; IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:22: class ServerBoundCertService; Sort in alphabetical order. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:139: std::string* serer_protos) = 0; IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:393: std::string* sever_protos) { IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:434: Nit: remove this blank line. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:468: // this is a no-op. Please fix this comment. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:66: std::string* server_protos) OVERRIDE; IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:90: transport_security_state_(new net::TransportSecurityState), Remove the "net::" on these three lines. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:92: cert_verifier_->set_default_result(net::OK); Remove "net::". https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:439: std::string server_protos; IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:444: status = ssl_socket_->GetNextProto(&proto, &server_protos); IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:931: ssl_socket->GetNextProto(&proto, &server_protos); IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:963: ssl_socket->GetNextProto(&proto, &server_protos); IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:28: #include "net/ssl/openssl_client_key_store.h" IMPORTANT: is this part of the CL? https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:662: transport_security_state_(new TransportSecurityState) { BUG: initialize ran_handshake_completion_callback_ to false. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:740: #endif IMPORTANT: should we delete this? Ah, I see the CompletionCallbackIsRun_WithSuccess test requires this. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2960: // matching certificate. It should allow the connection. Please update this comment because this test is testing something else. Does the test server really request client authentication?
https://codereview.chromium.org/353713005/diff/810001/net/cert/multi_threaded... File net/cert/multi_threaded_cert_verifier.cc (left): https://codereview.chromium.org/353713005/diff/810001/net/cert/multi_threaded... net/cert/multi_threaded_cert_verifier.cc:619: On 2014/07/31 23:05:24, wtc wrote: > > Please add this line back so that this file is excluded from the CL. Done. https://codereview.chromium.org/353713005/diff/810001/net/http/http_stream_fa... File net/http/http_stream_factory_impl_job.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/http/http_stream_fa... net/http/http_stream_factory_impl_job.cc:925: ssl_socket->GetNextProto(&proto, &server_protos); On 2014/07/31 23:05:24, wtc wrote: > > IMPORTANT: is this change part of the CL? It is unrelated to your feature. Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.cc:802: std::string* server_protos) { On 2014/07/31 23:05:24, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.cc:1416: std::string* server_protos) { On 2014/07/31 23:05:24, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.cc:1474: } On 2014/07/31 23:05:24, wtc wrote: > > Nit: omit curly braces. Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.cc:1489: rv = DoTransportConnectComplete(rv); On 2014/07/31 23:05:24, wtc wrote: > > BUG: add a break statement after this line. Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.h:717: std::string* server_protos) OVERRIDE; On 2014/07/31 23:05:24, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/socket_test_... net/socket/socket_test_util.h:978: std::string* server_protos) OVERRIDE; On 2014/07/31 23:05:24, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket.h (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:22: class ServerBoundCertService; On 2014/07/31 23:05:24, wtc wrote: > > Sort in alphabetical order. Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket.h:139: std::string* serer_protos) = 0; On 2014/07/31 23:05:24, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:393: std::string* sever_protos) { On 2014/07/31 23:05:24, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:434: On 2014/07/31 23:05:25, wtc wrote: > > Nit: remove this blank line. Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.cc:468: // this is a no-op. On 2014/07/31 23:05:24, wtc wrote: > > Please fix this comment. Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl.h (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl.h:66: std::string* server_protos) OVERRIDE; On 2014/07/31 23:05:25, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:90: transport_security_state_(new net::TransportSecurityState), On 2014/07/31 23:05:25, wtc wrote: > > Remove the "net::" on these three lines. Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:92: cert_verifier_->set_default_result(net::OK); On 2014/07/31 23:05:25, wtc wrote: > > Remove "net::". Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:439: std::string server_protos; On 2014/07/31 23:05:25, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool.cc:444: status = ssl_socket_->GetNextProto(&proto, &server_protos); On 2014/07/31 23:05:25, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_pool_unittest.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_pool_unittest.cc:963: ssl_socket->GetNextProto(&proto, &server_protos); On 2014/07/31 23:05:25, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:28: #include "net/ssl/openssl_client_key_store.h" On 2014/07/31 23:05:25, wtc wrote: > > IMPORTANT: is this part of the CL? Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:662: transport_security_state_(new TransportSecurityState) { On 2014/07/31 23:05:25, wtc wrote: > > BUG: initialize ran_handshake_completion_callback_ to false. Done. https://codereview.chromium.org/353713005/diff/810001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2960: // matching certificate. It should allow the connection. On 2014/07/31 23:05:25, wtc wrote: > > Please update this comment because this test is testing something else. > > Does the test server really request client authentication? Done.
