OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_pool.h" | 5 #include "net/socket/ssl_client_socket_pool.h" |
6 | 6 |
7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
8 #include "base/values.h" | 8 #include "base/values.h" |
9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
10 #include "net/base/host_port_pair.h" | 10 #include "net/base/host_port_pair.h" |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
70 | 70 |
71 SSLConnectJob::SSLConnectJob( | 71 SSLConnectJob::SSLConnectJob( |
72 const std::string& group_name, | 72 const std::string& group_name, |
73 const scoped_refptr<SSLSocketParams>& params, | 73 const scoped_refptr<SSLSocketParams>& params, |
74 const base::TimeDelta& timeout_duration, | 74 const base::TimeDelta& timeout_duration, |
75 TCPClientSocketPool* tcp_pool, | 75 TCPClientSocketPool* tcp_pool, |
76 SOCKSClientSocketPool* socks_pool, | 76 SOCKSClientSocketPool* socks_pool, |
77 HttpProxyClientSocketPool* http_proxy_pool, | 77 HttpProxyClientSocketPool* http_proxy_pool, |
78 ClientSocketFactory* client_socket_factory, | 78 ClientSocketFactory* client_socket_factory, |
79 HostResolver* host_resolver, | 79 HostResolver* host_resolver, |
| 80 CertVerifier* cert_verifier, |
80 DnsRRResolver* dnsrr_resolver, | 81 DnsRRResolver* dnsrr_resolver, |
81 DnsCertProvenanceChecker* dns_cert_checker, | 82 DnsCertProvenanceChecker* dns_cert_checker, |
82 SSLHostInfoFactory* ssl_host_info_factory, | 83 SSLHostInfoFactory* ssl_host_info_factory, |
83 Delegate* delegate, | 84 Delegate* delegate, |
84 NetLog* net_log) | 85 NetLog* net_log) |
85 : ConnectJob(group_name, timeout_duration, delegate, | 86 : ConnectJob(group_name, timeout_duration, delegate, |
86 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)), | 87 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)), |
87 params_(params), | 88 params_(params), |
88 tcp_pool_(tcp_pool), | 89 tcp_pool_(tcp_pool), |
89 socks_pool_(socks_pool), | 90 socks_pool_(socks_pool), |
90 http_proxy_pool_(http_proxy_pool), | 91 http_proxy_pool_(http_proxy_pool), |
91 client_socket_factory_(client_socket_factory), | 92 client_socket_factory_(client_socket_factory), |
92 resolver_(host_resolver), | 93 host_resolver_(host_resolver), |
| 94 cert_verifier_(cert_verifier), |
93 dnsrr_resolver_(dnsrr_resolver), | 95 dnsrr_resolver_(dnsrr_resolver), |
94 dns_cert_checker_(dns_cert_checker), | 96 dns_cert_checker_(dns_cert_checker), |
95 ssl_host_info_factory_(ssl_host_info_factory), | 97 ssl_host_info_factory_(ssl_host_info_factory), |
96 ALLOW_THIS_IN_INITIALIZER_LIST( | 98 ALLOW_THIS_IN_INITIALIZER_LIST( |
97 callback_(this, &SSLConnectJob::OnIOComplete)) {} | 99 callback_(this, &SSLConnectJob::OnIOComplete)) {} |
98 | 100 |
99 SSLConnectJob::~SSLConnectJob() {} | 101 SSLConnectJob::~SSLConnectJob() {} |
100 | 102 |
101 LoadState SSLConnectJob::GetLoadState() const { | 103 LoadState SSLConnectJob::GetLoadState() const { |
102 switch (next_state_) { | 104 switch (next_state_) { |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
282 } | 284 } |
283 | 285 |
284 int SSLConnectJob::DoSSLConnect() { | 286 int SSLConnectJob::DoSSLConnect() { |
285 next_state_ = STATE_SSL_CONNECT_COMPLETE; | 287 next_state_ = STATE_SSL_CONNECT_COMPLETE; |
286 // Reset the timeout to just the time allowed for the SSL handshake. | 288 // Reset the timeout to just the time allowed for the SSL handshake. |
287 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds)); | 289 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds)); |
288 ssl_connect_start_time_ = base::TimeTicks::Now(); | 290 ssl_connect_start_time_ = base::TimeTicks::Now(); |
289 | 291 |
290 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket( | 292 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket( |
291 transport_socket_handle_.release(), params_->host_and_port(), | 293 transport_socket_handle_.release(), params_->host_and_port(), |
292 params_->ssl_config(), ssl_host_info_.release(), dns_cert_checker_)); | 294 params_->ssl_config(), ssl_host_info_.release(), cert_verifier_, |
| 295 dns_cert_checker_)); |
