summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRaman Tenneti <rtenneti@chromium.org>2015-06-24 17:16:14 -0700
committerRaman Tenneti <rtenneti@chromium.org>2015-06-25 00:20:05 +0000
commit5b3b0636c2653b4628097068aae9cb79baf78af6 (patch)
treee90248263191cd3675de9b9ef91a66c0b2ddab97
parentef9208c93586c4158ceccdfcbd3c4cb2a2dad73e (diff)
downloadchromium_src-5b3b0636c2653b4628097068aae9cb79baf78af6.zip
chromium_src-5b3b0636c2653b4628097068aae9cb79baf78af6.tar.gz
chromium_src-5b3b0636c2653b4628097068aae9cb79baf78af6.tar.bz2
QUIC - Fix QUIC enabled experiment spending significantly more time
verifying certs on Android. Get computed CertVerifier::VerifyFlags from SSLConfig from HttpStreamFactoryImpl::Job and pass them to QUIC's CertVerifier code. With this change, when SSLClientSocket[NSS|OpenSSL] code tries to verify the code, certs are already cached and we don't verify certs twice. BUG=502509 R=rch@chromium.org Review URL: https://codereview.chromium.org/1197823002 Cr-Commit-Position: refs/heads/master@{#335463} (cherry picked from commit a75df625713c20eff6faf082248aad9f34cf6a6f) Review URL: https://codereview.chromium.org/1208723002. Cr-Commit-Position: refs/branch-heads/2403@{#397} Cr-Branched-From: f54b8097a9c45ed4ad308133d49f05325d6c5070-refs/heads/master@{#330231}
-rw-r--r--net/http/http_stream_factory_impl_job.cc56
-rw-r--r--net/quic/crypto/proof_verifier_chromium.cc31
-rw-r--r--net/quic/crypto/proof_verifier_chromium.h5
-rw-r--r--net/quic/quic_client_session.cc22
-rw-r--r--net/quic/quic_client_session.h2
-rw-r--r--net/quic/quic_client_session_test.cc1
-rw-r--r--net/quic/quic_crypto_client_stream.cc11
-rw-r--r--net/quic/quic_http_stream_test.cc3
-rw-r--r--net/quic/quic_stream_factory.cc33
-rw-r--r--net/quic/quic_stream_factory.h6
-rw-r--r--net/quic/quic_stream_factory_test.cc374
-rw-r--r--net/quic/test_tools/crypto_test_utils_chromium.cc9
-rw-r--r--net/quic/test_tools/mock_crypto_client_stream.cc3
13 files changed, 231 insertions, 325 deletions
diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc
index b986415..87a9539 100644
--- a/net/http/http_stream_factory_impl_job.cc
+++ b/net/http/http_stream_factory_impl_job.cc
@@ -20,6 +20,7 @@
#include "build/build_config.h"
#include "net/base/connection_type_histograms.h"
#include "net/base/net_util.h"
+#include "net/cert/cert_verifier.h"
#include "net/http/http_basic_stream.h"
#include "net/http/http_network_session.h"
#include "net/http/http_proxy_client_socket.h"
@@ -795,18 +796,51 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
DCHECK(session_->params().enable_quic_for_proxies);
}
+ if (proxy_info_.is_https() || proxy_info_.is_quic()) {
+ InitSSLConfig(proxy_info_.proxy_server().host_port_pair(),
+ &proxy_ssl_config_, /*is_proxy=*/true);
+ // Disable revocation checking for HTTPS proxies since the revocation
+ // requests are probably going to need to go through the proxy too.
+ proxy_ssl_config_.rev_checking_enabled = false;
+ }
+ if (using_ssl_) {
+ InitSSLConfig(server_, &server_ssl_config_, /*is_proxy=*/false);
+ }
+
if (using_quic_) {
if (proxy_info_.is_quic() && !request_info_.url.SchemeIs("http")) {
NOTREACHED();
// TODO(rch): support QUIC proxies for HTTPS urls.
return ERR_NOT_IMPLEMENTED;
}
- HostPortPair destination = proxy_info_.is_quic()
- ? proxy_info_.proxy_server().host_port_pair()
- : server_;
- bool secure_quic = using_ssl_ || proxy_info_.is_quic();
+ HostPortPair destination;
+ bool secure_quic;
+ SSLConfig* ssl_config;
+ if (proxy_info_.is_quic()) {
+ // A proxy's certificate is expected to be valid for the proxy hostname.