Patch set 27 LGTM. Please make the changes I suggested below and upload a new CL. (You can wait until Monday.) Thanks. https://codereview.chromium.org/353713005/diff/850001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/850001/net/socket/socket_test_... net/socket/socket_test_util.h:734: bool reached_connect_; Please move the reached_connect_ member and the reached_connect getter method to the MockSSLClientSocket class. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:91: ran_handshake_completion_callback_(false) { I think you should undo all changes in this file. The new tests in ssl_client_socket_unittest.cc should be enough. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:740: #endif Please remove this. In the CompletionCallbackIsRun_WithSuccess test, please inline the CreateAndConnectSSLClientSocket call. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2657: } This is the end of the last SSLClientSocketTest.xxx test in the original code. Since your new tests are also named SSLClientSocketTest.xxx, I suggest you move your new tests here. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2829: TEST_F(SSLClientSocketTest, CompletionCallbackIsRun_WithFailure) { In your test names, change "CompletionCallback" to "HandshakeCallback" to avoid confusion with TestCompletionCallback. (I think "HandshakeCompletionCallback" would make the test names too long.) https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2859: rv = callback.GetResult(sock->Connect(callback.callback())); IMPORTANT: please base this unit test on the Connect_WithSynchronousError test, so that we are failing during the handshake rather than while reading the application data. This means we should call raw_transport->SetNextWriteError(ERR_CONNECTION_RESET); before this line, and we should expect rv to be ERR_CONNECTION_RESET and sock->IsConnected() to be false. Then the only other thing this test needs is the final EXPECT_TRUE(ran_handshake_completion_callback_) line. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2886: TEST_F(SSLClientSocketTest, CompletionCallbackIsRun_WithFalseStartFailure) { IMPORTANT: did you verify that the handshake is actually failing? That is, we should not receive the server's Finished message before getting the ERR_CONNECTION_RESET error. I am worried that the we get the ERR_CONNECTION_RESET error after the handshake has finished successfully. If you didn't verify that, please remove this unit test from this CL and work on this unit test in a new CL. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2953: // is a legitimate result when using a dedicated task runner for NSS. 1. Remove this comment block. It makes sense in the original tests you copied this from, but doesn't make sense here. 2. Add EXPECT_EQ(ERR_CONNECTION_RESET, rv); after this line. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2969: ssl_config.client_cert = ImportCertFromFile(certs_dir, "client_1.pem"); Please delete these four lines and just use kDefaultSSLConfig on line 2972. Hmm... we may need to disable False Start in this test to eliminate test flakiness. If False Start is enabled, when sock_->Connect() is finished, the handshake may not have completed.
