Implements new, more robust design for communicating between SSLConnectJobs.

net/socket/ssl_client_socket_openssl.cc

Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 4ff8d438e965b1fdf0b5b7f8b4ecdb75e1d14d66..06b57ba23dcfa29ba62d0936183b465d2a2720e0 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -23,6 +23,7 @@
 #include "net/cert/single_request_cert_verifier.h"
 #include "net/cert/x509_certificate_net_log_param.h"
 #include "net/socket/openssl_ssl_util.h"
+#include "net/socket/ssl_client_socket_pool.h"
 #include "net/socket/ssl_error_params.h"
 #include "net/socket/ssl_session_cache_openssl.h"
 #include "net/ssl/openssl_client_key_store.h"
@@ -87,14 +88,6 @@ int GetNetSSLVersion(SSL* ssl) {
   }
 }
 
-// Compute a unique key string for the SSL session cache. |socket| is an
-// input socket object. Return a string.
-std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) {
-  std::string result = socket.host_and_port().ToString();
-  result.append("/");
-  result.append(socket.ssl_session_cache_shard());
-  return result;
-}
 
 }  // namespace
 
@@ -139,7 +132,7 @@ class SSLClientSocketOpenSSL::SSLContext {
   static std::string GetSessionCacheKey(const SSL* ssl) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     DCHECK(socket);
-    return GetSocketSessionCacheKey(*socket);
+    return socket->GetSessionCacheKey();
   }
 
   static SSLSessionCacheOpenSSL::Config kDefaultSessionCacheConfig;
@@ -340,6 +333,8 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
     : transport_send_busy_(false),
       transport_recv_busy_(false),
       transport_recv_eof_(false),
+      has_read_(false),
+      has_written_(false),

[wtc, 2014/07/11 00:48:54]

Initialize has_written_ to 0 because it is of the int type now.

[mshelley, 2014/07/11 23:26:26]

Done.

       weak_factory_(this),
       pending_read_error_(kNoPendingReadResult),
       transport_write_error_(OK),
@@ -349,6 +344,7 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
       client_auth_cert_needed_(false),
       cert_verifier_(context.cert_verifier),
       server_bound_cert_service_(context.server_bound_cert_service),
+      is_leader_(false),
       ssl_(NULL),
       transport_bio_(NULL),
       transport_(transport_socket.Pass()),
@@ -360,12 +356,51 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
       npn_status_(kNextProtoUnsupported),
       channel_id_request_return_value_(ERR_UNEXPECTED),
       channel_id_xtn_negotiated_(false),
-      net_log_(transport_->socket()->NetLog()) {}
+      net_log_(transport_->socket()->NetLog()) {
+}
 
 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() {
+  SSLContext* context = SSLContext::GetInstance();
+  context->session_cache()->RemoveFromSSLToCallbackMap(ssl_);

[wtc, 2014/07/11 00:48:54]

It may be better to do this in the Disconnect() method instead.

[mshelley, 2014/07/11 23:26:26]

Done.

   Disconnect();
 }
 
+// Compute a unique key string for the SSL session cache.
+// Return a string.

[wtc, 2014/07/11 00:48:54]

Move this comment to the .h file.

Delete "Return a string." It seems to be stating the obvious.

[mshelley, 2014/07/11 23:26:26]

Done.

+std::string SSLClientSocketOpenSSL::GetSessionCacheKey() const {
+  return FormatSessionCacheKey(host_and_port_.ToString(),
+                               ssl_session_cache_shard_);
+}
+
+bool SSLClientSocketOpenSSL::InSessionCache() const {
+  SSLContext* context = SSLContext::GetInstance();
+  std::string cache_key = GetSessionCacheKey();
+  return context->session_cache()->SSLSessionIsInCache(cache_key);
+}
+
+void SSLClientSocketOpenSSL::WatchSessionForCompletion(
+    const base::Closure& callback) {
+  SSLContext* context = SSLContext::GetInstance();
+  context->session_cache()->RegisterSessionAddedCallback(ssl_, callback);
+}
+
+void SSLClientSocketOpenSSL::SetSocketFailureCallback(
+    const base::Closure& callback) {
+  error_callback_ = callback;
+}
+
+void SSLClientSocketOpenSSL::SetIsLeader() {
+  is_leader_ = true;
+}
+
+void SSLClientSocketOpenSSL::OnSocketFailure() {
+  if (is_leader_) {
+    error_callback_.Run();
+    error_callback_ = base::Closure();
+    is_leader_ = false;
+  }