+ destination = proxy_info_.proxy_server().host_port_pair();
+ secure_quic = true;
+ ssl_config = &proxy_ssl_config_;
+ } else {
+ // The certificate of a QUIC alternative server is expected to be valid
+ // for the origin of the request (in addition to being valid for the
+ // server itself).
+ destination = server_;
+ secure_quic = using_ssl_;
+ ssl_config = &server_ssl_config_;
+ }
+ // TODO(rtenneti): Move the cert_verify_flags code into SSLConfig class.
+ int flags = 0;
+ if (ssl_config->rev_checking_enabled)
+ flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED;
+ if (ssl_config->verify_ev_cert)
+ flags |= CertVerifier::VERIFY_EV_CERT;
+ if (ssl_config->cert_io_enabled)
+ flags |= CertVerifier::VERIFY_CERT_IO_ENABLED;
+ if (ssl_config->rev_checking_required_local_anchors)
+ flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS;
int rv = quic_request_.Request(
- destination, secure_quic, request_info_.privacy_mode,
+ destination, secure_quic, request_info_.privacy_mode, flags,
request_info_.method, net_log_, io_callback_);
if (rv == OK) {
using_existing_quic_session_ = true;
@@ -860,18 +894,6 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
// TODO(bnc): s/want_spdy_over_npn/expect_spdy_over_npn/
bool want_spdy_over_npn = IsAlternate();
- if (proxy_info_.is_https()) {
- InitSSLConfig(proxy_info_.proxy_server().host_port_pair(),
- &proxy_ssl_config_,
- true /* is a proxy server */);
- // Disable revocation checking for HTTPS proxies since the revocation
- // requests are probably going to need to go through the proxy too.
- proxy_ssl_config_.rev_checking_enabled = false;
- }
- if (using_ssl_) {
- InitSSLConfig(server_, &server_ssl_config_, false /* not a proxy server */);
- }
-
base::WeakPtr<HttpServerProperties> http_server_properties =
session_->http_server_properties();
if (http_server_properties) {
diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc
index 8fcca0a..280ca5a 100644
--- a/net/quic/crypto/proof_verifier_chromium.cc
+++ b/net/quic/crypto/proof_verifier_chromium.cc
@@ -47,6 +47,7 @@ class ProofVerifierChromium::Job {
Job(ProofVerifierChromium* proof_verifier,
CertVerifier* cert_verifier,
TransportSecurityState* transport_security_state,
+ int cert_verify_flags,
const BoundNetLog& net_log);
// Starts the proof verification. If |QUIC_PENDING| is returned, then
@@ -94,6 +95,10 @@ class ProofVerifierChromium::Job {
// X509Certificate from a chain of DER encoded certificates.
scoped_refptr<X509Certificate> cert_;
+ // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is
+ // passed to CertVerifier::Verify.
+ int cert_verify_flags_;
+
State next_state_;
BoundNetLog net_log_;
@@ -105,10 +110,12 @@ ProofVerifierChromium::Job::Job(
ProofVerifierChromium* proof_verifier,
CertVerifier* cert_verifier,
TransportSecurityState* transport_security_state,
+ int cert_verify_flags,
const BoundNetLog& net_log)
: proof_verifier_(proof_verifier),
verifier_(cert_verifier),
transport_security_state_(transport_security_state),
+ cert_verify_flags_(cert_verify_flags),
next_state_(STATE_NONE),
net_log_(net_log) {
}
@@ -222,13 +229,12 @@ void ProofVerifierChromium::Job::OnIOComplete(int result) {
int ProofVerifierChromium::Job::DoVerifyCert(int result) {
next_state_ = STATE_VERIFY_CERT_COMPLETE;
- int flags = 0;
- return verifier_->Verify(cert_.get(), hostname_, std::string(), flags,
- SSLConfigService::GetCRLSet().get(),
- &verify_details_->cert_verify_result,
- base::Bind(&ProofVerifierChromium::Job::OnIOComplete,
