Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(99)

Side by Side Diff: net/socket/ssl_host_info.cc

Issue 5386001: Cache certificate verification results in memory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_host_info.h ('k') | net/socket/tcp_client_socket_pool_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Property Changes:
Added: svn:eol-style
+ LF
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_host_info.h" 5 #include "net/socket/ssl_host_info.h"
6 6
7 #include "base/metrics/histogram.h" 7 #include "base/metrics/histogram.h"
8 #include "base/pickle.h" 8 #include "base/pickle.h"
9 #include "base/string_piece.h" 9 #include "base/string_piece.h"
10 #include "net/base/cert_verifier.h"
11 #include "net/base/ssl_config_service.h" 10 #include "net/base/ssl_config_service.h"
12 #include "net/base/x509_certificate.h" 11 #include "net/base/x509_certificate.h"
13 #include "net/socket/ssl_client_socket.h" 12 #include "net/socket/ssl_client_socket.h"
14 13
15 namespace net { 14 namespace net {
16 15
17 SSLHostInfo::State::State() 16 SSLHostInfo::State::State()
18 : npn_valid(false), 17 : npn_valid(false),
19 npn_status(SSLClientSocket::kNextProtoUnsupported) { 18 npn_status(SSLClientSocket::kNextProtoUnsupported) {
20 } 19 }
21 20
22 SSLHostInfo::State::~State() {} 21 SSLHostInfo::State::~State() {}
23 22
24 void SSLHostInfo::State::Clear() { 23 void SSLHostInfo::State::Clear() {
25 certs.clear(); 24 certs.clear();
26 server_hello.clear(); 25 server_hello.clear();
27 npn_valid = false; 26 npn_valid = false;
28 } 27 }
29 28
30 SSLHostInfo::SSLHostInfo( 29 SSLHostInfo::SSLHostInfo(
31 const std::string& hostname, 30 const std::string& hostname,
32 const SSLConfig& ssl_config) 31 const SSLConfig& ssl_config,
32 CertVerifier* cert_verifier)
33 : cert_verification_complete_(false), 33 : cert_verification_complete_(false),
34 cert_verification_error_(ERR_CERT_INVALID), 34 cert_verification_error_(ERR_CERT_INVALID),
35 hostname_(hostname), 35 hostname_(hostname),
36 cert_parsing_failed_(false), 36 cert_parsing_failed_(false),
37 cert_verification_callback_(NULL), 37 cert_verification_callback_(NULL),
38 rev_checking_enabled_(ssl_config.rev_checking_enabled), 38 rev_checking_enabled_(ssl_config.rev_checking_enabled),
39 verify_ev_cert_(ssl_config.verify_ev_cert), 39 verify_ev_cert_(ssl_config.verify_ev_cert),
40 verifier_(cert_verifier),
40 callback_(new CancelableCompletionCallback<SSLHostInfo>( 41 callback_(new CancelableCompletionCallback<SSLHostInfo>(
41 ALLOW_THIS_IN_INITIALIZER_LIST(this), 42 ALLOW_THIS_IN_INITIALIZER_LIST(this),
42 &SSLHostInfo::VerifyCallback)) { 43 &SSLHostInfo::VerifyCallback)) {
43 state_.npn_valid = false; 44 state_.npn_valid = false;
44 } 45 }
45 46
46 SSLHostInfo::~SSLHostInfo() {} 47 SSLHostInfo::~SSLHostInfo() {}
47 48
48 const SSLHostInfo::State& SSLHostInfo::state() const { 49 const SSLHostInfo::State& SSLHostInfo::state() const {
49 return state_; 50 return state_;
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
103 std::vector<base::StringPiece> der_certs(state->certs.size()); 104 std::vector<base::StringPiece> der_certs(state->certs.size());
104 for (size_t i = 0; i < state->certs.size(); i++) 105 for (size_t i = 0; i < state->certs.size(); i++)
105 der_certs[i] = state->certs[i]; 106 der_certs[i] = state->certs[i];
106 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); 107 cert_ = X509Certificate::CreateFromDERCertChain(der_certs);
107 if (cert_.get()) { 108 if (cert_.get()) {
108 int flags = 0; 109 int flags = 0;
109 if (verify_ev_cert_) 110 if (verify_ev_cert_)
110 flags |= X509Certificate::VERIFY_EV_CERT; 111 flags |= X509Certificate::VERIFY_EV_CERT;
111 if (rev_checking_enabled_) 112 if (rev_checking_enabled_)
112 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 113 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
113 verifier_.reset(new CertVerifier);
114 VLOG(1) << "Kicking off verification for " << hostname_; 114 VLOG(1) << "Kicking off verification for " << hostname_;
115 verification_start_time_ = base::TimeTicks::Now(); 115 verification_start_time_ = base::TimeTicks::Now();
116 verification_end_time_ = base::TimeTicks(); 116 verification_end_time_ = base::TimeTicks();
117 if (verifier_->Verify(cert_.get(), hostname_, flags, 117 if (verifier_.Verify(cert_.get(), hostname_, flags,
118 &cert_verify_result_, callback_) == OK) { 118 &cert_verify_result_, callback_) == OK) {
119 VerifyCallback(OK); 119 VerifyCallback(OK);
120 } 120 }
121 } else { 121 } else {
122 cert_parsing_failed_ = true; 122 cert_parsing_failed_ = true;
123 DCHECK(!cert_verification_callback_); 123 DCHECK(!cert_verification_callback_);
124 } 124 }
125 } 125 }
126 126
127 return true; 127 return true;
128 } 128 }
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
192 if (cert_verification_callback_) { 192 if (cert_verification_callback_) {
193 CompletionCallback* callback = cert_verification_callback_; 193 CompletionCallback* callback = cert_verification_callback_;
194 cert_verification_callback_ = NULL; 194 cert_verification_callback_ = NULL;
195 callback->Run(rv); 195 callback->Run(rv);
196 } 196 }
197 } 197 }
198 198
199 SSLHostInfoFactory::~SSLHostInfoFactory() {} 199 SSLHostInfoFactory::~SSLHostInfoFactory() {}
200 200
201 } // namespace net 201 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_host_info.h ('k') | net/socket/tcp_client_socket_pool_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698