Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 947603002: Shard the SSL session cache by version fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: be more clever Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 3338 matching lines...) Expand 10 before | Expand all | Expand 10 after
3349 // field at the beginning. PRNetAddr has a two-byte address 3349 // field at the beginning. PRNetAddr has a two-byte address
3350 // family field at the beginning. 3350 // family field at the beginning.
3351 peername.raw.family = storage.addr->sa_family; 3351 peername.raw.family = storage.addr->sa_family;
3352 3352
3353 memio_SetPeerName(nss_fd_, &peername); 3353 memio_SetPeerName(nss_fd_, &peername);
3354 3354
3355 // Set the peer ID for session reuse. This is necessary when we create an 3355 // Set the peer ID for session reuse. This is necessary when we create an
3356 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address 3356 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address
3357 // rather than the destination server's address in that case. 3357 // rather than the destination server's address in that case.
3358 std::string peer_id = host_and_port_.ToString(); 3358 std::string peer_id = host_and_port_.ToString();
3359 // If the ssl_session_cache_shard_ is non-empty, we append it to the peer id. 3359 // Append |ssl_session_cache_shard_| to the peer id. This is used to partition
3360 // This will cause session cache misses between sockets with different values 3360 // the session cache for incognito mode.
3361 // of ssl_session_cache_shard_ and this is used to partition the session cache 3361 peer_id += "/" + ssl_session_cache_shard_;
3362 // for incognito mode. 3362 peer_id += "/";
3363 if (!ssl_session_cache_shard_.empty()) { 3363 // Shard the session cache based on maximum protocol version. This causes
3364 peer_id += "/" + ssl_session_cache_shard_; 3364 // fallback connections to use a separate session cache.
3365 switch (ssl_config_.version_max) {
3366 case SSL_PROTOCOL_VERSION_SSL3:
3367 peer_id += "ssl3";
3368 break;
3369 case SSL_PROTOCOL_VERSION_TLS1:
3370 peer_id += "tls1";
3371 break;
3372 case SSL_PROTOCOL_VERSION_TLS1_1:
3373 peer_id += "tls1.1";
3374 break;
3375 case SSL_PROTOCOL_VERSION_TLS1_2:
3376 peer_id += "tls1.2";
3377 break;
3378 default:
3379 NOTREACHED();
3365 } 3380 }
3381
3366 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); 3382 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
3367 if (rv != SECSuccess) 3383 if (rv != SECSuccess)
3368 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); 3384 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str());
3369 3385
3370 return OK; 3386 return OK;
3371 } 3387 }
3372 3388
3373 void SSLClientSocketNSS::DoConnectCallback(int rv) { 3389 void SSLClientSocketNSS::DoConnectCallback(int rv) {
3374 EnterFunction(rv); 3390 EnterFunction(rv);
3375 DCHECK_NE(ERR_IO_PENDING, rv); 3391 DCHECK_NE(ERR_IO_PENDING, rv);
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
3637 scoped_refptr<X509Certificate> 3653 scoped_refptr<X509Certificate>
3638 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { 3654 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
3639 return core_->state().server_cert.get(); 3655 return core_->state().server_cert.get();
3640 } 3656 }
3641 3657
3642 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { 3658 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
3643 return channel_id_service_; 3659 return channel_id_service_;
3644 } 3660 }
3645 3661
3646 } // namespace net 3662 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698