https://codereview.chromium.org/353713005/diff/850001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/850001/net/socket/socket_test_... net/socket/socket_test_util.h:734: bool reached_connect_; On 2014/08/03 01:49:10, wtc wrote: > > Please move the reached_connect_ member and the reached_connect getter method to > the MockSSLClientSocket class. Done. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_openssl_unittest.cc (right): https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_openssl_unittest.cc:91: ran_handshake_completion_callback_(false) { On 2014/08/03 01:49:10, wtc wrote: > > I think you should undo all changes in this file. The new tests in > ssl_client_socket_unittest.cc should be enough. Done. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:740: #endif On 2014/08/03 01:49:10, wtc wrote: > > Please remove this. In the CompletionCallbackIsRun_WithSuccess test, please > inline the CreateAndConnectSSLClientSocket call. Done. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2657: } On 2014/08/03 01:49:10, wtc wrote: > > This is the end of the last SSLClientSocketTest.xxx test in the original code. > Since your new tests are also named SSLClientSocketTest.xxx, I suggest you move > your new tests here. Done. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2829: TEST_F(SSLClientSocketTest, CompletionCallbackIsRun_WithFailure) { On 2014/08/03 01:49:10, wtc wrote: > > In your test names, change "CompletionCallback" to "HandshakeCallback" to avoid > confusion with TestCompletionCallback. > > (I think "HandshakeCompletionCallback" would make the test names too long.) > Done. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2859: rv = callback.GetResult(sock->Connect(callback.callback())); On 2014/08/03 01:49:10, wtc wrote: > > IMPORTANT: please base this unit test on the Connect_WithSynchronousError test, > so that we are failing during the handshake rather than while reading the > application data. > > This means we should call > raw_transport->SetNextWriteError(ERR_CONNECTION_RESET); > before this line, and we should expect rv to be ERR_CONNECTION_RESET and > sock->IsConnected() to be false. Then the only other thing this test needs is > the final EXPECT_TRUE(ran_handshake_completion_callback_) line. Done. https://codereview.chromium.org/353713005/diff/850001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2969: ssl_config.client_cert = ImportCertFromFile(certs_dir, "client_1.pem"); On 2014/08/03 01:49:10, wtc wrote: > > Please delete these four lines and just use kDefaultSSLConfig on line 2972. > > Hmm... we may need to disable False Start in this test to eliminate test > flakiness. If False Start is enabled, when sock_->Connect() is finished, the > handshake may not have completed. Done.
Patch set 28 LGTM. Please fix the following nits, upload a new patch set, and submit it to the commit queue. I will review it later. https://codereview.chromium.org/353713005/diff/910001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/910001/net/socket/socket_test_... net/socket/socket_test_util.h:1018: ConnectState next_connect_state_; Nit: list the reached_connect_ member here because these three members are all related to the Connect() method. This will require reordering the initializer list in the constructor. https://codereview.chromium.org/353713005/diff/910001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/910001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2706: CapturingNetLog log; This test doesn't seem to need a CapturingNetLog. You should be able to pass NULL as the second argument on line 2708. You can deal with this in a future CL. https://codereview.chromium.org/353713005/diff/910001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2727: } Nit: omit the curly braces.
The CQ bit was checked by mshelley@chromium.org
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mshelley@chromium.org/353713005/930001
Patch set 29 LGTM. You need to fix a compilation error caused by a typo. https://codereview.chromium.org/353713005/diff/930001/chrome/browser/extensio... File chrome/browser/extensions/api/socket/tls_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/930001/chrome/browser/extensio... chrome/browser/extensions/api/socket/tls_socket_unittest.cc:67: MOCK_CONST_METHOD0(InSEssionCache, bool()); You have a typo here: InSEssionCache => InSessionCache https://codereview.chromium.org/353713005/diff/930001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/930001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2710: new TCPClientSocket(addr, &log, NetLog::Source())); Since you have to fix the build error, I suggest you take care of this TODO now. 1. Remove lines 2706-2708. 2. On this line, change &log to NULL.
The CQ bit was checked by mshelley@chromium.org
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mshelley@chromium.org/353713005/950001
FYI, CQ is re-trying this CL (attempt #1). The failing builders are: chromium_presubmit on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromium_presubmit on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
Patch set 30 LGTM.
Patch set 30 could not be committed because of this presubmit error:
Missing LGTM from an OWNER for these files:
chrome/browser/extensions/api/socket/tls_socket_unittest.cc
chrome/browser/io_thread.cc
chrome/browser/io_thread.h
These files are outside the network stack and also need to be reviewed by their
owners. In general you should find the best reviewers as follows:
1. Look at the revision history of the file and find the most common contributor
or reviewer of the file.