- base::Unretained(this)),
- &cert_verifier_request_, net_log_);
+ return verifier_->Verify(
+ cert_.get(), hostname_, std::string(), cert_verify_flags_,
+ SSLConfigService::GetCRLSet().get(), &verify_details_->cert_verify_result,
+ base::Bind(&ProofVerifierChromium::Job::OnIOComplete,
+ base::Unretained(this)),
+ &cert_verifier_request_, net_log_);
}
int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
@@ -380,13 +386,12 @@ QuicAsyncStatus ProofVerifierChromium::VerifyProof(
}
const ProofVerifyContextChromium* chromium_context =
reinterpret_cast<const ProofVerifyContextChromium*>(verify_context);
- scoped_ptr<Job> job(new Job(this,
- cert_verifier_,
- transport_security_state_,
+ scoped_ptr<Job> job(new Job(this, cert_verifier_, transport_security_state_,
+ chromium_context->cert_verify_flags,
chromium_context->net_log));
- QuicAsyncStatus status = job->VerifyProof(hostname, server_config, certs,
- signature, error_details,
- verify_details, callback);
+ QuicAsyncStatus status =
+ job->VerifyProof(hostname, server_config, certs, signature, error_details,
+ verify_details, callback);
if (status == QUIC_PENDING) {
active_jobs_.insert(job.release());
}
diff --git a/net/quic/crypto/proof_verifier_chromium.h b/net/quic/crypto/proof_verifier_chromium.h
index 8304179..7c0b069 100644
--- a/net/quic/crypto/proof_verifier_chromium.h
+++ b/net/quic/crypto/proof_verifier_chromium.h
@@ -44,9 +44,10 @@ class NET_EXPORT_PRIVATE ProofVerifyDetailsChromium
// ProofVerifierChromium needs in order to log correctly.
struct ProofVerifyContextChromium : public ProofVerifyContext {
public:
- explicit ProofVerifyContextChromium(const BoundNetLog& net_log)
- : net_log(net_log) {}
+ ProofVerifyContextChromium(int cert_verify_flags, const BoundNetLog& net_log)
+ : cert_verify_flags(cert_verify_flags), net_log(net_log) {}
+ int cert_verify_flags;
BoundNetLog net_log;
};
diff --git a/net/quic/quic_client_session.cc b/net/quic/quic_client_session.cc
index b5f1d98..9721e71 100644
--- a/net/quic/quic_client_session.cc
+++ b/net/quic/quic_client_session.cc
@@ -98,6 +98,7 @@ void RecordHandshakeState(HandshakeState state) {
base::Value* NetLogQuicClientSessionCallback(
const QuicServerId* server_id,
+ int cert_verify_flags,
bool require_confirmation,
NetLogCaptureMode /* capture_mode */) {
base::DictionaryValue* dict = new base::DictionaryValue();
@@ -107,6 +108,7 @@ base::Value* NetLogQuicClientSessionCallback(
dict->SetBoolean("privacy_mode",
server_id->privacy_mode() == PRIVACY_MODE_ENABLED);
dict->SetBoolean("require_confirmation", require_confirmation);
+ dict->SetInteger("cert_verify_flags", cert_verify_flags);
return dict;
}
@@ -157,6 +159,7 @@ QuicClientSession::QuicClientSession(
QuicStreamFactory* stream_factory,
TransportSecurityState* transport_security_state,
scoped_ptr<QuicServerInfo> server_info,
+ int cert_verify_flags,
const QuicConfig& config,
const char* const connection_description,
base::TimeTicks dns_resolution_end_time,
@@ -168,6 +171,7 @@ QuicClientSession::QuicClientSession(
socket_(socket.Pass()),
transport_security_state_(transport_security_state),
server_info_(server_info.Pass()),
+ cert_verify_flags_(cert_verify_flags),
num_total_streams_(0),
task_runner_(task_runner),
net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_QUIC_SESSION)),
@@ -191,18 +195,18 @@ void QuicClientSession::InitializeSession(
QuicCryptoClientStreamFactory* crypto_client_stream_factory) {
server_id_ = server_id;
crypto_stream_.reset(
- crypto_client_stream_factory ?