[wtc, 2014/07/11 00:48:54]

Change this to:

  if (!error_callback_.is_null())
    base::ResetAndReturn(&error_callback_).Run();

[mshelley, 2014/07/11 23:26:26]

Done.

+}
+
 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) {
   cert_request_info->host_and_port = host_and_port_;
@@ -658,7 +693,7 @@ int SSLClientSocketOpenSSL::Init() {
     return ERR_UNEXPECTED;
 
   trying_cached_session_ = context->session_cache()->SetSSLSessionWithKey(
-      ssl_, GetSocketSessionCacheKey(*this));
+      ssl_, GetSessionCacheKey());
 
   BIO* ssl_bio = NULL;
   // 0 => use default buffer sizes.
@@ -1064,6 +1099,12 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
   do {
     rv = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read,
                   user_read_buf_len_ - total_bytes_read);
+    // Failure of the first read attempt indicates a failed false start

[wtc, 2014/07/11 00:48:54]

IMPORTANT: understanding this code requires intimate knowledge of False Start
and OpenSSL. We should try to avoid this.

One possible solution is to call OnSocketFailure on any error of
SSL_do_handshake, SSL_read, or SSL_write before we get the "SessionAdded"
notification from the SSL session cache. In other words, any error before the
true completion of the handshake is a handshake failure. We can register a
"SessionAdded" callback that reset error_callback_ and call the Messenger's
OnJobSucceeded method.

Also, we may abort the handshake, too. So we should also call OnSocketFailure in
the Disconnect() method.

[mshelley, 2014/07/11 23:26:26]

Done.

+    // connection.
+    if (!has_read_ && rv != OK &&

[wtc, 2014/07/11 00:48:54]

IMPORTANT: SSL_read is an OpenSSL function, so its return value should not be
compared with OK (a Chromium network stack return code).

Test rv <= 0 instead.

Note: if rv == 0, it means the peer closes the SSL connection either gracefully
or abruptly. It is also a sign of handshake failure.

[mshelley, 2014/07/11 23:26:27]

Done.

+        SSLClientSocketPool::GetEnableConnectJobWaiting())

[wtc, 2014/07/11 00:48:54]

Delete the SSLClientSocketPool::GetEnableConnectJobWaiting() test. The
!error_callback_.is_null() test inside OnSocketFailure() is sufficient.

Also delete the test on line 1163.

[mshelley, 2014/07/11 23:26:26]

Done.

+      OnSocketFailure();
+    has_read_ = true;
     if (rv > 0)
       total_bytes_read += rv;
   } while (total_bytes_read < user_read_buf_len_ && rv > 0);
@@ -1116,7 +1157,13 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
 int SSLClientSocketOpenSSL::DoPayloadWrite() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
-
+  // Failure of the second write attempt indicates a failed false start
+  // connection.
+  if (has_written_ == 1 && rv != OK &&

[wtc, 2014/07/11 00:48:54]

1. Change has_written_ to has_written_ <= 1.

2. Change rv != OK to rv < 0.

[mshelley, 2014/07/11 23:26:27]

Done.

+      SSLClientSocketPool::GetEnableConnectJobWaiting()) {
+    OnSocketFailure();
+  }
+  has_written_++;

[wtc, 2014/07/11 00:48:54]

Nit: in theory this may overflow.

[mshelley, 2014/07/11 23:26:26]

Done.

   if (rv >= 0) {
     net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
                                   user_write_buf_->data());