Turn SSLClientSocket into an interface.

The original ssl_client_socket.{h,cc} are renamed
ssl_client_socket_win.{h,cc}.

The new ssl_client_socket.h defines the SSLClientSocket
interface, which simply extends the ClientSocket interface
with a new GetSSLInfo method.

ClientSocketFactory::CreateSSLClientSocket returns
SSLClientSocket* instead of ClientSocket*.

Replace the SSL protocol version mask parameter to the
constructor and factory method by a SSLConfig parameter.

R=darin
Review URL: http://codereview.chromium.org/7304

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3387 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 15 insertions, 27 deletions

diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 9d2c398..168b99d 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -13,9 +13,7 @@
 #include "net/base/host_resolver.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_util.h"
-#if defined(OS_WIN)
 #include "net/base/ssl_client_socket.h"
-#endif
 #include "net/base/upload_data_stream.h"
 #include "net/http/http_auth.h"
 #include "net/http/http_auth_handler.h"
@@ -58,12 +56,7 @@ HttpNetworkTransaction::HttpNetworkTransaction(HttpNetworkSession* session,
       read_buf_(NULL),
       read_buf_len_(0),
       next_state_(STATE_NONE) {
-#if defined(OS_WIN)
-  // TODO(wtc): Use SSL settings (bug 3003).
-  ssl_version_mask_ = SSLClientSocket::SSL3 | SSLClientSocket::TLS1;
-#else
-  ssl_version_mask_ = 0;  // A dummy value so that the code compiles.
-#endif
+  // TODO(wtc): Initialize ssl_config_with SSL settings (bug 3003).
 }
 
 void HttpNetworkTransaction::Destroy() {
@@ -89,7 +82,7 @@ int HttpNetworkTransaction::RestartIgnoringLastError(
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)
     user_callback_ = callback;
-  return rv; 
+  return rv;
 }
 
 int HttpNetworkTransaction::RestartWithAuth(
@@ -482,7 +475,7 @@ int HttpNetworkTransaction::DoConnect() {
   // wrapper socket now.  Otherwise, we need to first issue a CONNECT request.
   if (using_ssl_ && !using_tunnel_)
     s = socket_factory_->CreateSSLClientSocket(s, request_->url.host(),
-                                               ssl_version_mask_);
+                                               ssl_config_);
 
   connection_.set_socket(s);
   return connection_.socket()->Connect(&io_callback_);
@@ -510,7 +503,7 @@ int HttpNetworkTransaction::DoSSLConnectOverTunnel() {
   // Add a SSL socket on top of our existing transport socket.
   ClientSocket* s = connection_.release_socket();
   s = socket_factory_->CreateSSLClientSocket(s, request_->url.host(),
-                                             ssl_version_mask_);
+                                             ssl_config_);
   connection_.set_socket(s);
   return connection_.socket()->Connect(&io_callback_);
 }
@@ -834,13 +827,11 @@ int HttpNetworkTransaction::DidReadResponseHeaders() {
     }
   }
 
-#if defined(OS_WIN)
   if (using_ssl_ && !establishing_tunnel_) {
     SSLClientSocket* ssl_socket =
         reinterpret_cast<SSLClientSocket*>(connection_.socket());
     ssl_socket->GetSSLInfo(&response_.ssl_info);
   }
-#endif
 
   return OK;
 }
@@ -869,25 +860,22 @@ int HttpNetworkTransaction::HandleCertificateError(int error) {
     }
   }
 
-#if defined(OS_WIN)
   if (error != OK) {
     SSLClientSocket* ssl_socket =
         reinterpret_cast<SSLClientSocket*>(connection_.socket());
     ssl_socket->GetSSLInfo(&response_.ssl_info);
   }
-#endif
   return error;
 }
 
 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
-#if defined(OS_WIN)
   switch (error) {
     case ERR_SSL_PROTOCOL_ERROR:
     case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
-      if (ssl_version_mask_ & SSLClientSocket::TLS1) {
+      if (ssl_config_.tls1_enabled) {
         // This could be a TLS-intolerant server or an SSL 3.0 server that
         // chose a TLS-only cipher suite.  Turn off TLS 1.0 and retry.
-        ssl_version_mask_ &= ~SSLClientSocket::TLS1;
+        ssl_config_.tls1_enabled = false;
         connection_.set_socket(NULL);
         connection_.Reset();
         next_state_ = STATE_INIT_CONNECTION;
@@ -895,7 +883,6 @@ int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
       }
       break;
   }
-#endif
   return error;
 }
 
