diff options
author | vitalybuka <vitalybuka@chromium.org> | 2015-11-19 17:26:37 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-11-20 01:27:39 +0000 |
commit | 6f82745e6ac4f53321f835c47596684d631b3d23 (patch) | |
tree | c805d56c90f0dc1fbd9508f78020140d7c0c4b96 | |
parent | a664ea923f135c74b9494acb36ee524e4c9f8448 (diff) | |
download | chromium_src-6f82745e6ac4f53321f835c47596684d631b3d23.zip chromium_src-6f82745e6ac4f53321f835c47596684d631b3d23.tar.gz chromium_src-6f82745e6ac4f53321f835c47596684d631b3d23.tar.bz2 |
Set unique ssl_session_cache_shard for PrivetV3ContextGetter
Added URLRequestContextBuilder::set_ssl_session_cache_shard
Contexts with custom verifiers need to set own shard
to avoid poisoning other ssl session caches.
BUG=524788, 458365
Review URL: https://codereview.chromium.org/1462583004
Cr-Commit-Position: refs/heads/master@{#360705}
4 files changed, 27 insertions, 0 deletions
diff --git a/chrome/browser/extensions/api/gcd_private/privet_v3_context_getter.cc b/chrome/browser/extensions/api/gcd_private/privet_v3_context_getter.cc index 7d0bc96..ff75027 100644 --- a/chrome/browser/extensions/api/gcd_private/privet_v3_context_getter.cc +++ b/chrome/browser/extensions/api/gcd_private/privet_v3_context_getter.cc @@ -4,7 +4,9 @@ #include "chrome/browser/extensions/api/gcd_private/privet_v3_context_getter.h" +#include "base/atomicops.h" #include "base/command_line.h" +#include "base/strings/string_number_conversions.h" #include "chrome/common/chrome_content_client.h" #include "chrome/common/chrome_switches.h" #include "net/base/net_errors.h" @@ -16,6 +18,11 @@ namespace extensions { +namespace { +// TODO(vitalybuka): crbug.com/458365 Move into URLRequestContextBuilder +base::subtle::Atomic32 g_ssl_shard_counter = 0; +} + // Class verifies certificate by its fingerprint received using different // channel. It's the only know information about device with self-signed // certificate. @@ -105,6 +112,10 @@ void PrivetV3ContextGetter::InitOnNetThread() { DCHECK(net_task_runner_->BelongsToCurrentThread()); if (!context_) { net::URLRequestContextBuilder builder; + std::string shard_name = "privet_v3_context_getter/"; + shard_name += base::IntToString( + base::subtle::Barrier_AtomicIncrement(&g_ssl_shard_counter, 1)); + builder.set_ssl_session_cache_shard(shard_name); builder.set_proxy_service(net::ProxyService::CreateDirect()); builder.SetSpdyAndQuicEnabled(false, false); builder.DisableHttpCache(); diff --git a/net/url_request/url_request_context_builder.cc b/net/url_request/url_request_context_builder.cc index c753507..2abd95f 100644 --- a/net/url_request/url_request_context_builder.cc +++ b/net/url_request/url_request_context_builder.cc @@ -391,6 +391,8 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() { network_session_params.enable_quic = http_network_session_params_.enable_quic; network_session_params.quic_connection_options = http_network_session_params_.quic_connection_options; + network_session_params.ssl_session_cache_shard = + http_network_session_params_.ssl_session_cache_shard; storage->set_http_network_session( make_scoped_ptr(new HttpNetworkSession(network_session_params))); diff --git a/net/url_request/url_request_context_builder.h b/net/url_request/url_request_context_builder.h index 260eccb7..40712f7 100644 --- a/net/url_request/url_request_context_builder.h +++ b/net/url_request/url_request_context_builder.h @@ -88,6 +88,7 @@ class NET_EXPORT URLRequestContextBuilder { bool use_alternative_services; bool enable_quic; QuicTagVector quic_connection_options; + std::string ssl_session_cache_shard; }; URLRequestContextBuilder(); @@ -192,6 +193,11 @@ class NET_EXPORT URLRequestContextBuilder { quic_connection_options; } + void set_ssl_session_cache_shard(const std::string& ssl_session_cache_shard) { + http_network_session_params_.ssl_session_cache_shard = + ssl_session_cache_shard; + } + void set_throttling_enabled(bool throttling_enabled) { throttling_enabled_ = throttling_enabled; } diff --git a/net/url_request/url_request_context_builder_unittest.cc b/net/url_request/url_request_context_builder_unittest.cc index 8c280d3..e0703d7 100644 --- a/net/url_request/url_request_context_builder_unittest.cc +++ b/net/url_request/url_request_context_builder_unittest.cc @@ -111,6 +111,14 @@ TEST_F(URLRequestContextBuilderTest, ExtraHttpAuthHandlerFactory) { "Bogus", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), &handler)); } +TEST_F(URLRequestContextBuilderTest, set_ssl_session_cache_shard) { + const char kTestShard[] = "test_shard"; + builder_.set_ssl_session_cache_shard(kTestShard); + scoped_ptr<URLRequestContext> context(builder_.Build()); + EXPECT_EQ(kTestShard, + context->GetNetworkSessionParams()->ssl_session_cache_shard); +} + } // namespace } // namespace net |