Rewrite session cache in OpenSSL ports.

net/socket/ssl_client_socket_openssl.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
 
 #include <string>
 
 #include "base/compiler_specific.h"
@@ skipping 148 matching lines @@
                                  const char *argp, int argi, long argl,
                                  long retvalue);
 
   // Callback from the SSL layer when an operation is performed on
   // |transport_bio_|'s peer.
   static long BIOCallback(BIO *bio,
                           int cmd,
                           const char *argp, int argi, long argl,
                           long retvalue);
 
+  // Called after the initial handshake completes and after the server
+  // certificate has been verified. Depending on whether the handshake False
+  // Started, the events may happen in either order. When both have, the session
+  // is cached.

[Ryan Sleevi, 2015/03/24 23:47:22]

It took me a while to parse this comment, as I thought you were referring to
InfoCallback

// Called after the the initial handshake has completed and after
// the server certificate has been verified.
// The order of handshake completion/cert verification is depends on
// whether or not the connection was false started. After both have
// happened (thus calling this twice), the session is safe to cache
// and will be cached.

Or something. I'm not quite sure, but it was "the events may happen in either
order" and the number of times this is called that confuse me.

[davidben, 2015/03/26 20:22:57]

Done.

+  void MaybeCacheSession();
+
+  void InfoCallback(int type, int val);

[Ryan Sleevi, 2015/03/24 23:47:22]

Document. How does this differ from say 164? May just need a comment like
162/163 (this is after every record received, right?)

[davidben, 2015/03/26 20:22:57]

They're basically totally unrelated. :-P
It's called when... Stuff Happens. It's not really clear and kind of called all
over the place. Sometime later I mean to look at all the users and see if I can
trim it down, since it even sees handshake state machine transitions with the
internal state.

Added a comment.

+
   // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|.
   // SCTs are held in three separate vectors in ct_verify_result, each
   // vetor representing a particular verification state, this method associates
   // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to
   // the |ssl_info|.signed_certificate_timestamps list.
   void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const;
 
   // Returns a unique key string for the SSL session cache for
   // this socket.
   std::string GetSessionCacheKey() const;
@@ skipping 78 matching lines @@
   BIO* transport_bio_;
 
   scoped_ptr<ClientSocketHandle> transport_;
   const HostPortPair host_and_port_;
   SSLConfig ssl_config_;
   // ssl_session_cache_shard_ is an opaque string that partitions the SSL
   // session cache. i.e. sessions created with one value will not attempt to
   // resume on the socket with a different value.
   const std::string ssl_session_cache_shard_;
 
-  // Used for session cache diagnostics.
-  bool trying_cached_session_;
-
   enum State {
     STATE_NONE,
     STATE_HANDSHAKE,
     STATE_CHANNEL_ID_LOOKUP,
     STATE_CHANNEL_ID_LOOKUP_COMPLETE,
     STATE_VERIFY_CERT,
     STATE_VERIFY_CERT_COMPLETE,
   };
   State next_handshake_state_;
   NextProtoStatus npn_status_;
   std::string npn_proto_;
   // Written by the |channel_id_service_|.
   std::string channel_id_private_key_;
   std::string channel_id_cert_;
   // True if channel ID extension was negotiated.
   bool channel_id_xtn_negotiated_;
+  // True if the initial handshake has completed.
+  bool handshake_completed_;
+  // True if the initial handshake's certificate has been verified.
+  bool certificate_verified_;
   // The request handle for |channel_id_service_|.
   ChannelIDService::RequestHandle channel_id_request_handle_;
 
   TransportSecurityState* transport_security_state_;
 
   CertPolicyEnforcer* const policy_enforcer_;
 
   // pinning_failure_log contains a message produced by
   // TransportSecurityState::CheckPublicKeyPins in the event of a
   // pinning failure. It is a (somewhat) human-readable string.
   std::string pinning_failure_log_;
 
   BoundNetLog net_log_;
   base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_