Support for server session cache.

Allows SSL server sockets created through a SSLServerSocketContext
to share a single session cache.
OpenSSL only.

BUG=568650

Review URL: https://codereview.chromium.org/1518613002

Cr-Commit-Position: refs/heads/master@{#379751}

2 files changed, 18 insertions, 8 deletions

diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.cc b/remoting/protocol/ssl_hmac_channel_authenticator.cc
index 808bd1b..fb91655 100644
--- a/remoting/protocol/ssl_hmac_channel_authenticator.cc
+++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc
@@ -151,8 +151,10 @@ class NetStreamSocketAdapter : public net::StreamSocket {
 // Implements P2PStreamSocket interface on top of net::StreamSocket.
 class P2PStreamSocketAdapter : public P2PStreamSocket {
  public:
-  P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket)
-      : socket_(std::move(socket)) {}
+  P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket,
+                         scoped_ptr<net::SSLServerContext> server_context)
+      : server_context_(std::move(server_context)),
+        socket_(std::move(socket)) {}
   ~P2PStreamSocketAdapter() override {}
 
   int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len,
@@ -165,6 +167,9 @@ class P2PStreamSocketAdapter : public P2PStreamSocket {
   }
 
  private:
+  // The server_context_ will be a nullptr for client sockets.
+  // The server_context_ must outlive any sockets it spawns.
+  scoped_ptr<net::SSLServerContext> server_context_;
   scoped_ptr<net::StreamSocket> socket_;
 };
 
@@ -217,8 +222,8 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate(
     result = net::ERR_FAILED;
 #else
     scoped_refptr<net::X509Certificate> cert =
-        net::X509Certificate::CreateFromBytes(
-            local_cert_.data(), local_cert_.length());
+        net::X509Certificate::CreateFromBytes(local_cert_.data(),
+                                              local_cert_.length());
     if (!cert.get()) {
       LOG(ERROR) << "Failed to parse X509Certificate";
       NotifyError(net::ERR_FAILED);
@@ -228,9 +233,12 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate(
     net::SSLServerConfig ssl_config;
     ssl_config.require_ecdhe = true;
 
-    scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket(
-        make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))),
+    server_context_ = net::CreateSSLServerContext(
         cert.get(), *local_key_pair_->private_key(), ssl_config);
+
+    scoped_ptr<net::SSLServerSocket> server_socket =
+        server_context_->CreateSSLServerSocket(
+            make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))));
     net::SSLServerSocket* raw_server_socket = server_socket.get();
     socket_ = std::move(server_socket);
     result = raw_server_socket->Handshake(
@@ -430,8 +438,8 @@ void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) {
       *callback_called = true;
 
     base::ResetAndReturn(&done_callback_)
-        .Run(net::OK,
-             make_scoped_ptr(new P2PStreamSocketAdapter(std::move(socket_))));
+        .Run(net::OK, make_scoped_ptr(new P2PStreamSocketAdapter(
+                          std::move(socket_), std::move(server_context_))));
   }
 }
 
diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.h b/remoting/protocol/ssl_hmac_channel_authenticator.h
index e1da9ca..313f4bb 100644
--- a/remoting/protocol/ssl_hmac_channel_authenticator.h
+++ b/remoting/protocol/ssl_hmac_channel_authenticator.h
@@ -18,6 +18,7 @@ namespace net {
 class CertVerifier;
 class DrainableIOBuffer;
 class GrowableIOBuffer;
+class SSLServerContext;
 class SSLSocket;
 class TransportSecurityState;
 }  // namespace net
@@ -86,6 +87,7 @@ class SslHmacChannelAuthenticator : public ChannelAuthenticator,
   // Used in the SERVER mode only.
   std::string local_cert_;
   scoped_refptr<RsaKeyPair> local_key_pair_;
+  scoped_ptr<net::SSLServerContext> server_context_;
 
   // Used in the CLIENT mode only.
   std::string remote_cert_;