- crypto_client_stream_factory->CreateQuicCryptoClientStream(
- server_id, this, crypto_config) :
- new QuicCryptoClientStream(server_id, this,
- new ProofVerifyContextChromium(net_log_),
- crypto_config));
+ crypto_client_stream_factory
+ ? crypto_client_stream_factory->CreateQuicCryptoClientStream(
+ server_id, this, crypto_config)
+ : new QuicCryptoClientStream(
+ server_id, this,
+ new ProofVerifyContextChromium(cert_verify_flags_, net_log_),
+ crypto_config));
QuicClientSessionBase::InitializeSession();
// TODO(rch): pass in full host port proxy pair
net_log_.BeginEvent(NetLog::TYPE_QUIC_SESSION,
- base::Bind(NetLogQuicClientSessionCallback,
- &server_id,
- require_confirmation_));
+ base::Bind(NetLogQuicClientSessionCallback, &server_id,
+ cert_verify_flags_, require_confirmation_));
}
QuicClientSession::~QuicClientSession() {
diff --git a/net/quic/quic_client_session.h b/net/quic/quic_client_session.h
index 6b7dab68..db13de9 100644
--- a/net/quic/quic_client_session.h
+++ b/net/quic/quic_client_session.h
@@ -97,6 +97,7 @@ class NET_EXPORT_PRIVATE QuicClientSession : public QuicClientSessionBase,
QuicStreamFactory* stream_factory,
TransportSecurityState* transport_security_state,
scoped_ptr<QuicServerInfo> server_info,
+ int cert_verify_flags,
const QuicConfig& config,
const char* const connection_description,
base::TimeTicks dns_resolution_end_time,
@@ -249,6 +250,7 @@ class NET_EXPORT_PRIVATE QuicClientSession : public QuicClientSessionBase,
TransportSecurityState* transport_security_state_;
scoped_ptr<QuicServerInfo> server_info_;
scoped_ptr<CertVerifyResult> cert_verify_result_;
+ int cert_verify_flags_;
std::string pinning_failure_log_;
ObserverSet observers_;
StreamRequestQueue stream_requests_;
diff --git a/net/quic/quic_client_session_test.cc b/net/quic/quic_client_session_test.cc
index b6457ec..1d9f021 100644
--- a/net/quic/quic_client_session_test.cc
+++ b/net/quic/quic_client_session_test.cc
@@ -48,6 +48,7 @@ class QuicClientSessionTest : public ::testing::TestWithParam<QuicVersion> {
nullptr,
&transport_security_state_,
make_scoped_ptr((QuicServerInfo*)nullptr),
+ /*cert_verify_flags=*/0,
DefaultQuicConfig(),
"CONNECTION_UNKNOWN",
base::TimeTicks::Now(),
diff --git a/net/quic/quic_crypto_client_stream.cc b/net/quic/quic_crypto_client_stream.cc
index f1f0909..0895700 100644
--- a/net/quic/quic_crypto_client_stream.cc
+++ b/net/quic/quic_crypto_client_stream.cc
@@ -409,14 +409,9 @@ QuicAsyncStatus QuicCryptoClientStream::DoVerifyProof(
verify_ok_ = false;
QuicAsyncStatus status = verifier->VerifyProof(
- server_id_.host(),
- cached->server_config(),
- cached->certs(),
- cached->signature(),
- verify_context_.get(),
- &verify_error_details_,
- &verify_details_,
- proof_verify_callback);
+ server_id_.host(), cached->server_config(), cached->certs(),
+ cached->signature(), verify_context_.get(), &verify_error_details_,
+ &verify_details_, proof_verify_callback);
switch (status) {
case QUIC_PENDING:
diff --git a/net/quic/quic_http_stream_test.cc b/net/quic/quic_http_stream_test.cc
index 3e24ccb..fb4d6ae 100644
--- a/net/quic/quic_http_stream_test.cc
+++ b/net/quic/quic_http_stream_test.cc
@@ -208,7 +208,8 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> {
session_.reset(new QuicClientSession(
connection_, scoped_ptr<DatagramClientSocket>(socket), nullptr,
&transport_security_state_, make_scoped_ptr((QuicServerInfo*)nullptr),
- DefaultQuicConfig(), "CONNECTION_UNKNOWN", base::TimeTicks::Now(),
+ /*cert_verify_flags=*/0, DefaultQuicConfig(), "CONNECTION_UNKNOWN",
+ base::TimeTicks::Now(),
base::MessageLoop::current()->message_loop_proxy().get(), nullptr));
session_->InitializeSession(
QuicServerId(kDefaultServerHostName, kDefaultServerPort,
diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc
index 7c24ecd..76ab656 100644
--- a/net/quic/quic_stream_factory.cc
+++ b/net/quic/quic_stream_factory.cc
@@ -141,6 +141,7 @@ class QuicStreamFactory::Job {
bool is_https,
bool was_alternate_protocol_recently_broken,
