Chromium Code Reviews Chromium Code Reviews
Issue 981723008:
Unwind the SSL connection holdback experiment and remove related code (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_session_cache_openssl.h" | 5 #include "net/socket/ssl_session_cache_openssl.h" |
| 6 | 6 |
| 7 #include <list> | 7 #include <list> |
| 8 #include <map> | 8 #include <map> |
| 9 | 9 |
| 10 #include <openssl/rand.h> | 10 #include <openssl/rand.h> |
| (...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 246 return false; // Session has not yet been marked good. Treat as a miss. | 246 return false; // Session has not yet been marked good. Treat as a miss. |
| 247 | 247 |
| 248 // Move to front of MRU list. | 248 // Move to front of MRU list. |
| 249 ordering_.push_front(session); | 249 ordering_.push_front(session); |
| 250 ordering_.erase(it->second); | 250 ordering_.erase(it->second); |
| 251 it->second = ordering_.begin(); | 251 it->second = ordering_.begin(); |
| 252 | 252 |
| 253 return SSL_set_session(ssl, session) == 1; | 253 return SSL_set_session(ssl, session) == 1; |
| 254 } | 254 } |
| 255 | 255 |
| 256 // Return true iff a cached session was associated with the given |cache_key|. | |
| 257 bool SSLSessionIsInCache(const std::string& cache_key) const { | |
| 258 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
| 259 tracked_objects::ScopedTracker tracking_profile( | |
| 260 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
| 261 "424386 SSLSessionCacheOpenSSLImpl::SSLSessionIsInCache")); | |
| 262 | |
| 263 base::AutoLock locked(lock_); | |
| 264 KeyIndex::const_iterator it = key_index_.find(cache_key); | |
| 265 if (it == key_index_.end()) | |
| 266 return false; | |
| 267 | |
| 268 SSL_SESSION* session = *it->second; | |
| 269 DCHECK(session); | |
| 270 | |
| 271 void* session_is_good = | |
| 272 SSL_SESSION_get_ex_data(session, GetSSLSessionExIndex()); | |
| 273 | |
| 274 return session_is_good != NULL; | |
| 275 } | |
| 276 | |
| 277 void MarkSSLSessionAsGood(SSL* ssl) { | 256 void MarkSSLSessionAsGood(SSL* ssl) { |
| 278 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 257 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 279 tracked_objects::ScopedTracker tracking_profile( | 258 tracked_objects::ScopedTracker tracking_profile( |
| 280 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 259 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 281 "424386 SSLSessionCacheOpenSSLImpl::MarkSSLSessionAsGood")); | 260 "424386 SSLSessionCacheOpenSSLImpl::MarkSSLSessionAsGood")); |
| 282 | 261 |
| 283 SSL_SESSION* session = SSL_get_session(ssl); | 262 SSL_SESSION* session = SSL_get_session(ssl); |
| 284 CHECK(session); | 263 if (!session) |
| 264 return; | |
|
davidben
2015/03/09 18:02:36
(I think the CHECK is actually correct too, but I'
| |
| 285 | 265 |
| 286 // Mark the session as good, allowing it to be used for future connections. | 266 // Mark the session as good, allowing it to be used for future connections. |
| 287 SSL_SESSION_set_ex_data( | 267 SSL_SESSION_set_ex_data( |
| 288 session, GetSSLSessionExIndex(), reinterpret_cast<void*>(1)); | 268 session, GetSSLSessionExIndex(), reinterpret_cast<void*>(1)); |
| 289 } | 269 } |
| 290 | 270 |
| 291 // Flush all entries from the cache. | 271 // Flush all entries from the cache. |
| 292 void Flush() { | 272 void Flush() { |
| 293 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 273 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 294 tracked_objects::ScopedTracker tracking_profile( | 274 tracked_objects::ScopedTracker tracking_profile( |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 387 // |ssl| connection. Note that the session's reference count was already | 367 // |ssl| connection. Note that the session's reference count was already |
| 388 // incremented before the function is entered. The function must return 1 | 368 // incremented before the function is entered. The function must return 1 |
| 389 // to indicate that it took ownership of the session, i.e. that the caller | 369 // to indicate that it took ownership of the session, i.e. that the caller |
| 390 // should not decrement its reference count after completion. | 370 // should not decrement its reference count after completion. |
| 391 static int NewSessionCallbackStatic(SSL* ssl, SSL_SESSION* session) { | 371 static int NewSessionCallbackStatic(SSL* ssl, SSL_SESSION* session) { |
| 392 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 372 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 393 tracked_objects::ScopedTracker tracking_profile( | 373 tracked_objects::ScopedTracker tracking_profile( |
