Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(190)

Side by Side Diff: net/socket/ssl_client_socket_pool.cc

Issue 5386001: Cache certificate verification results in memory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_pool.h ('k') | net/socket/ssl_client_socket_pool_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_pool.h" 5 #include "net/socket/ssl_client_socket_pool.h"
6 6
7 #include "base/metrics/histogram.h" 7 #include "base/metrics/histogram.h"
8 #include "base/values.h" 8 #include "base/values.h"
9 #include "net/base/net_errors.h" 9 #include "net/base/net_errors.h"
10 #include "net/base/host_port_pair.h" 10 #include "net/base/host_port_pair.h"
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
70 70
71 SSLConnectJob::SSLConnectJob( 71 SSLConnectJob::SSLConnectJob(
72 const std::string& group_name, 72 const std::string& group_name,
73 const scoped_refptr<SSLSocketParams>& params, 73 const scoped_refptr<SSLSocketParams>& params,
74 const base::TimeDelta& timeout_duration, 74 const base::TimeDelta& timeout_duration,
75 TCPClientSocketPool* tcp_pool, 75 TCPClientSocketPool* tcp_pool,
76 SOCKSClientSocketPool* socks_pool, 76 SOCKSClientSocketPool* socks_pool,
77 HttpProxyClientSocketPool* http_proxy_pool, 77 HttpProxyClientSocketPool* http_proxy_pool,
78 ClientSocketFactory* client_socket_factory, 78 ClientSocketFactory* client_socket_factory,
79 HostResolver* host_resolver, 79 HostResolver* host_resolver,
80 CertVerifier* cert_verifier,
80 DnsRRResolver* dnsrr_resolver, 81 DnsRRResolver* dnsrr_resolver,
81 DnsCertProvenanceChecker* dns_cert_checker, 82 DnsCertProvenanceChecker* dns_cert_checker,
82 SSLHostInfoFactory* ssl_host_info_factory, 83 SSLHostInfoFactory* ssl_host_info_factory,
83 Delegate* delegate, 84 Delegate* delegate,
84 NetLog* net_log) 85 NetLog* net_log)
85 : ConnectJob(group_name, timeout_duration, delegate, 86 : ConnectJob(group_name, timeout_duration, delegate,
86 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)), 87 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)),
87 params_(params), 88 params_(params),
88 tcp_pool_(tcp_pool), 89 tcp_pool_(tcp_pool),
89 socks_pool_(socks_pool), 90 socks_pool_(socks_pool),
90 http_proxy_pool_(http_proxy_pool), 91 http_proxy_pool_(http_proxy_pool),
91 client_socket_factory_(client_socket_factory), 92 client_socket_factory_(client_socket_factory),
92 resolver_(host_resolver), 93 host_resolver_(host_resolver),
94 cert_verifier_(cert_verifier),
93 dnsrr_resolver_(dnsrr_resolver), 95 dnsrr_resolver_(dnsrr_resolver),
94 dns_cert_checker_(dns_cert_checker), 96 dns_cert_checker_(dns_cert_checker),
95 ssl_host_info_factory_(ssl_host_info_factory), 97 ssl_host_info_factory_(ssl_host_info_factory),
96 ALLOW_THIS_IN_INITIALIZER_LIST( 98 ALLOW_THIS_IN_INITIALIZER_LIST(
97 callback_(this, &SSLConnectJob::OnIOComplete)) {} 99 callback_(this, &SSLConnectJob::OnIOComplete)) {}
98 100
99 SSLConnectJob::~SSLConnectJob() {} 101 SSLConnectJob::~SSLConnectJob() {}
100 102
101 LoadState SSLConnectJob::GetLoadState() const { 103 LoadState SSLConnectJob::GetLoadState() const {
102 switch (next_state_) { 104 switch (next_state_) {
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after
282 } 284 }
283 285
284 int SSLConnectJob::DoSSLConnect() { 286 int SSLConnectJob::DoSSLConnect() {
285 next_state_ = STATE_SSL_CONNECT_COMPLETE; 287 next_state_ = STATE_SSL_CONNECT_COMPLETE;
286 // Reset the timeout to just the time allowed for the SSL handshake. 288 // Reset the timeout to just the time allowed for the SSL handshake.