PrivacyMode privacy_mode,
+ int cert_verify_flags,
bool is_post,
QuicServerInfo* server_info,
const BoundNetLog& net_log);
@@ -193,6 +194,7 @@ class QuicStreamFactory::Job {
QuicStreamFactory* factory_;
SingleRequestHostResolver host_resolver_;
QuicServerId server_id_;
+ int cert_verify_flags_;
bool is_post_;
bool was_alternate_protocol_recently_broken_;
scoped_ptr<QuicServerInfo> server_info_;
@@ -213,6 +215,7 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
bool is_https,
bool was_alternate_protocol_recently_broken,
PrivacyMode privacy_mode,
+ int cert_verify_flags,
bool is_post,
QuicServerInfo* server_info,
const BoundNetLog& net_log)
@@ -220,6 +223,7 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
factory_(factory),
host_resolver_(host_resolver),
server_id_(host_port_pair, is_https, privacy_mode),
+ cert_verify_flags_(cert_verify_flags),
is_post_(is_post),
was_alternate_protocol_recently_broken_(
was_alternate_protocol_recently_broken),
@@ -238,6 +242,7 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
factory_(factory),
host_resolver_(host_resolver), // unused
server_id_(server_id),
+ cert_verify_flags_(0), // unused
is_post_(false), // unused
was_alternate_protocol_recently_broken_(false), // unused
started_another_job_(false), // unused
@@ -390,7 +395,8 @@ int QuicStreamFactory::Job::DoLoadServerInfo() {
// If we are waiting to load server config from the disk cache, then start
// another job.
started_another_job_ = true;
- factory_->CreateAuxilaryJob(server_id_, is_post_, net_log_);
+ factory_->CreateAuxilaryJob(server_id_, cert_verify_flags_, is_post_,
+ net_log_);
}
return rv;
}
@@ -419,9 +425,9 @@ int QuicStreamFactory::Job::DoLoadServerInfoComplete(int rv) {
int QuicStreamFactory::Job::DoConnect() {
io_state_ = STATE_CONNECT_COMPLETE;
- int rv =
- factory_->CreateSession(server_id_, server_info_.Pass(), address_list_,
- dns_resolution_end_time_, net_log_, &session_);
+ int rv = factory_->CreateSession(
+ server_id_, cert_verify_flags_, server_info_.Pass(), address_list_,
+ dns_resolution_end_time_, net_log_, &session_);
if (rv != OK) {
DCHECK(rv != ERR_IO_PENDING);
DCHECK(!session_);
@@ -485,14 +491,15 @@ QuicStreamRequest::~QuicStreamRequest() {
int QuicStreamRequest::Request(const HostPortPair& host_port_pair,
bool is_https,
PrivacyMode privacy_mode,
+ int cert_verify_flags,
base::StringPiece method,
const BoundNetLog& net_log,
const CompletionCallback& callback) {
DCHECK(!stream_);
DCHECK(callback_.is_null());
DCHECK(factory_);
- int rv = factory_->Create(host_port_pair, is_https, privacy_mode, method,
- net_log, this);
+ int rv = factory_->Create(host_port_pair, is_https, privacy_mode,
+ cert_verify_flags, method, net_log, this);
if (rv == ERR_IO_PENDING) {
host_port_pair_ = host_port_pair;
net_log_ = net_log;
@@ -615,6 +622,7 @@ void QuicStreamFactory::set_require_confirmation(bool require_confirmation) {
int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
bool is_https,
PrivacyMode privacy_mode,
+ int cert_verify_flags,
base::StringPiece method,
const BoundNetLog& net_log,
QuicStreamRequest* request) {
@@ -657,8 +665,8 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
scoped_ptr<Job> job(new Job(this, host_resolver_, host_port_pair, is_https,
WasQuicRecentlyBroken(server_id), privacy_mode,
- method == "POST" /* is_post */, quic_server_info,
- net_log));
+ cert_verify_flags, method == "POST" /* is_post */,
+ quic_server_info, net_log));
int rv = job->Run(base::Bind(&QuicStreamFactory::OnJobComplete,
base::Unretained(this), job.get()));
if (rv == ERR_IO_PENDING) {
@@ -675,11 +683,13 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
}
void QuicStreamFactory::CreateAuxilaryJob(const QuicServerId server_id,
+ int cert_verify_flags,
bool is_post,
const BoundNetLog& net_log) {
Job* aux_job = new Job(this, host_resolver_, server_id.host_port_pair(),
server_id.is_https(), WasQuicRecentlyBroken(server_id),
- server_id.privacy_mode(), is_post, nullptr, net_log);
+ server_id.privacy_mode(), cert_verify_flags, is_post,