2. Find the lowest-level OWNERS file and pick one owner from the list.
I have done this and recommend the following reviewers:
* chrome/browser/extensions/api/socket/tls_socket_unittest.cc:
mek@ and asargent@
Please tell them to refer to net/socket/ssl_client_socket.h for the
SSLCLientSocket interface change.
* chrome/browser/io_thread.cc and chrome/browser/io_thread.h
thestig@
Please tell him to refer to chrome/common/chrome_switches.h and
chrome/common/chrome_switches.cc for the new command-line option. He should not
need to review other files.
NOTE: since the changes to those three files are very straightforward and we
need to commit this CL soon, please add the three new reviewers to a new TBR=
line in the CL's description, below the R= line. TBR stands for "to be
reviewed". It instructs the commit queue to commit without a review. TBR should
only be used under special circumstances. Please give the three reviewers a half
day (four hours) to review the CL before you check the Commit box.
https://codereview.chromium.org/353713005/diff/950001/net/socket/ssl_client_s...
File net/socket/ssl_client_socket_pool.cc (right):
https://codereview.chromium.org/353713005/diff/950001/net/socket/ssl_client_s...
net/socket/ssl_client_socket_pool.cc:521: (host.size() > 11 &&
host.rfind(".google.com") == host.size() - 11);
Optional: these three lines caused a presubmit message, which I believe is just
a warning rather than an error. Since this formatting change is unrelated to
your feature, I suggest you undo it.
mek@ and asargent@, can you please review the changes in chrome/browser/extensions/api/socket/tls_socket_unittest.cc made due to changes in net/socket/ssl_client_socket.h to the SSLClientSocket interface. thestig@, can you please review the changes in chrome/browser/io_thread.cc and chrome/browser/io_thread.h. Refer to chrome/common/chrome_switches.h and chrome/common/chrome_switches.cc for the new command-line option. Thank you! https://codereview.chromium.org/353713005/diff/910001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/910001/net/socket/socket_test_... net/socket/socket_test_util.h:1018: ConnectState next_connect_state_; On 2014/08/04 00:04:17, wtc wrote: > > Nit: list the reached_connect_ member here because these three members are all > related to the Connect() method. This will require reordering the initializer > list in the constructor. Done. https://codereview.chromium.org/353713005/diff/910001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/910001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2706: CapturingNetLog log; On 2014/08/04 00:04:17, wtc wrote: > > This test doesn't seem to need a CapturingNetLog. You should be able to pass > NULL as the second argument on line 2708. You can deal with this in a future CL. Ok -- I added a TODO comment. https://codereview.chromium.org/353713005/diff/910001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2727: } On 2014/08/04 00:04:17, wtc wrote: > > Nit: omit the curly braces. Done. https://codereview.chromium.org/353713005/diff/930001/chrome/browser/extensio... File chrome/browser/extensions/api/socket/tls_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/930001/chrome/browser/extensio... chrome/browser/extensions/api/socket/tls_socket_unittest.cc:67: MOCK_CONST_METHOD0(InSEssionCache, bool()); On 2014/08/04 02:39:47, wtc wrote: > > You have a typo here: InSEssionCache => InSessionCache Done. https://codereview.chromium.org/353713005/diff/930001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/353713005/diff/930001/net/socket/ssl_client_s... net/socket/ssl_client_socket_unittest.cc:2710: new TCPClientSocket(addr, &log, NetLog::Source())); On 2014/08/04 02:39:47, wtc wrote: > > Since you have to fix the build error, I suggest you take care of this TODO now. > > 1. Remove lines 2706-2708. > > 2. On this line, change &log to NULL. Done.
chrome/browser/extensions/api/socket/tls_socket_unittest.cc lgtm
Sorry for disappearing. Not need to delay landing for my sake, but one question... Looks like messenger_map_ currently grows every time we encounter a new SSL domain, and we never delete old entries when we're done with them, unless I'm missing something. Are there any plans to change that?
