Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(825)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.h

Issue 5386001: Cache certificate verification results in memory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_mac_factory.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
7 #pragma once 7 #pragma once
8 8
9 #include <certt.h> 9 #include <certt.h>
10 #include <keyt.h> 10 #include <keyt.h>
(...skipping 14 matching lines...) Expand all
25 #include "net/base/ssl_config_service.h" 25 #include "net/base/ssl_config_service.h"
26 #include "net/base/x509_certificate.h" 26 #include "net/base/x509_certificate.h"
27 #include "net/socket/ssl_client_socket.h" 27 #include "net/socket/ssl_client_socket.h"
28 28
29 namespace net { 29 namespace net {
30 30
31 class BoundNetLog; 31 class BoundNetLog;
32 class CertVerifier; 32 class CertVerifier;
33 class ClientSocketHandle; 33 class ClientSocketHandle;
34 class DnsCertProvenanceChecker; 34 class DnsCertProvenanceChecker;
35 class SingleRequestCertVerifier;
35 class SSLHostInfo; 36 class SSLHostInfo;
36 class X509Certificate; 37 class X509Certificate;
37 38
38 // An SSL client socket implemented with Mozilla NSS. 39 // An SSL client socket implemented with Mozilla NSS.
39 class SSLClientSocketNSS : public SSLClientSocket { 40 class SSLClientSocketNSS : public SSLClientSocket {
40 public: 41 public:
41 // Takes ownership of the |transport_socket|, which must already be connected. 42 // Takes ownership of the |transport_socket|, which must already be connected.
42 // The hostname specified in |host_and_port| will be compared with the name(s) 43 // The hostname specified in |host_and_port| will be compared with the name(s)
43 // in the server's certificate during the SSL handshake. If SSL client 44 // in the server's certificate during the SSL handshake. If SSL client
44 // authentication is requested, the host_and_port field of SSLCertRequestInfo 45 // authentication is requested, the host_and_port field of SSLCertRequestInfo
45 // will be populated with |host_and_port|. |ssl_config| specifies 46 // will be populated with |host_and_port|. |ssl_config| specifies
46 // the SSL settings. 47 // the SSL settings.
47 SSLClientSocketNSS(ClientSocketHandle* transport_socket, 48 SSLClientSocketNSS(ClientSocketHandle* transport_socket,
48 const HostPortPair& host_and_port, 49 const HostPortPair& host_and_port,
49 const SSLConfig& ssl_config, 50 const SSLConfig& ssl_config,
50 SSLHostInfo* ssl_host_info, 51 SSLHostInfo* ssl_host_info,
52 CertVerifier* cert_verifier,
51 DnsCertProvenanceChecker* dnsrr_resolver); 53 DnsCertProvenanceChecker* dnsrr_resolver);
52 ~SSLClientSocketNSS(); 54 ~SSLClientSocketNSS();
53 55
54 // SSLClientSocket methods: 56 // SSLClientSocket methods:
55 virtual void GetSSLInfo(SSLInfo* ssl_info); 57 virtual void GetSSLInfo(SSLInfo* ssl_info);
56 virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); 58 virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info);
57 virtual NextProtoStatus GetNextProto(std::string* proto); 59 virtual NextProtoStatus GetNextProto(std::string* proto);
58 virtual void UseDNSSEC(DNSSECProvider* provider); 60 virtual void UseDNSSEC(DNSSECProvider* provider);
59 61
60 // ClientSocket methods: 62 // ClientSocket methods:
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after
186 // we used an SSLHostInfo's verification. 188 // we used an SSLHostInfo's verification.
187 const CertVerifyResult* server_cert_verify_result_; 189 const CertVerifyResult* server_cert_verify_result_;
188 CertVerifyResult local_server_cert_verify_result_; 190 CertVerifyResult local_server_cert_verify_result_;
189 int ssl_connection_status_; 191 int ssl_connection_status_;
190 192
191 // Stores client authentication information between ClientAuthHandler and 193 // Stores client authentication information between ClientAuthHandler and
192 // GetSSLCertRequestInfo calls. 194 // GetSSLCertRequestInfo calls.
193 std::vector<scoped_refptr<X509Certificate> > client_certs_; 195 std::vector<scoped_refptr<X509Certificate> > client_certs_;
194 bool client_auth_cert_needed_; 196 bool client_auth_cert_needed_;
195 197
196 scoped_ptr<CertVerifier> verifier_; 198 CertVerifier* const cert_verifier_;
199 scoped_ptr<SingleRequestCertVerifier> verifier_;
197 200
198 // True if NSS has called HandshakeCallback. 201 // True if NSS has called HandshakeCallback.
199 bool handshake_callback_called_; 202 bool handshake_callback_called_;
200 203
201 // True if the SSL handshake has been completed. 204 // True if the SSL handshake has been completed.
202 bool completed_handshake_; 205 bool completed_handshake_;
203 206
204 // True if we are lying about being connected in order to merge the first 207 // True if we are lying about being connected in order to merge the first
205 // Write call into a Snap Start handshake. 208 // Write call into a Snap Start handshake.
206 bool pseudo_connected_; 209 bool pseudo_connected_;
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
251 254
252 base::TimeTicks start_cert_verification_time_; 255 base::TimeTicks start_cert_verification_time_;
253 256
254 scoped_ptr<SSLHostInfo> ssl_host_info_; 257 scoped_ptr<SSLHostInfo> ssl_host_info_;
255 DnsCertProvenanceChecker* const dns_cert_checker_; 258 DnsCertProvenanceChecker* const dns_cert_checker_;
256 }; 259 };
257 260
258 } // namespace net 261 } // namespace net
259 262
260 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ 263 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_mac_factory.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698