293 return ssl_socket_->Connect(&callback_); | 296 return ssl_socket_->Connect(&callback_); |
294 } | 297 } |
295 | 298 |
296 int SSLConnectJob::DoSSLConnectComplete(int result) { | 299 int SSLConnectJob::DoSSLConnectComplete(int result) { |
297 SSLClientSocket::NextProtoStatus status = | 300 SSLClientSocket::NextProtoStatus status = |
298 SSLClientSocket::kNextProtoUnsupported; | 301 SSLClientSocket::kNextProtoUnsupported; |
299 std::string proto; | 302 std::string proto; |
300 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket | 303 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket |
301 // that hasn't had SSL_ImportFD called on it. If we get a certificate error | 304 // that hasn't had SSL_ImportFD called on it. If we get a certificate error |
302 // here, then we know that we called SSL_ImportFD. | 305 // here, then we know that we called SSL_ImportFD. |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
353 return result; | 356 return result; |
354 } | 357 } |
355 | 358 |
356 ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob( | 359 ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob( |
357 const std::string& group_name, | 360 const std::string& group_name, |
358 const PoolBase::Request& request, | 361 const PoolBase::Request& request, |
359 ConnectJob::Delegate* delegate) const { | 362 ConnectJob::Delegate* delegate) const { |
360 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(), | 363 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(), |
361 tcp_pool_, socks_pool_, http_proxy_pool_, | 364 tcp_pool_, socks_pool_, http_proxy_pool_, |
362 client_socket_factory_, host_resolver_, | 365 client_socket_factory_, host_resolver_, |
363 dnsrr_resolver_, dns_cert_checker_, | 366 cert_verifier_, dnsrr_resolver_, dns_cert_checker_, |
364 ssl_host_info_factory_, delegate, net_log_); | 367 ssl_host_info_factory_, delegate, net_log_); |
365 } | 368 } |
366 | 369 |
367 SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( | 370 SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( |
368 TCPClientSocketPool* tcp_pool, | 371 TCPClientSocketPool* tcp_pool, |
369 SOCKSClientSocketPool* socks_pool, | 372 SOCKSClientSocketPool* socks_pool, |
370 HttpProxyClientSocketPool* http_proxy_pool, | 373 HttpProxyClientSocketPool* http_proxy_pool, |
371 ClientSocketFactory* client_socket_factory, | 374 ClientSocketFactory* client_socket_factory, |
372 HostResolver* host_resolver, | 375 HostResolver* host_resolver, |
| 376 CertVerifier* cert_verifier, |
373 DnsRRResolver* dnsrr_resolver, | 377 DnsRRResolver* dnsrr_resolver, |
374 DnsCertProvenanceChecker* dns_cert_checker, | 378 DnsCertProvenanceChecker* dns_cert_checker, |
375 SSLHostInfoFactory* ssl_host_info_factory, | 379 SSLHostInfoFactory* ssl_host_info_factory, |
376 NetLog* net_log) | 380 NetLog* net_log) |
377 : tcp_pool_(tcp_pool), | 381 : tcp_pool_(tcp_pool), |
378 socks_pool_(socks_pool), | 382 socks_pool_(socks_pool), |
379 http_proxy_pool_(http_proxy_pool), | 383 http_proxy_pool_(http_proxy_pool), |
380 client_socket_factory_(client_socket_factory), | 384 client_socket_factory_(client_socket_factory), |
381 host_resolver_(host_resolver), | 385 host_resolver_(host_resolver), |
| 386 cert_verifier_(cert_verifier), |
382 dnsrr_resolver_(dnsrr_resolver), | 387 dnsrr_resolver_(dnsrr_resolver), |
383 dns_cert_checker_(dns_cert_checker), | 388 dns_cert_checker_(dns_cert_checker), |
384 ssl_host_info_factory_(ssl_host_info_factory), | 389 ssl_host_info_factory_(ssl_host_info_factory), |
385 net_log_(net_log) { | 390 net_log_(net_log) { |
386 base::TimeDelta max_transport_timeout = base::TimeDelta(); | 391 base::TimeDelta max_transport_timeout = base::TimeDelta(); |
387 base::TimeDelta pool_timeout; | 392 base::TimeDelta pool_timeout; |
388 if (tcp_pool_) | 393 if (tcp_pool_) |
389 max_transport_timeout = tcp_pool_->ConnectionTimeout(); | 394 max_transport_timeout = tcp_pool_->ConnectionTimeout(); |
390 if (socks_pool_) { | 395 if (socks_pool_) { |
391 pool_timeout = socks_pool_->ConnectionTimeout(); | 396 pool_timeout = socks_pool_->ConnectionTimeout(); |
392 if (pool_timeout > max_transport_timeout) | 397 if (pool_timeout > max_transport_timeout) |