287 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds)); 289 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds));
288 ssl_connect_start_time_ = base::TimeTicks::Now(); 290 ssl_connect_start_time_ = base::TimeTicks::Now();
289 291
290 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket( 292 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
291 transport_socket_handle_.release(), params_->host_and_port(), 293 transport_socket_handle_.release(), params_->host_and_port(),
292 params_->ssl_config(), ssl_host_info_.release(), dns_cert_checker_)); 294 params_->ssl_config(), ssl_host_info_.release(), cert_verifier_,
295 dns_cert_checker_));
293 return ssl_socket_->Connect(&callback_); 296 return ssl_socket_->Connect(&callback_);
294 } 297 }
295 298
296 int SSLConnectJob::DoSSLConnectComplete(int result) { 299 int SSLConnectJob::DoSSLConnectComplete(int result) {
297 SSLClientSocket::NextProtoStatus status = 300 SSLClientSocket::NextProtoStatus status =
298 SSLClientSocket::kNextProtoUnsupported; 301 SSLClientSocket::kNextProtoUnsupported;
299 std::string proto; 302 std::string proto;
300 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket 303 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket
301 // that hasn't had SSL_ImportFD called on it. If we get a certificate error 304 // that hasn't had SSL_ImportFD called on it. If we get a certificate error
302 // here, then we know that we called SSL_ImportFD. 305 // here, then we know that we called SSL_ImportFD.
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
353 return result; 356 return result;
354 } 357 }
355 358
356 ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob( 359 ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
357 const std::string& group_name, 360 const std::string& group_name,
358 const PoolBase::Request& request, 361 const PoolBase::Request& request,
359 ConnectJob::Delegate* delegate) const { 362 ConnectJob::Delegate* delegate) const {
360 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(), 363 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(),
361 tcp_pool_, socks_pool_, http_proxy_pool_, 364 tcp_pool_, socks_pool_, http_proxy_pool_,
362 client_socket_factory_, host_resolver_, 365 client_socket_factory_, host_resolver_,
363 dnsrr_resolver_, dns_cert_checker_, 366 cert_verifier_, dnsrr_resolver_, dns_cert_checker_,
364 ssl_host_info_factory_, delegate, net_log_); 367 ssl_host_info_factory_, delegate, net_log_);
365 } 368 }
366 369
367 SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( 370 SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
368 TCPClientSocketPool* tcp_pool, 371 TCPClientSocketPool* tcp_pool,
369 SOCKSClientSocketPool* socks_pool, 372 SOCKSClientSocketPool* socks_pool,
370 HttpProxyClientSocketPool* http_proxy_pool, 373 HttpProxyClientSocketPool* http_proxy_pool,
371 ClientSocketFactory* client_socket_factory, 374 ClientSocketFactory* client_socket_factory,
372 HostResolver* host_resolver, 375 HostResolver* host_resolver,
376 CertVerifier* cert_verifier,
373 DnsRRResolver* dnsrr_resolver, 377 DnsRRResolver* dnsrr_resolver,
374 DnsCertProvenanceChecker* dns_cert_checker, 378 DnsCertProvenanceChecker* dns_cert_checker,
375 SSLHostInfoFactory* ssl_host_info_factory, 379 SSLHostInfoFactory* ssl_host_info_factory,
376 NetLog* net_log) 380 NetLog* net_log)
377 : tcp_pool_(tcp_pool), 381 : tcp_pool_(tcp_pool),
378 socks_pool_(socks_pool), 382 socks_pool_(socks_pool),
379 http_proxy_pool_(http_proxy_pool), 383 http_proxy_pool_(http_proxy_pool),
380 client_socket_factory_(client_socket_factory), 384 client_socket_factory_(client_socket_factory),
381 host_resolver_(host_resolver), 385 host_resolver_(host_resolver),
386 cert_verifier_(cert_verifier),
382 dnsrr_resolver_(dnsrr_resolver), 387 dnsrr_resolver_(dnsrr_resolver),
383 dns_cert_checker_(dns_cert_checker), 388 dns_cert_checker_(dns_cert_checker),
384 ssl_host_info_factory_(ssl_host_info_factory), 389 ssl_host_info_factory_(ssl_host_info_factory),
385 net_log_(net_log) { 390 net_log_(net_log) {
386 base::TimeDelta max_transport_timeout = base::TimeDelta(); 391 base::TimeDelta max_transport_timeout = base::TimeDelta();
387 base::TimeDelta pool_timeout; 392 base::TimeDelta pool_timeout;
388 if (tcp_pool_) 393 if (tcp_pool_)
