| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_pool.h" | 5 #include "net/socket/ssl_client_socket_pool.h" |
| 6 | 6 |
| 7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
| 8 #include "base/values.h" | 8 #include "base/values.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/base/host_port_pair.h" | 10 #include "net/base/host_port_pair.h" |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 | 70 |
| 71 SSLConnectJob::SSLConnectJob( | 71 SSLConnectJob::SSLConnectJob( |
| 72 const std::string& group_name, | 72 const std::string& group_name, |
| 73 const scoped_refptr<SSLSocketParams>& params, | 73 const scoped_refptr<SSLSocketParams>& params, |
| 74 const base::TimeDelta& timeout_duration, | 74 const base::TimeDelta& timeout_duration, |
| 75 TCPClientSocketPool* tcp_pool, | 75 TCPClientSocketPool* tcp_pool, |
| 76 SOCKSClientSocketPool* socks_pool, | 76 SOCKSClientSocketPool* socks_pool, |
| 77 HttpProxyClientSocketPool* http_proxy_pool, | 77 HttpProxyClientSocketPool* http_proxy_pool, |
| 78 ClientSocketFactory* client_socket_factory, | 78 ClientSocketFactory* client_socket_factory, |
| 79 HostResolver* host_resolver, | 79 HostResolver* host_resolver, |
| 80 CertVerifier* cert_verifier, |
| 80 DnsRRResolver* dnsrr_resolver, | 81 DnsRRResolver* dnsrr_resolver, |
| 81 DnsCertProvenanceChecker* dns_cert_checker, | 82 DnsCertProvenanceChecker* dns_cert_checker, |
| 82 SSLHostInfoFactory* ssl_host_info_factory, | 83 SSLHostInfoFactory* ssl_host_info_factory, |
| 83 Delegate* delegate, | 84 Delegate* delegate, |
| 84 NetLog* net_log) | 85 NetLog* net_log) |
| 85 : ConnectJob(group_name, timeout_duration, delegate, | 86 : ConnectJob(group_name, timeout_duration, delegate, |
| 86 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)), | 87 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)), |
| 87 params_(params), | 88 params_(params), |
| 88 tcp_pool_(tcp_pool), | 89 tcp_pool_(tcp_pool), |
| 89 socks_pool_(socks_pool), | 90 socks_pool_(socks_pool), |
| 90 http_proxy_pool_(http_proxy_pool), | 91 http_proxy_pool_(http_proxy_pool), |
| 91 client_socket_factory_(client_socket_factory), | 92 client_socket_factory_(client_socket_factory), |
| 92 resolver_(host_resolver), | 93 host_resolver_(host_resolver), |
| 94 cert_verifier_(cert_verifier), |
| 93 dnsrr_resolver_(dnsrr_resolver), | 95 dnsrr_resolver_(dnsrr_resolver), |
| 94 dns_cert_checker_(dns_cert_checker), | 96 dns_cert_checker_(dns_cert_checker), |
| 95 ssl_host_info_factory_(ssl_host_info_factory), | 97 ssl_host_info_factory_(ssl_host_info_factory), |
| 96 ALLOW_THIS_IN_INITIALIZER_LIST( | 98 ALLOW_THIS_IN_INITIALIZER_LIST( |
| 97 callback_(this, &SSLConnectJob::OnIOComplete)) {} | 99 callback_(this, &SSLConnectJob::OnIOComplete)) {} |
| 98 | 100 |
| 99 SSLConnectJob::~SSLConnectJob() {} | 101 SSLConnectJob::~SSLConnectJob() {} |
| 100 | 102 |
| 101 LoadState SSLConnectJob::GetLoadState() const { | 103 LoadState SSLConnectJob::GetLoadState() const { |
| 102 switch (next_state_) { | 104 switch (next_state_) { |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 282 } | 284 } |
| 283 | 285 |
| 284 int SSLConnectJob::DoSSLConnect() { | 286 int SSLConnectJob::DoSSLConnect() { |
| 285 next_state_ = STATE_SSL_CONNECT_COMPLETE; | 287 next_state_ = STATE_SSL_CONNECT_COMPLETE; |
| 286 // Reset the timeout to just the time allowed for the SSL handshake. | 288 // Reset the timeout to just the time allowed for the SSL handshake. |
| 287 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds)); | 289 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds)); |
| 288 ssl_connect_start_time_ = base::TimeTicks::Now(); | 290 ssl_connect_start_time_ = base::TimeTicks::Now(); |
| 289 | 291 |
| 290 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket( | 292 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket( |
| 291 transport_socket_handle_.release(), params_->host_and_port(), | 293 transport_socket_handle_.release(), params_->host_and_port(), |
| 292 params_->ssl_config(), ssl_host_info_.release(), dns_cert_checker_)); | 294 params_->ssl_config(), ssl_host_info_.release(), cert_verifier_, |
| 295 dns_cert_checker_)); |
| 293 return ssl_socket_->Connect(&callback_); | 296 return ssl_socket_->Connect(&callback_); |
| 294 } | 297 } |