@@ -1001,7 +988,7 @@ void HttpNetworkTransaction::AddAuthorizationHeader(HttpAuth::Target target) {
 
   // Add auth data to cache
   session_->auth_cache()->Add(auth_cache_key_[target], auth_data_[target]);
-  
+
   // Add a Authorization/Proxy-Authorization header line.
   std::string credentials = auth_handler_[target]->GenerateCredentials(
       auth_data_[target]->username,
diff --git a/net/http/http_network_transaction.h b/net/http/http_network_transaction.h
index bbbfb74..475056e 100644
--- a/net/http/http_network_transaction.h
+++ b/net/http/http_network_transaction.h
@@ -11,6 +11,7 @@
 #include "net/base/address_list.h"
 #include "net/base/client_socket_handle.h"
 #include "net/base/host_resolver.h"
+#include "net/base/ssl_config_service.h"
 #include "net/http/http_auth.h"
 #include "net/http/http_auth_handler.h"
 #include "net/http/http_response_info.h"
@@ -186,7 +187,7 @@ class HttpNetworkTransaction : public HttpTransaction {
   // the real request/response of the transaction.
   bool establishing_tunnel_;
 
-  int ssl_version_mask_;
+  SSLConfig ssl_config_;
 
   std::string request_headers_;
   size_t request_headers_bytes_sent_;
diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc
index 56fb5cd..9c2d6a7 100644
--- a/net/http/http_network_transaction_unittest.cc
+++ b/net/http/http_network_transaction_unittest.cc
@@ -137,7 +137,7 @@ class MockTCPClientSocket : public net::ClientSocket {
     // Not using mock writes; succeed synchronously.
     if (!data_->writes)
       return buf_len;
-    
+
     // Check that what we are writing matches the expectation.
     // Then give the mocked return value.
     MockWrite& w = data_->writes[write_index_];
@@ -185,10 +185,10 @@ class MockClientSocketFactory : public net::ClientSocketFactory {
       const net::AddressList& addresses) {
     return new MockTCPClientSocket(addresses);
   }
-  virtual net::ClientSocket* CreateSSLClientSocket(
+  virtual net::SSLClientSocket* CreateSSLClientSocket(
       net::ClientSocket* transport_socket,
       const std::string& hostname,
-      int protocol_version_mask) {
+      const net::SSLConfig& ssl_config) {
     return NULL;
   }
 };
@@ -623,7 +623,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuth) {
     MockRead("HTTP/1.0 401 Unauthorized\r\n"),
     // Give a couple authenticate options (only the middle one is actually
     // supported).
-    MockRead("WWW-Authenticate: Basic\r\n"), // Malformed
+    MockRead("WWW-Authenticate: Basic\r\n"),  // Malformed
     MockRead("WWW-Authenticate: Basic realm=\"MyRealm1\"\r\n"),
     MockRead("WWW-Authenticate: UNSUPPORTED realm=\"FOO\"\r\n"),
     MockRead("Content-Type: text/html; charset=iso-8859-1\r\n"),
@@ -717,7 +717,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyThenServer) {
     MockRead("HTTP/1.0 407 Unauthorized\r\n"),
     // Give a couple authenticate options (only the middle one is actually
     // supported).
-    MockRead("Proxy-Authenticate: Basic\r\n"), // Malformed
+    MockRead("Proxy-Authenticate: Basic\r\n"),  // Malformed
     MockRead("Proxy-Authenticate: Basic realm=\"MyRealm1\"\r\n"),
     MockRead("Proxy-Authenticate: UNSUPPORTED realm=\"FOO\"\r\n"),
     MockRead("Content-Type: text/html; charset=iso-8859-1\r\n"),
@@ -745,7 +745,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyThenServer) {
     MockRead("WWW-Authenticate: Basic realm=\"MyRealm1\"\r\n"),
     MockRead("Content-Type: text/html; charset=iso-8859-1\r\n"),
     MockRead("Content-Length: 2000\r\n\r\n"),
-    MockRead(false, net::ERR_FAILED), // Won't be reached.
+    MockRead(false, net::ERR_FAILED),  // Won't be reached.
   };
 
   // After calling trans->RestartWithAuth() the second time, we should send