389 max_transport_timeout = tcp_pool_->ConnectionTimeout(); 394 max_transport_timeout = tcp_pool_->ConnectionTimeout();
390 if (socks_pool_) { 395 if (socks_pool_) {
391 pool_timeout = socks_pool_->ConnectionTimeout(); 396 pool_timeout = socks_pool_->ConnectionTimeout();
392 if (pool_timeout > max_transport_timeout) 397 if (pool_timeout > max_transport_timeout)
393 max_transport_timeout = pool_timeout; 398 max_transport_timeout = pool_timeout;
394 } 399 }
395 if (http_proxy_pool_) { 400 if (http_proxy_pool_) {
396 pool_timeout = http_proxy_pool_->ConnectionTimeout(); 401 pool_timeout = http_proxy_pool_->ConnectionTimeout();
397 if (pool_timeout > max_transport_timeout) 402 if (pool_timeout > max_transport_timeout)
398 max_transport_timeout = pool_timeout; 403 max_transport_timeout = pool_timeout;
399 } 404 }
400 timeout_ = max_transport_timeout + 405 timeout_ = max_transport_timeout +
401 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds); 406 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds);
402 } 407 }
403 408
404 SSLClientSocketPool::SSLClientSocketPool( 409 SSLClientSocketPool::SSLClientSocketPool(
405 int max_sockets, 410 int max_sockets,
406 int max_sockets_per_group, 411 int max_sockets_per_group,
407 ClientSocketPoolHistograms* histograms, 412 ClientSocketPoolHistograms* histograms,
408 HostResolver* host_resolver, 413 HostResolver* host_resolver,
414 CertVerifier* cert_verifier,
409 DnsRRResolver* dnsrr_resolver, 415 DnsRRResolver* dnsrr_resolver,
410 DnsCertProvenanceChecker* dns_cert_checker, 416 DnsCertProvenanceChecker* dns_cert_checker,
411 SSLHostInfoFactory* ssl_host_info_factory, 417 SSLHostInfoFactory* ssl_host_info_factory,
412 ClientSocketFactory* client_socket_factory, 418 ClientSocketFactory* client_socket_factory,
413 TCPClientSocketPool* tcp_pool, 419 TCPClientSocketPool* tcp_pool,
414 SOCKSClientSocketPool* socks_pool, 420 SOCKSClientSocketPool* socks_pool,
415 HttpProxyClientSocketPool* http_proxy_pool, 421 HttpProxyClientSocketPool* http_proxy_pool,
416 SSLConfigService* ssl_config_service, 422 SSLConfigService* ssl_config_service,
417 NetLog* net_log) 423 NetLog* net_log)
418 : tcp_pool_(tcp_pool), 424 : tcp_pool_(tcp_pool),
419 socks_pool_(socks_pool), 425 socks_pool_(socks_pool),
420 http_proxy_pool_(http_proxy_pool), 426 http_proxy_pool_(http_proxy_pool),
421 base_(max_sockets, max_sockets_per_group, histograms, 427 base_(max_sockets, max_sockets_per_group, histograms,
422 base::TimeDelta::FromSeconds( 428 base::TimeDelta::FromSeconds(
423 ClientSocketPool::unused_idle_socket_timeout()), 429 ClientSocketPool::unused_idle_socket_timeout()),
424 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout), 430 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout),
425 new SSLConnectJobFactory(tcp_pool, socks_pool, http_proxy_pool, 431 new SSLConnectJobFactory(tcp_pool, socks_pool, http_proxy_pool,
426 client_socket_factory, host_resolver, 432 client_socket_factory, host_resolver,
427 dnsrr_resolver, dns_cert_checker, 433 cert_verifier, dnsrr_resolver,
428 ssl_host_info_factory, 434 dns_cert_checker, ssl_host_info_factory,
429 net_log)), 435 net_log)),
430 ssl_config_service_(ssl_config_service) { 436 ssl_config_service_(ssl_config_service) {
431 if (ssl_config_service_) 437 if (ssl_config_service_)
432 ssl_config_service_->AddObserver(this); 438 ssl_config_service_->AddObserver(this);
433 } 439 }
434 440
435 SSLClientSocketPool::~SSLClientSocketPool() { 441 SSLClientSocketPool::~SSLClientSocketPool() {
436 if (ssl_config_service_) 442 if (ssl_config_service_)
437 ssl_config_service_->RemoveObserver(this); 443 ssl_config_service_->RemoveObserver(this);
438 } 444 }
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
526 532
527 base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const { 533 base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const {
528 return base_.ConnectionTimeout(); 534 return base_.ConnectionTimeout();
529 } 535 }
530 536
531 ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const { 537 ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const {
532 return base_.histograms(); 538 return base_.histograms();
533 } 539 }
534 540
535 } // namespace net 541 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_pool.h ('k') | net/socket/ssl_client_socket_pool_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698