| 295 | 298 |
| 296 int SSLConnectJob::DoSSLConnectComplete(int result) { | 299 int SSLConnectJob::DoSSLConnectComplete(int result) { |
| 297 SSLClientSocket::NextProtoStatus status = | 300 SSLClientSocket::NextProtoStatus status = |
| 298 SSLClientSocket::kNextProtoUnsupported; | 301 SSLClientSocket::kNextProtoUnsupported; |
| 299 std::string proto; | 302 std::string proto; |
| 300 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket | 303 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket |
| 301 // that hasn't had SSL_ImportFD called on it. If we get a certificate error | 304 // that hasn't had SSL_ImportFD called on it. If we get a certificate error |
| 302 // here, then we know that we called SSL_ImportFD. | 305 // here, then we know that we called SSL_ImportFD. |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 353 return result; | 356 return result; |
| 354 } | 357 } |
| 355 | 358 |
| 356 ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob( | 359 ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob( |
| 357 const std::string& group_name, | 360 const std::string& group_name, |
| 358 const PoolBase::Request& request, | 361 const PoolBase::Request& request, |
| 359 ConnectJob::Delegate* delegate) const { | 362 ConnectJob::Delegate* delegate) const { |
| 360 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(), | 363 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(), |
| 361 tcp_pool_, socks_pool_, http_proxy_pool_, | 364 tcp_pool_, socks_pool_, http_proxy_pool_, |
| 362 client_socket_factory_, host_resolver_, | 365 client_socket_factory_, host_resolver_, |
| 363 dnsrr_resolver_, dns_cert_checker_, | 366 cert_verifier_, dnsrr_resolver_, dns_cert_checker_, |
| 364 ssl_host_info_factory_, delegate, net_log_); | 367 ssl_host_info_factory_, delegate, net_log_); |
| 365 } | 368 } |
| 366 | 369 |
| 367 SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( | 370 SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( |
| 368 TCPClientSocketPool* tcp_pool, | 371 TCPClientSocketPool* tcp_pool, |
| 369 SOCKSClientSocketPool* socks_pool, | 372 SOCKSClientSocketPool* socks_pool, |
| 370 HttpProxyClientSocketPool* http_proxy_pool, | 373 HttpProxyClientSocketPool* http_proxy_pool, |
| 371 ClientSocketFactory* client_socket_factory, | 374 ClientSocketFactory* client_socket_factory, |
| 372 HostResolver* host_resolver, | 375 HostResolver* host_resolver, |
| 376 CertVerifier* cert_verifier, |
| 373 DnsRRResolver* dnsrr_resolver, | 377 DnsRRResolver* dnsrr_resolver, |
| 374 DnsCertProvenanceChecker* dns_cert_checker, | 378 DnsCertProvenanceChecker* dns_cert_checker, |
| 375 SSLHostInfoFactory* ssl_host_info_factory, | 379 SSLHostInfoFactory* ssl_host_info_factory, |
| 376 NetLog* net_log) | 380 NetLog* net_log) |
| 377 : tcp_pool_(tcp_pool), | 381 : tcp_pool_(tcp_pool), |
| 378 socks_pool_(socks_pool), | 382 socks_pool_(socks_pool), |
| 379 http_proxy_pool_(http_proxy_pool), | 383 http_proxy_pool_(http_proxy_pool), |
| 380 client_socket_factory_(client_socket_factory), | 384 client_socket_factory_(client_socket_factory), |
| 381 host_resolver_(host_resolver), | 385 host_resolver_(host_resolver), |
| 386 cert_verifier_(cert_verifier), |
| 382 dnsrr_resolver_(dnsrr_resolver), | 387 dnsrr_resolver_(dnsrr_resolver), |
| 383 dns_cert_checker_(dns_cert_checker), | 388 dns_cert_checker_(dns_cert_checker), |
| 384 ssl_host_info_factory_(ssl_host_info_factory), | 389 ssl_host_info_factory_(ssl_host_info_factory), |
| 385 net_log_(net_log) { | 390 net_log_(net_log) { |
| 386 base::TimeDelta max_transport_timeout = base::TimeDelta(); | 391 base::TimeDelta max_transport_timeout = base::TimeDelta(); |
| 387 base::TimeDelta pool_timeout; | 392 base::TimeDelta pool_timeout; |
| 388 if (tcp_pool_) | 393 if (tcp_pool_) |
| 389 max_transport_timeout = tcp_pool_->ConnectionTimeout(); | 394 max_transport_timeout = tcp_pool_->ConnectionTimeout(); |
| 390 if (socks_pool_) { | 395 if (socks_pool_) { |
| 391 pool_timeout = socks_pool_->ConnectionTimeout(); | 396 pool_timeout = socks_pool_->ConnectionTimeout(); |
| 392 if (pool_timeout > max_transport_timeout) | 397 if (pool_timeout > max_transport_timeout) |
| 393 max_transport_timeout = pool_timeout; | 398 max_transport_timeout = pool_timeout; |
