Cache certificate verification results in memory.

net/socket/ssl_client_socket_mac.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_mac.h"
 
 #include <CoreServices/CoreServices.h>
 #include <netdb.h>
 #include <sys/socket.h>
 #include <sys/types.h>
@@ skipping 502 matching lines @@
       ciphers_.push_back(supported_ciphers[i]);
   }
 }
 
 }  // namespace
 
 //-----------------------------------------------------------------------------
 
 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket,
                                        const HostPortPair& host_and_port,
-                                       const SSLConfig& ssl_config)
+                                       const SSLConfig& ssl_config,
+                                       CertVerifier* cert_verifier)
     : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete),
       transport_read_callback_(this,
                                &SSLClientSocketMac::OnTransportReadComplete),
       transport_write_callback_(this,
                                 &SSLClientSocketMac::OnTransportWriteComplete),
       transport_(transport_socket),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       user_connect_callback_(NULL),
       user_read_callback_(NULL),
       user_write_callback_(NULL),
       user_read_buf_len_(0),
       user_write_buf_len_(0),
       next_handshake_state_(STATE_NONE),
+      cert_verifier_(cert_verifier),
       renegotiating_(false),
       client_cert_requested_(false),
       ssl_context_(NULL),
       pending_send_error_(OK),
       net_log_(transport_socket->socket()->NetLog()) {
   // Sort the list of ciphers to disable, since disabling ciphers on Mac
   // requires subtracting from a list of enabled ciphers while maintaining
   // ordering, as opposed to merely needing to iterate them as with NSS.
   sort(ssl_config_.disabled_cipher_suites.begin(),
        ssl_config_.disabled_cipher_suites.end());
@@ skipping 511 matching lines @@
   next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE;
 
   DCHECK(server_cert_);
 
   VLOG(1) << "DoVerifyCert...";
   int flags = 0;
   if (ssl_config_.rev_checking_enabled)
     flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
   if (ssl_config_.verify_ev_cert)
     flags |= X509Certificate::VERIFY_EV_CERT;
-  verifier_.reset(new CertVerifier);
+  verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
   return verifier_->Verify(server_cert_, host_and_port_.host(), flags,
                            &server_cert_verify_result_,
                            &handshake_io_callback_);
 }
 
 int SSLClientSocketMac::DoVerifyCertComplete(int result) {
   DCHECK(verifier_.get());
   verifier_.reset();
 
   VLOG(1) << "...DoVerifyCertComplete (result=" << result << ")";
@@ skipping 242 matching lines @@
   if (rv < 0 && rv != ERR_IO_PENDING) {
     us->write_io_buf_ = NULL;
     return OSStatusFromNetError(rv);
   }
 
   // always lie to our caller
   return noErr;
 }
 
 }  // namespace net