+ nullptr, net_log);
active_jobs_[server_id].insert(aux_job);
task_runner_->PostTask(FROM_HERE,
base::Bind(&QuicStreamFactory::Job::RunAuxilaryJob,
@@ -954,6 +964,7 @@ bool QuicStreamFactory::HasActiveJob(const QuicServerId& key) const {
}
int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
+ int cert_verify_flags,
scoped_ptr<QuicServerInfo> server_info,
const AddressList& address_list,
base::TimeTicks dns_resolution_end_time,
@@ -1063,8 +1074,8 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
*session = new QuicClientSession(
connection, socket.Pass(), this, transport_security_state_,
- server_info.Pass(), config, network_connection_.GetDescription(),
- dns_resolution_end_time,
+ server_info.Pass(), cert_verify_flags, config,
+ network_connection_.GetDescription(), dns_resolution_end_time,
base::MessageLoop::current()->message_loop_proxy().get(),
net_log.net_log());
diff --git a/net/quic/quic_stream_factory.h b/net/quic/quic_stream_factory.h
index f3f7a71..f7400a3 100644
--- a/net/quic/quic_stream_factory.h
+++ b/net/quic/quic_stream_factory.h
@@ -55,9 +55,12 @@ class NET_EXPORT_PRIVATE QuicStreamRequest {
~QuicStreamRequest();
// For http, |is_https| is false.
+ // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is
+ // passed to CertVerifier::Verify.
int Request(const HostPortPair& host_port_pair,
bool is_https,
PrivacyMode privacy_mode,
+ int cert_verify_flags,
base::StringPiece method,
const BoundNetLog& net_log,
const CompletionCallback& callback);
@@ -122,6 +125,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
int Create(const HostPortPair& host_port_pair,
bool is_https,
PrivacyMode privacy_mode,
+ int cert_verify_flags,
base::StringPiece method,
const BoundNetLog& net_log,
QuicStreamRequest* request);
@@ -231,6 +235,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
// Creates a job which doesn't wait for server config to be loaded from the
// disk cache. This job is started via a PostTask.
void CreateAuxilaryJob(const QuicServerId server_id,
+ int cert_verify_flags,
bool is_post,
const BoundNetLog& net_log);
@@ -245,6 +250,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
bool HasActiveSession(const QuicServerId& server_id) const;
bool HasActiveJob(const QuicServerId& server_id) const;
int CreateSession(const QuicServerId& server_id,
+ int cert_verify_flags,
scoped_ptr<QuicServerInfo> quic_server_info,
const AddressList& address_list,
base::TimeTicks dns_resolution_end_time,
diff --git a/net/quic/quic_stream_factory_test.cc b/net/quic/quic_stream_factory_test.cc
index fc07174..456a8da 100644
--- a/net/quic/quic_stream_factory_test.cc
+++ b/net/quic/quic_stream_factory_test.cc
@@ -265,11 +265,8 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(destination,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(destination, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -345,11 +342,8 @@ TEST_P(QuicStreamFactoryTest, Create) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -363,13 +357,9 @@ TEST_P(QuicStreamFactoryTest, Create) {
// TODO(rtenneti): We should probably have a tests that HTTP and HTTPS result
// in streams on different sessions.
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request2.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
stream = request2.ReleaseStream(); // Will reset stream 5.
stream.reset(); // Will reset stream 7.
@@ -392,13 +382,9 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRtt) {
"192.168.0.1", "");
QuicStreamRequest request(&factory_);
- EXPECT_EQ(OK,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
@@ -423,11 +409,8 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRttPost) {
QuicStreamRequest request(&factory_);
// Posts require handshake confirmation, so this will return asynchronously.
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "POST",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "POST", net_log_,
callback_.callback()));
// Confirm the handshake and verify that the stream is created.