393 max_transport_timeout = pool_timeout; | 398 max_transport_timeout = pool_timeout; |
394 } | 399 } |
395 if (http_proxy_pool_) { | 400 if (http_proxy_pool_) { |
396 pool_timeout = http_proxy_pool_->ConnectionTimeout(); | 401 pool_timeout = http_proxy_pool_->ConnectionTimeout(); |
397 if (pool_timeout > max_transport_timeout) | 402 if (pool_timeout > max_transport_timeout) |
398 max_transport_timeout = pool_timeout; | 403 max_transport_timeout = pool_timeout; |
399 } | 404 } |
400 timeout_ = max_transport_timeout + | 405 timeout_ = max_transport_timeout + |
401 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds); | 406 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds); |
402 } | 407 } |
403 | 408 |
404 SSLClientSocketPool::SSLClientSocketPool( | 409 SSLClientSocketPool::SSLClientSocketPool( |
405 int max_sockets, | 410 int max_sockets, |
406 int max_sockets_per_group, | 411 int max_sockets_per_group, |
407 ClientSocketPoolHistograms* histograms, | 412 ClientSocketPoolHistograms* histograms, |
408 HostResolver* host_resolver, | 413 HostResolver* host_resolver, |
| 414 CertVerifier* cert_verifier, |
409 DnsRRResolver* dnsrr_resolver, | 415 DnsRRResolver* dnsrr_resolver, |
410 DnsCertProvenanceChecker* dns_cert_checker, | 416 DnsCertProvenanceChecker* dns_cert_checker, |
411 SSLHostInfoFactory* ssl_host_info_factory, | 417 SSLHostInfoFactory* ssl_host_info_factory, |
412 ClientSocketFactory* client_socket_factory, | 418 ClientSocketFactory* client_socket_factory, |
413 TCPClientSocketPool* tcp_pool, | 419 TCPClientSocketPool* tcp_pool, |
414 SOCKSClientSocketPool* socks_pool, | 420 SOCKSClientSocketPool* socks_pool, |
415 HttpProxyClientSocketPool* http_proxy_pool, | 421 HttpProxyClientSocketPool* http_proxy_pool, |
416 SSLConfigService* ssl_config_service, | 422 SSLConfigService* ssl_config_service, |
417 NetLog* net_log) | 423 NetLog* net_log) |
418 : tcp_pool_(tcp_pool), | 424 : tcp_pool_(tcp_pool), |
419 socks_pool_(socks_pool), | 425 socks_pool_(socks_pool), |
420 http_proxy_pool_(http_proxy_pool), | 426 http_proxy_pool_(http_proxy_pool), |
421 base_(max_sockets, max_sockets_per_group, histograms, | 427 base_(max_sockets, max_sockets_per_group, histograms, |
422 base::TimeDelta::FromSeconds( | 428 base::TimeDelta::FromSeconds( |
423 ClientSocketPool::unused_idle_socket_timeout()), | 429 ClientSocketPool::unused_idle_socket_timeout()), |
424 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout), | 430 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout), |
425 new SSLConnectJobFactory(tcp_pool, socks_pool, http_proxy_pool, | 431 new SSLConnectJobFactory(tcp_pool, socks_pool, http_proxy_pool, |
426 client_socket_factory, host_resolver, | 432 client_socket_factory, host_resolver, |
427 dnsrr_resolver, dns_cert_checker, | 433 cert_verifier, dnsrr_resolver, |
428 ssl_host_info_factory, | 434 dns_cert_checker, ssl_host_info_factory, |
429 net_log)), | 435 net_log)), |
430 ssl_config_service_(ssl_config_service) { | 436 ssl_config_service_(ssl_config_service) { |
431 if (ssl_config_service_) | 437 if (ssl_config_service_) |
432 ssl_config_service_->AddObserver(this); | 438 ssl_config_service_->AddObserver(this); |
433 } | 439 } |
434 | 440 |
435 SSLClientSocketPool::~SSLClientSocketPool() { | 441 SSLClientSocketPool::~SSLClientSocketPool() { |
436 if (ssl_config_service_) | 442 if (ssl_config_service_) |
437 ssl_config_service_->RemoveObserver(this); | 443 ssl_config_service_->RemoveObserver(this); |
438 } | 444 } |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
526 | 532 |
527 base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const { | 533 base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const { |
528 return base_.ConnectionTimeout(); | 534 return base_.ConnectionTimeout(); |
529 } | 535 } |
530 | 536 |
531 ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const { | 537 ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const { |
532 return base_.histograms(); | 538 return base_.histograms(); |
533 } | 539 } |
534 | 540 |
535 } // namespace net | 541 } // namespace net |
OLD | NEW |