diff options
author | ryanchung <ryanchung@chromium.org> | 2016-03-07 21:08:10 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-08 05:09:44 +0000 |
commit | eb9e3bc7bfc291ad600943b24304946328bcf4f0 (patch) | |
tree | a2fb5f0094706ceedb6e2aa4f917ff43c39c0130 /remoting/protocol | |
parent | cd6d01e60cd874019473ae1c37eb5227b5ed6daf (diff) | |
download | chromium_src-eb9e3bc7bfc291ad600943b24304946328bcf4f0.zip chromium_src-eb9e3bc7bfc291ad600943b24304946328bcf4f0.tar.gz chromium_src-eb9e3bc7bfc291ad600943b24304946328bcf4f0.tar.bz2 |
Support for server session cache.
Allows SSL server sockets created through a SSLServerSocketContext
to share a single session cache.
OpenSSL only.
BUG=568650
Review URL: https://codereview.chromium.org/1518613002
Cr-Commit-Position: refs/heads/master@{#379751}
Diffstat (limited to 'remoting/protocol')
-rw-r--r-- | remoting/protocol/ssl_hmac_channel_authenticator.cc | 24 | ||||
-rw-r--r-- | remoting/protocol/ssl_hmac_channel_authenticator.h | 2 |
2 files changed, 18 insertions, 8 deletions
diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.cc b/remoting/protocol/ssl_hmac_channel_authenticator.cc index 808bd1b..fb91655 100644 --- a/remoting/protocol/ssl_hmac_channel_authenticator.cc +++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc @@ -151,8 +151,10 @@ class NetStreamSocketAdapter : public net::StreamSocket { // Implements P2PStreamSocket interface on top of net::StreamSocket. class P2PStreamSocketAdapter : public P2PStreamSocket { public: - P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket) - : socket_(std::move(socket)) {} + P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket, + scoped_ptr<net::SSLServerContext> server_context) + : server_context_(std::move(server_context)), + socket_(std::move(socket)) {} ~P2PStreamSocketAdapter() override {} int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len, @@ -165,6 +167,9 @@ class P2PStreamSocketAdapter : public P2PStreamSocket { } private: + // The server_context_ will be a nullptr for client sockets. + // The server_context_ must outlive any sockets it spawns. + scoped_ptr<net::SSLServerContext> server_context_; scoped_ptr<net::StreamSocket> socket_; }; @@ -217,8 +222,8 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate( result = net::ERR_FAILED; #else scoped_refptr<net::X509Certificate> cert = - net::X509Certificate::CreateFromBytes( - local_cert_.data(), local_cert_.length()); + net::X509Certificate::CreateFromBytes(local_cert_.data(), + local_cert_.length()); if (!cert.get()) { LOG(ERROR) << "Failed to parse X509Certificate"; NotifyError(net::ERR_FAILED); @@ -228,9 +233,12 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate( net::SSLServerConfig ssl_config; ssl_config.require_ecdhe = true; - scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket( - make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))), + server_context_ = net::CreateSSLServerContext( cert.get(), *local_key_pair_->private_key(), ssl_config); + + scoped_ptr<net::SSLServerSocket> server_socket = + server_context_->CreateSSLServerSocket( + make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket)))); net::SSLServerSocket* raw_server_socket = server_socket.get(); socket_ = std::move(server_socket); result = raw_server_socket->Handshake( @@ -430,8 +438,8 @@ void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) { *callback_called = true; base::ResetAndReturn(&done_callback_) - .Run(net::OK, - make_scoped_ptr(new P2PStreamSocketAdapter(std::move(socket_)))); + .Run(net::OK, make_scoped_ptr(new P2PStreamSocketAdapter( + std::move(socket_), std::move(server_context_)))); } } diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.h b/remoting/protocol/ssl_hmac_channel_authenticator.h index e1da9ca..313f4bb 100644 --- a/remoting/protocol/ssl_hmac_channel_authenticator.h +++ b/remoting/protocol/ssl_hmac_channel_authenticator.h @@ -18,6 +18,7 @@ namespace net { class CertVerifier; class DrainableIOBuffer; class GrowableIOBuffer; +class SSLServerContext; class SSLSocket; class TransportSecurityState; } // namespace net @@ -86,6 +87,7 @@ class SslHmacChannelAuthenticator : public ChannelAuthenticator, // Used in the SERVER mode only. std::string local_cert_; scoped_refptr<RsaKeyPair> local_key_pair_; + scoped_ptr<net::SSLServerContext> server_context_; // Used in the CLIENT mode only. std::string remote_cert_; |