@@ -454,11 +437,8 @@ TEST_P(QuicStreamFactoryTest, CreateHttpVsHttps) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -467,11 +447,8 @@ TEST_P(QuicStreamFactoryTest, CreateHttpVsHttps) {
QuicStreamRequest request2(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request2.Request(host_port_pair_,
- !is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request2.Request(host_port_pair_, !is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
stream = request2.ReleaseStream();
@@ -505,25 +482,17 @@ TEST_P(QuicStreamFactoryTest, Pooling) {
"mail.google.com", "192.168.0.1", "");
QuicStreamRequest request(&factory_);
- EXPECT_EQ(OK,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -558,25 +527,17 @@ TEST_P(QuicStreamFactoryTest, NoPoolingIfDisabled) {
QuicStreamFactoryPeer::DisableConnectionPooling(&factory_);
QuicStreamRequest request(&factory_);
- EXPECT_EQ(OK,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -610,25 +571,17 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) {
"mail.google.com", "192.168.0.1", "");
QuicStreamRequest request(&factory_);
- EXPECT_EQ(OK,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -641,13 +594,9 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) {
TestCompletionCallback callback3;
QuicStreamRequest request3(&factory_);
- EXPECT_EQ(OK,
- request3.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback3.callback()));
+ EXPECT_EQ(OK, request3.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback3.callback()));
scoped_ptr<QuicHttpStream> stream3 = request3.ReleaseStream();
EXPECT_TRUE(stream3.get());
@@ -690,25 +639,17 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) {
QuicStreamRequest request(&factory_);
is_https_ = true;
- EXPECT_EQ(OK,
- request.Request(server1,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -757,25 +698,17 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) {
QuicStreamRequest request(&factory_);
is_https_ = true;
- EXPECT_EQ(OK,
- request.Request(server1,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -823,25 +756,17 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithCertMismatch) {
QuicStreamRequest request(&factory_);
is_https_ = true;
- EXPECT_EQ(OK,
- request.Request(server1,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -891,25 +816,17 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) {
QuicStreamRequest request(&factory_);
is_https_ = true;
- EXPECT_EQ(OK,
- request.Request(server1,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -963,25 +880,17 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithMatchingPinsIfDisabled) {
QuicStreamRequest request(&factory_);
is_https_ = true;
- EXPECT_EQ(OK,
- request.Request(server1,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -1043,25 +952,17 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) {
QuicStreamRequest request(&factory_);
is_https_ = true;
- EXPECT_EQ(OK,
- request.Request(server1,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream.get());
TestCompletionCallback callback;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK,
- request2.Request(server2,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- callback_.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
EXPECT_TRUE(stream2.get());
@@ -1089,11 +990,8 @@ TEST_P(QuicStreamFactoryTest, Goaway) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1114,11 +1012,8 @@ TEST_P(QuicStreamFactoryTest, Goaway) {
// new session is created.
QuicStreamRequest request2(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request2.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request2.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
@@ -1162,11 +1057,8 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) {
// kDefaultMaxStreamsPerConnection / 2.
for (size_t i = 0; i < kDefaultMaxStreamsPerConnection / 2; i++) {
QuicStreamRequest request(&factory_);
- int rv = request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ int rv = request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback());
if (i == 0) {
EXPECT_EQ(ERR_IO_PENDING, rv);
@@ -1182,13 +1074,9 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) {
}
QuicStreamRequest request(&factory_);
- EXPECT_EQ(OK,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
- CompletionCallback()));
+ EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ CompletionCallback()));
scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
EXPECT_TRUE(stream);
EXPECT_EQ(ERR_IO_PENDING, stream->InitializeStream(
@@ -1214,11 +1102,8 @@ TEST_P(QuicStreamFactoryTest, ResolutionErrorInCreate) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(ERR_NAME_NOT_RESOLVED, callback_.WaitForResult());
@@ -1236,11 +1121,8 @@ TEST_P(QuicStreamFactoryTest, ConnectErrorInCreate) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(ERR_ADDRESS_IN_USE, callback_.WaitForResult());
@@ -1258,11 +1140,8 @@ TEST_P(QuicStreamFactoryTest, CancelCreate) {
{
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
}
@@ -1325,11 +1204,8 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1349,11 +1225,8 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) {