| 394 } | 399 } |
| 395 if (http_proxy_pool_) { | 400 if (http_proxy_pool_) { |
| 396 pool_timeout = http_proxy_pool_->ConnectionTimeout(); | 401 pool_timeout = http_proxy_pool_->ConnectionTimeout(); |
| 397 if (pool_timeout > max_transport_timeout) | 402 if (pool_timeout > max_transport_timeout) |
| 398 max_transport_timeout = pool_timeout; | 403 max_transport_timeout = pool_timeout; |
| 399 } | 404 } |
| 400 timeout_ = max_transport_timeout + | 405 timeout_ = max_transport_timeout + |
| 401 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds); | 406 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds); |
| 402 } | 407 } |
| 403 | 408 |
| 404 SSLClientSocketPool::SSLClientSocketPool( | 409 SSLClientSocketPool::SSLClientSocketPool( |
| 405 int max_sockets, | 410 int max_sockets, |
| 406 int max_sockets_per_group, | 411 int max_sockets_per_group, |
| 407 ClientSocketPoolHistograms* histograms, | 412 ClientSocketPoolHistograms* histograms, |
| 408 HostResolver* host_resolver, | 413 HostResolver* host_resolver, |
| 414 CertVerifier* cert_verifier, |
| 409 DnsRRResolver* dnsrr_resolver, | 415 DnsRRResolver* dnsrr_resolver, |
| 410 DnsCertProvenanceChecker* dns_cert_checker, | 416 DnsCertProvenanceChecker* dns_cert_checker, |
| 411 SSLHostInfoFactory* ssl_host_info_factory, | 417 SSLHostInfoFactory* ssl_host_info_factory, |
| 412 ClientSocketFactory* client_socket_factory, | 418 ClientSocketFactory* client_socket_factory, |
| 413 TCPClientSocketPool* tcp_pool, | 419 TCPClientSocketPool* tcp_pool, |
| 414 SOCKSClientSocketPool* socks_pool, | 420 SOCKSClientSocketPool* socks_pool, |
| 415 HttpProxyClientSocketPool* http_proxy_pool, | 421 HttpProxyClientSocketPool* http_proxy_pool, |
| 416 SSLConfigService* ssl_config_service, | 422 SSLConfigService* ssl_config_service, |
| 417 NetLog* net_log) | 423 NetLog* net_log) |
| 418 : tcp_pool_(tcp_pool), | 424 : tcp_pool_(tcp_pool), |
| 419 socks_pool_(socks_pool), | 425 socks_pool_(socks_pool), |
| 420 http_proxy_pool_(http_proxy_pool), | 426 http_proxy_pool_(http_proxy_pool), |
| 421 base_(max_sockets, max_sockets_per_group, histograms, | 427 base_(max_sockets, max_sockets_per_group, histograms, |
| 422 base::TimeDelta::FromSeconds( | 428 base::TimeDelta::FromSeconds( |
| 423 ClientSocketPool::unused_idle_socket_timeout()), | 429 ClientSocketPool::unused_idle_socket_timeout()), |
| 424 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout), | 430 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout), |
| 425 new SSLConnectJobFactory(tcp_pool, socks_pool, http_proxy_pool, | 431 new SSLConnectJobFactory(tcp_pool, socks_pool, http_proxy_pool, |
| 426 client_socket_factory, host_resolver, | 432 client_socket_factory, host_resolver, |
| 427 dnsrr_resolver, dns_cert_checker, | 433 cert_verifier, dnsrr_resolver, |
| 428 ssl_host_info_factory, | 434 dns_cert_checker, ssl_host_info_factory, |
| 429 net_log)), | 435 net_log)), |
| 430 ssl_config_service_(ssl_config_service) { | 436 ssl_config_service_(ssl_config_service) { |
| 431 if (ssl_config_service_) | 437 if (ssl_config_service_) |
| 432 ssl_config_service_->AddObserver(this); | 438 ssl_config_service_->AddObserver(this); |
| 433 } | 439 } |
| 434 | 440 |
| 435 SSLClientSocketPool::~SSLClientSocketPool() { | 441 SSLClientSocketPool::~SSLClientSocketPool() { |
| 436 if (ssl_config_service_) | 442 if (ssl_config_service_) |
| 437 ssl_config_service_->RemoveObserver(this); | 443 ssl_config_service_->RemoveObserver(this); |
| 438 } | 444 } |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 526 | 532 |
| 527 base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const { | 533 base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const { |
| 528 return base_.ConnectionTimeout(); | 534 return base_.ConnectionTimeout(); |
| 529 } | 535 } |
| 530 | 536 |
| 531 ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const { | 537 ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const { |
| 532 return base_.histograms(); | 538 return base_.histograms(); |
| 533 } | 539 } |
| 534 | 540 |
| 535 } // namespace net | 541 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5386001:
Cache certificate verification results in memory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/