Chromium Code Reviews Chromium Code Reviews
Issue 353713005:
Implements new, more robust design for communicating between SSLConnectJobs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H | 5 #ifndef NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H |
| 6 #define NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H | 6 #define NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/callback.h" | |
|
wtc
2014/07/08 01:25:43
Include base/callback_forward.h instead for the fo
mshelley
2014/07/09 19:51:02
I'm not positive, but I think that I do need to in
| |
| 11 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
| 12 | 13 |
| 13 // Avoid including OpenSSL headers here. | 14 // Avoid including OpenSSL headers here. |
| 14 typedef struct ssl_ctx_st SSL_CTX; | 15 typedef struct ssl_ctx_st SSL_CTX; |
| 15 typedef struct ssl_st SSL; | 16 typedef struct ssl_st SSL; |
| 16 | 17 |
| 17 namespace net { | 18 namespace net { |
| 18 | 19 |
| 19 class SSLSessionCacheOpenSSLImpl; | 20 class SSLSessionCacheOpenSSLImpl; |
| 20 | 21 |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 106 // ensure that the value of |cache_key| matches the result of calling the | 107 // ensure that the value of |cache_key| matches the result of calling the |
| 107 // configuration's |key_func| function with the |ssl| as parameter. | 108 // configuration's |key_func| function with the |ssl| as parameter. |
| 108 // | 109 // |
| 109 // Every |check_expiration_count| call to either SetSSLSession() or | 110 // Every |check_expiration_count| call to either SetSSLSession() or |
| 110 // SetSSLSessionWithKey() triggers a check for, and removal of, expired | 111 // SetSSLSessionWithKey() triggers a check for, and removal of, expired |
| 111 // sessions. | 112 // sessions. |
| 112 // | 113 // |
| 113 // Return true iff a cached session was associated with the |ssl| connection. | 114 // Return true iff a cached session was associated with the |ssl| connection. |
| 114 bool SetSSLSessionWithKey(SSL* ssl, const std::string& cache_key); | 115 bool SetSSLSessionWithKey(SSL* ssl, const std::string& cache_key); |
| 115 | 116 |
| 117 // Return true iff a cached session was associated with the given |cache_key|. | |
| 118 bool SSLSessionIsInCache(const std::string& cache_key) const; | |
| 119 | |
| 120 // Informs the cache that it should run the messenger's callback when |ssl|'s | |
|
wtc
2014/07/08 01:25:43
Remove "messenger's". In this file, "messenger" is
mshelley
2014/07/09 19:51:02
Done.
| |
| 121 // session is added to the cache. | |
| 122 void NotifyOnSessionAdded(SSL* ssl, const base::Closure& callback); | |
| 123 | |
| 116 // Indicates that the SSL session associated with |ssl| is "good" - that is, | 124 // Indicates that the SSL session associated with |ssl| is "good" - that is, |
| 117 // that all associated cryptographic parameters that were negotiated, | 125 // that all associated cryptographic parameters that were negotiated, |
| 118 // including the peer's certificate, were successfully validated. Because | 126 // including the peer's certificate, were successfully validated. Because |
| 119 // OpenSSL does not provide an asynchronous certificate verification | 127 // OpenSSL does not provide an asynchronous certificate verification |
| 120 // callback, it's necessary to manually manage the sessions to ensure that | 128 // callback, it's necessary to manually manage the sessions to ensure that |
| 121 // only validated sessions are resumed. | 129 // only validated sessions are resumed. |
| 122 void MarkSSLSessionAsGood(SSL* ssl); | 130 void MarkSSLSessionAsGood(SSL* ssl); |
| 123 | 131 |
| 124 // Flush removes all entries from the cache. This is typically called when | 132 // Flush removes all entries from the cache. This is typically called when |
| 125 // the system's certificate store has changed. | 133 // the system's certificate store has changed. |
| 126 void Flush(); | 134 void Flush(); |
| 127 | 135 |
| 128 // TODO(digit): Move to client code. | 136 // TODO(digit): Move to client code. |
| 129 static const int kDefaultTimeoutSeconds = 60 * 60; | 137 static const int kDefaultTimeoutSeconds = 60 * 60; |
| 130 static const size_t kMaxEntries = 1024; | 138 static const size_t kMaxEntries = 1024; |
| 131 static const size_t kMaxExpirationChecks = 256; | 139 static const size_t kMaxExpirationChecks = 256; |
| 132 | 140 |
| 133 private: | 141 private: |
| 134 DISALLOW_COPY_AND_ASSIGN(SSLSessionCacheOpenSSL); | 142 DISALLOW_COPY_AND_ASSIGN(SSLSessionCacheOpenSSL); |
| 135 | 143 |
| 136 SSLSessionCacheOpenSSLImpl* impl_; | 144 SSLSessionCacheOpenSSLImpl* impl_; |
| 137 }; | 145 }; |
| 138 | 146 |
| 139 } // namespace net | 147 } // namespace net |
| 140 | 148 |
| 141 #endif // NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H | 149 #endif // NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H |
| OLD | NEW |