QuicStreamRequest request2(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request2.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request2.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1388,11 +1261,8 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1413,11 +1283,8 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) {
QuicStreamRequest request2(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request2.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request2.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1452,11 +1319,8 @@ TEST_P(QuicStreamFactoryTest, OnCertAdded) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1477,11 +1341,8 @@ TEST_P(QuicStreamFactoryTest, OnCertAdded) {
QuicStreamRequest request2(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request2.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request2.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1516,11 +1377,8 @@ TEST_P(QuicStreamFactoryTest, OnCACertChanged) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1541,11 +1399,8 @@ TEST_P(QuicStreamFactoryTest, OnCACertChanged) {
QuicStreamRequest request2(&factory_);
EXPECT_EQ(ERR_IO_PENDING,
- request2.Request(host_port_pair_,
- is_https_,
- privacy_mode_,
- "GET",
- net_log_,
+ request2.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
callback_.callback()));
EXPECT_EQ(OK, callback_.WaitForResult());
@@ -1655,8 +1510,9 @@ TEST_P(QuicStreamFactoryTest, RacingConnections) {
QuicStreamRequest request(&factory_);
QuicServerId server_id(host_port_pair_, is_https_, privacy_mode_);
EXPECT_EQ(ERR_IO_PENDING,
- request.Request(host_port_pair_, is_https_, privacy_mode_, "GET",
- net_log_, callback_.callback()));
+ request.Request(host_port_pair_, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
EXPECT_EQ(2u,
QuicStreamFactoryPeer::GetNumberOfActiveJobs(&factory_, server_id));
@@ -1690,7 +1546,8 @@ TEST_P(QuicStreamFactoryTest, EnableNotLoadFromDiskCache) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
- "GET", net_log_, callback_.callback()));
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
// If we are waiting for disk cache, we would have posted a task. Verify that
// the CancelWaitForDataReady task hasn't been posted.
@@ -1740,7 +1597,8 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
QuicStreamRequest request(&factory_);
EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
- "GET", net_log_, callback_.callback()));
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback_.callback()));
QuicClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
&factory_, host_port_pair_, is_https_);
@@ -1776,8 +1634,9 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
TestCompletionCallback callback2;
QuicStreamRequest request2(&factory_);
- EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, "GET",
- net_log_, callback2.callback()));
+ EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback2.callback()));
QuicClientSession* session2 =
QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_);
@@ -1809,8 +1668,9 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
TestCompletionCallback callback3;
QuicStreamRequest request3(&factory_);
- EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_, "GET",
- net_log_, callback3.callback()));
+ EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_,
+ /*cert_verify_flags=*/0, "GET", net_log_,
+ callback3.callback()));
QuicClientSession* session3 =
QuicStreamFactoryPeer::GetActiveSession(&factory_, server3, is_https_);
diff --git a/net/quic/test_tools/crypto_test_utils_chromium.cc b/net/quic/test_tools/crypto_test_utils_chromium.cc
index ba06264..a1df6b9 100644
--- a/net/quic/test_tools/crypto_test_utils_chromium.cc
+++ b/net/quic/test_tools/crypto_test_utils_chromium.cc
@@ -113,16 +113,15 @@ ProofSource* CryptoTestUtils::ProofSourceForTesting() {
// static
ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() {
- TestProofVerifierChromium* proof_verifier =
- new TestProofVerifierChromium(CertVerifier::CreateDefault(),
- new TransportSecurityState,
- "quic_root.crt");
+ TestProofVerifierChromium* proof_verifier = new TestProofVerifierChromium(
+ CertVerifier::CreateDefault(), new TransportSecurityState,
+ "quic_root.crt");
return proof_verifier;
}
// static
ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() {
- return new ProofVerifyContextChromium(BoundNetLog());
+ return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog());
}
// static
diff --git a/net/quic/test_tools/mock_crypto_client_stream.cc b/net/quic/test_tools/mock_crypto_client_stream.cc
index 335a2bd..0018e91 100644
--- a/net/quic/test_tools/mock_crypto_client_stream.cc
+++ b/net/quic/test_tools/mock_crypto_client_stream.cc
@@ -20,8 +20,7 @@ MockCryptoClientStream::MockCryptoClientStream(
QuicCryptoClientConfig* crypto_config,
HandshakeMode handshake_mode,
const ProofVerifyDetails* proof_verify_details)
- : QuicCryptoClientStream(server_id, session, verify_context,
- crypto_config),
+ : QuicCryptoClientStream(server_id, session, verify_context, crypto_config),
handshake_mode_(handshake_mode),
proof_verify_details_(proof_verify_details) {
}