Add an explicit function to init NSS for SSL server sockets

BUG=131622 TEST=tsan goes green for existing tests Review URL: https://chromiumcodereview.appspot.com/10543106 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141955 0039d316-1c4b-4281-b951-d872f2087c98
author: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-06-13 20:19:44 +0000
committer: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-06-13 20:19:44 +0000
commit: a4965c88bb9b0b6b3465f8604bfbfb1f4dbb0a03 (patch)
tree: af5d5f1fd060390bc5dae29b21837441970d97d9 /net/socket
parent: f28b436a33f65b1d22d8c7f047fe1c61d70f7920 (diff)
download: chromium_src-a4965c88bb9b0b6b3465f8604bfbfb1f4dbb0a03.zip
chromium_src-a4965c88bb9b0b6b3465f8604bfbfb1f4dbb0a03.tar.gz
chromium_src-a4965c88bb9b0b6b3465f8604bfbfb1f4dbb0a03.tar.bz2
3 files changed, 54 insertions, 11 deletions
diff --git a/net/socket/ssl_server_socket.h b/net/socket/ssl_server_socket.h
index 5737974..52d53cb 100644
--- a/net/socket/ssl_server_socket.h
+++ b/net/socket/ssl_server_socket.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -31,6 +31,16 @@ class SSLServerSocket : public SSLSocket {
   virtual int Handshake(const CompletionCallback& callback) = 0;
 };
 
+// Configures the underlying SSL library for the use of SSL server sockets.
+//
+// Due to the requirements of the underlying libraries, this should be called
+// early in process initialization, before any SSL socket, client or server,
+// has been used.
+//
+// Note: If a process does not use SSL server sockets, this call may be
+// omitted.
+NET_EXPORT void EnableSSLServerSockets();
+
 // Creates an SSL server socket over an already-connected transport socket.
 // The caller must provide the server certificate and private key to use.
 //
diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc
index 60de5c6..84e63ac 100644
--- a/net/socket/ssl_server_socket_nss.cc
+++ b/net/socket/ssl_server_socket_nss.cc
@@ -29,6 +29,7 @@
 
 #include <limits>
 
+#include "base/lazy_instance.h"
 #include "base/memory/ref_counted.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/nss_util_internal.h"
@@ -45,11 +46,42 @@ static const int kRecvBufferSize = 4096;
 
 namespace net {
 
+namespace {
+
+bool g_nss_server_sockets_init = false;
+
+class NSSSSLServerInitSingleton {
+ public:
+  NSSSSLServerInitSingleton() {
+    EnsureNSSSSLInit();
+
+    SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL);
+    g_nss_server_sockets_init = true;
+  }
+
+  ~NSSSSLServerInitSingleton() {
+    SSL_ShutdownServerSessionIDCache();
+    g_nss_server_sockets_init = false;
+  }
+};
+
+static base::LazyInstance<NSSSSLServerInitSingleton>
+    g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER;
+
+}  // namespace
+
+void EnableSSLServerSockets() {
+  g_nss_ssl_server_init_singleton.Get();
+}
+
 SSLServerSocket* CreateSSLServerSocket(
     StreamSocket* socket,
     X509Certificate* cert,
     crypto::RSAPrivateKey* key,
     const SSLConfig& ssl_config) {
+  DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
+                                    << "called yet!";
+
   return new SSLServerSocketNSS(socket, cert, key, ssl_config);
 }
 
@@ -335,12 +367,6 @@ int SSLServerSocketNSS::InitializeSSLOptions() {
     return ERR_UNEXPECTED;
   }
 
-  rv = SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_ConfigureServerSessionIDCache", "");
-    return ERR_UNEXPECTED;
-  }
-
   rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", "");
@@ -771,6 +797,7 @@ int SSLServerSocketNSS::Init() {
   if (!NSS_IsInitialized())
     return ERR_UNEXPECTED;
 
+  EnableSSLServerSockets();
   return OK;
 }
 
diff --git a/net/socket/ssl_server_socket_openssl.cc b/net/socket/ssl_server_socket_openssl.cc
index 8dc1b9c0..e0cf8bc 100644
--- a/net/socket/ssl_server_socket_openssl.cc
+++ b/net/socket/ssl_server_socket_openssl.cc
@@ -1,15 +1,21 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/logging.h"
 #include "net/socket/ssl_server_socket.h"
 
+// TODO(bulach): Provide simple stubs for EnableSSLServerSockets and
+// CreateSSLServerSocket so that when building for OpenSSL rather than NSS,
+// so that the code using SSL server sockets can be compiled and disabled
+// programatically rather than requiring to be carved out from the compile.
+
 namespace net {
 
-// TODO(bulach): Rather than disable components which call
-// CreateSSLServerSocket when building for OpenSSL rather than NSS, just
-// provide a stub for it for now.
+void EnableSSLServerSockets() {
+  NOTIMPLEMENTED();
+}
+
 SSLServerSocket* CreateSSLServerSocket(StreamSocket* socket,
                                        X509Certificate* certificate,
                                        crypto::RSAPrivateKey* key,
author	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-06-13 20:19:44 +0000
committer	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-06-13 20:19:44 +0000
commit	a4965c88bb9b0b6b3465f8604bfbfb1f4dbb0a03 (patch)
tree	af5d5f1fd060390bc5dae29b21837441970d97d9 /net/socket
parent	f28b436a33f65b1d22d8c7f047fe1c61d70f7920 (diff)
download	chromium_src-a4965c88bb9b0b6b3465f8604bfbfb1f4dbb0a03.zip chromium_src-a4965c88bb9b0b6b3465f8604bfbfb1f4dbb0a03.tar.gz chromium_src-a4965c88bb9b0b6b3465f8604bfbfb1f4dbb0a03.tar.bz2