Chromium Code Reviews Chromium Code Reviews
Issue 353713005:
Implements new, more robust design for communicating between SSLConnectJobs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H | 5 #ifndef NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H |
| 6 #define NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H | 6 #define NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/memory/scoped_ptr.h" | |
|
wtc
2014/06/27 00:36:50
You should not need to include scoped_ptr.h becaus
mshelley
2014/07/01 02:35:23
Done.
| |
| 11 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
| 13 #include "net/socket/ssl_client_socket_openssl.h" | |
|
wtc
2014/06/27 00:36:50
You should not need to include this header.
mshelley
2014/07/01 02:35:23
Done.
| |
| 12 | 14 |
| 13 // Avoid including OpenSSL headers here. | 15 // Avoid including OpenSSL headers here. |
| 14 typedef struct ssl_ctx_st SSL_CTX; | 16 typedef struct ssl_ctx_st SSL_CTX; |
| 15 typedef struct ssl_st SSL; | 17 typedef struct ssl_st SSL; |
| 16 | 18 |
| 17 namespace net { | 19 namespace net { |
| 18 | 20 |
| 19 class SSLSessionCacheOpenSSLImpl; | 21 class SSLSessionCacheOpenSSLImpl; |
| 20 | 22 |
| 21 // A class used to implement a custom cache of SSL_SESSION objects. | 23 // A class used to implement a custom cache of SSL_SESSION objects. |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 106 // ensure that the value of |cache_key| matches the result of calling the | 108 // ensure that the value of |cache_key| matches the result of calling the |
| 107 // configuration's |key_func| function with the |ssl| as parameter. | 109 // configuration's |key_func| function with the |ssl| as parameter. |
| 108 // | 110 // |
| 109 // Every |check_expiration_count| call to either SetSSLSession() or | 111 // Every |check_expiration_count| call to either SetSSLSession() or |
| 110 // SetSSLSessionWithKey() triggers a check for, and removal of, expired | 112 // SetSSLSessionWithKey() triggers a check for, and removal of, expired |
| 111 // sessions. | 113 // sessions. |
| 112 // | 114 // |
| 113 // Return true iff a cached session was associated with the |ssl| connection. | 115 // Return true iff a cached session was associated with the |ssl| connection. |
| 114 bool SetSSLSessionWithKey(SSL* ssl, const std::string& cache_key); | 116 bool SetSSLSessionWithKey(SSL* ssl, const std::string& cache_key); |
| 115 | 117 |
| 118 // Return true iff a cached session was associated with the given |cache_key|. | |
| 119 bool SSLSessionIsInCache(const std::string& cache_key) const; | |
| 120 | |
| 121 // Informs the cache that it should notify the messenger when |socket|'s | |
|
wtc
2014/06/27 00:36:50
1. notify the messenger => run the callback |cb|
mshelley
2014/07/01 02:35:23
Done.
| |
| 122 // session is added to the cache. | |
| 123 void NotifyOnSessionAdded(SSL* ssl, const base::Closure& cb); | |
|
wtc
2014/06/27 00:36:50
cb => callback or closure ?
Our Style Guide recom
mshelley
2014/07/01 02:35:23
Done.
| |
| 124 | |
| 116 // Indicates that the SSL session associated with |ssl| is "good" - that is, | 125 // Indicates that the SSL session associated with |ssl| is "good" - that is, |
| 117 // that all associated cryptographic parameters that were negotiated, | 126 // that all associated cryptographic parameters that were negotiated, |
| 118 // including the peer's certificate, were successfully validated. Because | 127 // including the peer's certificate, were successfully validated. Because |
| 119 // OpenSSL does not provide an asynchronous certificate verification | 128 // OpenSSL does not provide an asynchronous certificate verification |
| 120 // callback, it's necessary to manually manage the sessions to ensure that | 129 // callback, it's necessary to manually manage the sessions to ensure that |
| 121 // only validated sessions are resumed. | 130 // only validated sessions are resumed. |
| 122 void MarkSSLSessionAsGood(SSL* ssl); | 131 void MarkSSLSessionAsGood(SSL* ssl); |
| 123 | 132 |
| 124 // Flush removes all entries from the cache. This is typically called when | 133 // Flush removes all entries from the cache. This is typically called when |
| 125 // the system's certificate store has changed. | 134 // the system's certificate store has changed. |
| 126 void Flush(); | 135 void Flush(); |
| 127 | 136 |
| 128 // TODO(digit): Move to client code. | 137 // TODO(digit): Move to client code. |
| 129 static const int kDefaultTimeoutSeconds = 60 * 60; | 138 static const int kDefaultTimeoutSeconds = 60 * 60; |
| 130 static const size_t kMaxEntries = 1024; | 139 static const size_t kMaxEntries = 1024; |
| 131 static const size_t kMaxExpirationChecks = 256; | 140 static const size_t kMaxExpirationChecks = 256; |
| 132 | 141 |
| 133 private: | 142 private: |
| 134 DISALLOW_COPY_AND_ASSIGN(SSLSessionCacheOpenSSL); | 143 DISALLOW_COPY_AND_ASSIGN(SSLSessionCacheOpenSSL); |
| 135 | 144 |
| 136 SSLSessionCacheOpenSSLImpl* impl_; | 145 SSLSessionCacheOpenSSLImpl* impl_; |
| 137 }; | 146 }; |
| 138 | 147 |
| 139 } // namespace net | 148 } // namespace net |
| 140 | 149 |
| 141 #endif // NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H | 150 #endif // NET_SOCKET_SSL_SESSION_CACHE_OPENSSL_H |
| OLD | NEW |