| 394 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 374 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 395 "424386 SSLSessionCacheOpenSSLImpl::NewSessionCallbackStatic")); | 375 "424386 SSLSessionCacheOpenSSLImpl::NewSessionCallbackStatic")); |
| 396 | 376 |
| 397 SSLSessionCacheOpenSSLImpl* cache = GetCache(ssl->ctx); | 377 GetCache(ssl->ctx)->OnSessionAdded(ssl, session); |
| 398 cache->OnSessionAdded(ssl, session); | |
| 399 return 1; | 378 return 1; |
| 400 } | 379 } |
| 401 | 380 |
| 402 // Called by OpenSSL to indicate that a session must be removed from the | 381 // Called by OpenSSL to indicate that a session must be removed from the |
| 403 // cache. This happens when SSL_CTX is destroyed. | 382 // cache. This happens when SSL_CTX is destroyed. |
| 404 static void RemoveSessionCallbackStatic(SSL_CTX* ctx, SSL_SESSION* session) { | 383 static void RemoveSessionCallbackStatic(SSL_CTX* ctx, SSL_SESSION* session) { |
| 405 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 384 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 406 tracked_objects::ScopedTracker tracking_profile( | 385 tracked_objects::ScopedTracker tracking_profile( |
| 407 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 386 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 408 "424386 SSLSessionCacheOpenSSLImpl::RemoveSessionCallbackStatic")); | 387 "424386 SSLSessionCacheOpenSSLImpl::RemoveSessionCallbackStatic")); |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 525 DLOG(ERROR) << "Couldn't generate unique session ID of " << id_len | 504 DLOG(ERROR) << "Couldn't generate unique session ID of " << id_len |
| 526 << "bytes after " << kMaxTries << " tries."; | 505 << "bytes after " << kMaxTries << " tries."; |
| 527 return false; | 506 return false; |
| 528 } | 507 } |
| 529 | 508 |
| 530 SSL_CTX* ctx_; | 509 SSL_CTX* ctx_; |
| 531 SSLSessionCacheOpenSSL::Config config_; | 510 SSLSessionCacheOpenSSL::Config config_; |
| 532 | 511 |
| 533 // method to get the index which can later be used with SSL_CTX_get_ex_data() | 512 // method to get the index which can later be used with SSL_CTX_get_ex_data() |
| 534 // or SSL_CTX_set_ex_data(). | 513 // or SSL_CTX_set_ex_data(). |
| 535 mutable base::Lock lock_; // Protects access to containers below. | 514 base::Lock lock_; // Protects access to containers below. |
| 536 | 515 |
| 537 MRUSessionList ordering_; | 516 MRUSessionList ordering_; |
| 538 KeyIndex key_index_; | 517 KeyIndex key_index_; |
| 539 SessionIdIndex id_index_; | 518 SessionIdIndex id_index_; |
| 540 | 519 |
| 541 size_t expiration_check_; | 520 size_t expiration_check_; |
| 542 }; | 521 }; |
| 543 | 522 |
| 544 SSLSessionCacheOpenSSL::~SSLSessionCacheOpenSSL() { delete impl_; } | 523 SSLSessionCacheOpenSSL::~SSLSessionCacheOpenSSL() { delete impl_; } |
| 545 | 524 |
| 546 size_t SSLSessionCacheOpenSSL::size() const { return impl_->size(); } | 525 size_t SSLSessionCacheOpenSSL::size() const { return impl_->size(); } |
| 547 | 526 |
| 548 void SSLSessionCacheOpenSSL::Reset(SSL_CTX* ctx, const Config& config) { | 527 void SSLSessionCacheOpenSSL::Reset(SSL_CTX* ctx, const Config& config) { |
| 549 if (impl_) | 528 if (impl_) |
| 550 delete impl_; | 529 delete impl_; |
| 551 | 530 |
| 552 impl_ = new SSLSessionCacheOpenSSLImpl(ctx, config); | 531 impl_ = new SSLSessionCacheOpenSSLImpl(ctx, config); |
| 553 } | 532 } |
| 554 | 533 |
| 555 bool SSLSessionCacheOpenSSL::SetSSLSession(SSL* ssl) { | 534 bool SSLSessionCacheOpenSSL::SetSSLSession(SSL* ssl) { |
| 556 return impl_->SetSSLSession(ssl); | 535 return impl_->SetSSLSession(ssl); |
| 557 } | 536 } |
| 558 | 537 |
| 559 bool SSLSessionCacheOpenSSL::SetSSLSessionWithKey( | 538 bool SSLSessionCacheOpenSSL::SetSSLSessionWithKey( |
| 560 SSL* ssl, | 539 SSL* ssl, |
| 561 const std::string& cache_key) { | 540 const std::string& cache_key) { |
| 562 return impl_->SetSSLSessionWithKey(ssl, cache_key); | 541 return impl_->SetSSLSessionWithKey(ssl, cache_key); |
| 563 } | 542 } |
| 564 | 543 |
| 565 bool SSLSessionCacheOpenSSL::SSLSessionIsInCache( | |
| 566 const std::string& cache_key) const { | |
| 567 return impl_->SSLSessionIsInCache(cache_key); | |
| 568 } | |
| 569 | |
| 570 void SSLSessionCacheOpenSSL::MarkSSLSessionAsGood(SSL* ssl) { | 544 void SSLSessionCacheOpenSSL::MarkSSLSessionAsGood(SSL* ssl) { |
| 571 return impl_->MarkSSLSessionAsGood(ssl); | 545 return impl_->MarkSSLSessionAsGood(ssl); |
| 572 } | 546 } |
| 573 | 547 |
| 574 void SSLSessionCacheOpenSSL::Flush() { impl_->Flush(); } | 548 void SSLSessionCacheOpenSSL::Flush() { impl_->Flush(); } |
| 575 | 549 |
| 576 } // namespace net | 550 } // namespace net |
| OLD | NEW |