On 2014/08/04 17:55:38, mmenke wrote: > Sorry for disappearing. Not need to delay landing for my sake, but one > question... > > Looks like messenger_map_ currently grows every time we encounter a new SSL > domain, and we never delete old entries when we're done with them, unless I'm > missing something. Are there any plans to change that? Currently yes, that is true. https://codereview.chromium.org/384873002/ will fix this issue.
On 2014/08/04 18:02:53, mshelley wrote: > On 2014/08/04 17:55:38, mmenke wrote: > > Sorry for disappearing. Not need to delay landing for my sake, but one > > question... > > > > Looks like messenger_map_ currently grows every time we encounter a new SSL > > domain, and we never delete old entries when we're done with them, unless I'm > > missing something. Are there any plans to change that? > > Currently yes, that is true. https://codereview.chromium.org/384873002/ will fix > this issue. Thanks! Apologies for not noticing that CL.
On 2014/08/04 18:04:08, mmenke wrote: > On 2014/08/04 18:02:53, mshelley wrote: > > On 2014/08/04 17:55:38, mmenke wrote: > > > Sorry for disappearing. Not need to delay landing for my sake, but one > > > question... > > > > > > Looks like messenger_map_ currently grows every time we encounter a new SSL > > > domain, and we never delete old entries when we're done with them, unless > I'm > > > missing something. Are there any plans to change that? > > > > Currently yes, that is true. https://codereview.chromium.org/384873002/ will > fix > > this issue. > > Thanks! Apologies for not noticing that CL. No worries!
chrome/ lgtm
The CQ bit was checked by wtc@chromium.org
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mshelley@chromium.org/353713005/950001
Message was sent while issue was closed.
Change committed as 287408
Message was sent while issue was closed.
https://codereview.chromium.org/353713005/diff/950001/net/http/http_network_s... File net/http/http_network_session.cc (right): https://codereview.chromium.org/353713005/diff/950001/net/http/http_network_s... net/http/http_network_session.cc:71: ignore_certificate_errors(false), You forgot to initialize |enable_ssl_connect_job_waiting| here. Now a bunch of memory bots are red. Fix is in https://codereview.chromium.org/445443002
Message was sent while issue was closed.
Mackenzie: now that this CL has been committed, please make the following cleanup changes. The ones marked with "Nit" are optional. https://codereview.chromium.org/353713005/diff/950001/net/socket/socket_test_... File net/socket/socket_test_util.cc (right): https://codereview.chromium.org/353713005/diff/950001/net/socket/socket_test_... net/socket/socket_test_util.cc:1352: next_connect_state_ = STATE_TRANSPORT_CONNECT; Here we should set next_connect_state_ to STATE_SSL_CONNECT instead. https://codereview.chromium.org/353713005/diff/950001/net/socket/socket_test_... File net/socket/socket_test_util.h (right): https://codereview.chromium.org/353713005/diff/950001/net/socket/socket_test_... net/socket/socket_test_util.h:337: // Indicates that the socket should block in the Connect method. Nit: I suggest changing "block" to "pause". This wording implies a link to the related RestartPausedConnect() method. https://codereview.chromium.org/353713005/diff/950001/net/socket/socket_test_... net/socket/socket_test_util.h:338: bool should_block_on_connect; Nit: similarly, rename this member "should_pause_on_connect". https://codereview.chromium.org/353713005/diff/950001/net/socket/socket_test_... net/socket/socket_test_util.h:994: STATE_TRANSPORT_CONNECT_COMPLETE, Please delete the STATE_TRANSPORT_CONNECT and STATE_TRANSPORT_CONNECT_COMPLETE states and the DoTransportConnect() and DoTransportConnectComplete() methods. The transport socket should be already connected when it is passed to the SSLClientSocket constructor. |
