net: split the SSL session cache between incognito and normal.

This change causes incognito requests to effectively have a different SSL session cache from other requests. SSL session information will therefore not leak into or out of incognito mode. BUG=30877 TEST=net_unittests Review URL: http://codereview.chromium.org/8857002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114098 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-12-12 22:22:19 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-12-12 22:22:19 +0000
commit: c3456bbc289c54765e89d628ba03505425fe372a (patch)
tree: 7d027edc8ea0a358bd5dcfb227fbc48ea8ca26ab /net/socket/ssl_client_socket.h
parent: 9b10d2a051ec36c4e7f012d31b8214221db16eaa (diff)
download: chromium_src-c3456bbc289c54765e89d628ba03505425fe372a.zip
chromium_src-c3456bbc289c54765e89d628ba03505425fe372a.tar.gz
chromium_src-c3456bbc289c54765e89d628ba03505425fe372a.tar.bz2
1 files changed, 12 insertions, 2 deletions
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index 433470b..64ccd78 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -39,18 +39,24 @@ struct SSLClientSocketContext {
                          OriginBoundCertService* origin_bound_cert_service_arg,
                          TransportSecurityState* transport_security_state_arg,
                          DnsCertProvenanceChecker* dns_cert_checker_arg,
-                         SSLHostInfoFactory* ssl_host_info_factory_arg)
+                         SSLHostInfoFactory* ssl_host_info_factory_arg,
+                         const std::string& ssl_session_cache_shard_arg)
       : cert_verifier(cert_verifier_arg),
         origin_bound_cert_service(origin_bound_cert_service_arg),
         transport_security_state(transport_security_state_arg),
         dns_cert_checker(dns_cert_checker_arg),
-        ssl_host_info_factory(ssl_host_info_factory_arg) {}
+        ssl_host_info_factory(ssl_host_info_factory_arg),
+        ssl_session_cache_shard(ssl_session_cache_shard_arg) {}
 
   CertVerifier* cert_verifier;
   OriginBoundCertService* origin_bound_cert_service;
   TransportSecurityState* transport_security_state;
   DnsCertProvenanceChecker* dns_cert_checker;
   SSLHostInfoFactory* ssl_host_info_factory;
+  // ssl_session_cache_shard is an opaque string that identifies a shard of the
+  // SSL session cache. SSL sockets with the same ssl_session_cache_shard may
+  // resume each other's SSL sessions but we'll never sessions between shards.
+  const std::string ssl_session_cache_shard;
 };
 
 // A client socket that uses SSL as the transport layer.
@@ -120,6 +126,10 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
 
   static bool IgnoreCertError(int error, int load_flags);
 
+  // ClearSessionCache clears the SSL session cache, used to resume SSL
+  // sessions.
+  static void ClearSessionCache();
+
   virtual bool was_npn_negotiated() const;
 
   virtual bool set_was_npn_negotiated(bool negotiated);
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-12-12 22:22:19 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-12-12 22:22:19 +0000
commit	c3456bbc289c54765e89d628ba03505425fe372a (patch)
tree	7d027edc8ea0a358bd5dcfb227fbc48ea8ca26ab /net/socket/ssl_client_socket.h
parent	9b10d2a051ec36c4e7f012d31b8214221db16eaa (diff)
download	chromium_src-c3456bbc289c54765e89d628ba03505425fe372a.zip chromium_src-c3456bbc289c54765e89d628ba03505425fe372a.tar.gz chromium_src-c3456bbc289c54765e89d628ba03505425fe372a.tar.bz2