diff options
| author | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-09 04:34:01 +0000 |
|---|---|---|
| committer | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-09 04:34:01 +0000 |
| commit | 4f4e597baf96e733dc8baf9e3c2de7a3671c6a6b (patch) | |
| tree | ecfd70be820169d43598b52504a66e84f8a6ced9 | |
| parent | d0bb61cac50358d878e0e7f91797671a57a7cdca (diff) | |
| download | chromium_src-4f4e597baf96e733dc8baf9e3c2de7a3671c6a6b.zip chromium_src-4f4e597baf96e733dc8baf9e3c2de7a3671c6a6b.tar.gz chromium_src-4f4e597baf96e733dc8baf9e3c2de7a3671c6a6b.tar.bz2 | |
Replace DBC.Advertised with DomainBoundCerts.Support histogram.
BUG=124105
TEST=check about:histograms
Review URL: https://chromiumcodereview.appspot.com/10350005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@135983 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 28 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.h | 4 |
2 files changed, 28 insertions, 4 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 7e56733..b84805e 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -958,14 +958,10 @@ int SSLClientSocketNSS::InitializeSSLOptions() { #endif #ifdef SSL_ENABLE_OB_CERTS - UMA_HISTOGRAM_BOOLEAN("DBC.Advertised", - ssl_config_.domain_bound_certs_enabled); rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OB_CERTS, ssl_config_.domain_bound_certs_enabled); if (rv != SECSuccess) LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS"); -#else - UMA_HISTOGRAM_BOOLEAN("DBC.Advertised", false); #endif #ifdef SSL_ENCRYPT_CLIENT_CERTS @@ -2535,6 +2531,29 @@ SECStatus SSLClientSocketNSS::ClientAuthHandler( } #endif // NSS_PLATFORM_CLIENT_AUTH +void SSLClientSocketNSS::RecordDomainBoundCertSupport() const { + PRBool last_handshake_resumed; + SECStatus ok = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed); + if (ok != SECSuccess || last_handshake_resumed) + return; + + // Since this enum is used for a histogram, do not change or re-use values. + enum { + DISABLED = 0, + CLIENT_ONLY = 1, + CLIENT_AND_SERVER = 2, + DOMAIN_BOUND_CERT_USAGE_MAX + } supported = DISABLED; +#ifdef SSL_ENABLE_OB_CERTS + if (domain_bound_cert_xtn_negotiated_) + supported = CLIENT_AND_SERVER; + else if (ssl_config_.domain_bound_certs_enabled) + supported = CLIENT_ONLY; +#endif + UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, + DOMAIN_BOUND_CERT_USAGE_MAX); +} + // static // NSS calls this when handshake is completed. // After the SSL handshake is finished, use CertVerifier to verify @@ -2545,6 +2564,7 @@ void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, that->handshake_callback_called_ = true; + that->RecordDomainBoundCertSupport(); that->UpdateServerCert(); that->UpdateConnectionStatus(); } diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index b708504..fc937ac 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -191,6 +191,10 @@ class SSLClientSocketNSS : public SSLClientSocket { CERTCertificate** result_certificate, SECKEYPrivateKey** result_private_key); #endif + // Record histograms for DBC support. The histogram will only be updated if + // this socket did a full handshake. + void RecordDomainBoundCertSupport() const; + // NSS calls this when handshake is completed. We pass 'this' as the second // argument. static void HandshakeCallback(PRFileDesc* socket, void* arg); |