diff options
50 files changed, 244 insertions, 98 deletions
diff --git a/chrome/browser/net/connection_tester.cc b/chrome/browser/net/connection_tester.cc index f8c7911..889494d 100644 --- a/chrome/browser/net/connection_tester.cc +++ b/chrome/browser/net/connection_tester.cc @@ -65,8 +65,8 @@ class ExperimentURLRequestContext : public URLRequestContext { host_resolver_); http_transaction_factory_ = new net::HttpCache( net::HttpNetworkLayer::CreateFactory(host_resolver_, dnsrr_resolver_, - proxy_service_, ssl_config_service_, http_auth_handler_factory_, - NULL, NULL), + NULL /* ssl_host_info_factory */, proxy_service_, + ssl_config_service_, http_auth_handler_factory_, NULL, NULL), net::HttpCache::DefaultBackend::InMemory(0)); // In-memory cookie store. cookie_store_ = new net::CookieMonster(NULL, NULL); diff --git a/chrome/service/net/service_url_request_context.cc b/chrome/service/net/service_url_request_context.cc index cdfe6ec..bd39292 100644 --- a/chrome/service/net/service_url_request_context.cc +++ b/chrome/service/net/service_url_request_context.cc @@ -43,6 +43,7 @@ ServiceURLRequestContext::ServiceURLRequestContext() { http_transaction_factory_ = new net::HttpCache( net::HttpNetworkLayer::CreateFactory(host_resolver_, dnsrr_resolver_, + NULL /* ssl_host_info_factory */, proxy_service_, ssl_config_service_, http_auth_handler_factory_, diff --git a/chrome/test/plugin/plugin_test.cpp b/chrome/test/plugin/plugin_test.cpp index 56d41aa..160af12 100644 --- a/chrome/test/plugin/plugin_test.cpp +++ b/chrome/test/plugin/plugin_test.cpp @@ -235,6 +235,7 @@ class PluginInstallerDownloadTest http_transaction_factory_ = new net::HttpCache( net::HttpNetworkLayer::CreateFactory(host_resolver_, NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, proxy_service_, ssl_config_service_, http_auth_handler_factory_, diff --git a/chrome_frame/metrics_service.cc b/chrome_frame/metrics_service.cc index 4e46708..6d51898 100644 --- a/chrome_frame/metrics_service.cc +++ b/chrome_frame/metrics_service.cc @@ -177,6 +177,7 @@ class ChromeFrameUploadRequestContext : public URLRequestContext { http_transaction_factory_ = new net::HttpCache( net::HttpNetworkLayer::CreateFactory(host_resolver_, NULL /* dnsrr_resovler */, + NULL /* ssl_host_info */, proxy_service_, ssl_config_service_, http_auth_handler_factory_, diff --git a/chrome_frame/test/test_server_test.cc b/chrome_frame/test/test_server_test.cc index 3d391f6..edef592 100644 --- a/chrome_frame/test/test_server_test.cc +++ b/chrome_frame/test/test_server_test.cc @@ -70,7 +70,8 @@ class URLRequestTestContext : public URLRequestContext { host_resolver_); http_transaction_factory_ = new net::HttpCache( net::HttpNetworkLayer::CreateFactory( - host_resolver_, NULL /* dnsrr_resolver */, proxy_service_, + host_resolver_, NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, proxy_service_, ssl_config_service_, http_auth_handler_factory_, NULL, NULL), net::HttpCache::DefaultBackend::InMemory(0)); // In-memory cookie store. diff --git a/jingle/notifier/base/chrome_async_socket.cc b/jingle/notifier/base/chrome_async_socket.cc index b3ac52a..4858bab 100644 --- a/jingle/notifier/base/chrome_async_socket.cc +++ b/jingle/notifier/base/chrome_async_socket.cc @@ -435,7 +435,8 @@ bool ChromeAsyncSocket::StartTls(const std::string& domain_name) { DCHECK(transport_socket_.get()); transport_socket_.reset( client_socket_factory_->CreateSSLClientSocket( - transport_socket_.release(), domain_name, ssl_config_)); + transport_socket_.release(), domain_name, ssl_config_, + NULL /* ssl_host_info */)); int status = transport_socket_->Connect(&ssl_connect_callback_); if (status != net::ERR_IO_PENDING) { MessageLoop* message_loop = MessageLoop::current(); diff --git a/jingle/notifier/base/xmpp_client_socket_factory.cc b/jingle/notifier/base/xmpp_client_socket_factory.cc index c0ced61..78cb1bc 100644 --- a/jingle/notifier/base/xmpp_client_socket_factory.cc +++ b/jingle/notifier/base/xmpp_client_socket_factory.cc @@ -33,9 +33,10 @@ net::ClientSocket* XmppClientSocketFactory::CreateTCPClientSocket( net::SSLClientSocket* XmppClientSocketFactory::CreateSSLClientSocket( net::ClientSocketHandle* transport_socket, const std::string& hostname, - const net::SSLConfig& ssl_config) { + const net::SSLConfig& ssl_config, + net::SSLHostInfo* ssl_host_info) { return client_socket_factory_->CreateSSLClientSocket( - transport_socket, hostname, ssl_config); + transport_socket, hostname, ssl_config, ssl_host_info); } } // namespace diff --git a/jingle/notifier/base/xmpp_client_socket_factory.h b/jingle/notifier/base/xmpp_client_socket_factory.h index 73b2d8d..eb94555 100644 --- a/jingle/notifier/base/xmpp_client_socket_factory.h +++ b/jingle/notifier/base/xmpp_client_socket_factory.h @@ -9,6 +9,10 @@ #include "net/socket/client_socket_factory.h" +namespace net { +class SSLHostInfo; +} + namespace notifier { class XmppClientSocketFactory : public net::ClientSocketFactory { @@ -26,7 +30,7 @@ class XmppClientSocketFactory : public net::ClientSocketFactory { const net::NetLog::Source& source); virtual net::SSLClientSocket* CreateSSLClientSocket( net::ClientSocketHandle* transport_socket, const std::string& hostname, - const net::SSLConfig& ssl_config); + const net::SSLConfig& ssl_config, net::SSLHostInfo* ssl_host_info); private: net::ClientSocketFactory* const client_socket_factory_; diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h index b1d1de4..dc48a36 100644 --- a/net/base/ssl_config_service.h +++ b/net/base/ssl_config_service.h @@ -77,12 +77,6 @@ struct SSLConfig { std::string next_protos; scoped_refptr<X509Certificate> client_cert; - - // ssl_host_info contains an optional context that is needed for Snap Start. - // If provided, the SSL socket will assume that the application protocol is - // client-speaks-first. Also needs SSLConfigService::EnableSnapStart to - // have been called. - scoped_refptr<SSLHostInfo> ssl_host_info; }; // The interface for retrieving the SSL configuration. This interface diff --git a/net/base/ssl_host_info.cc b/net/base/ssl_host_info.cc new file mode 100644 index 0000000..4b6c0e2 --- /dev/null +++ b/net/base/ssl_host_info.cc @@ -0,0 +1,13 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/ssl_host_info.h" + +namespace net { + +SSLHostInfo::~SSLHostInfo() {} + +SSLHostInfoFactory::~SSLHostInfoFactory() {} + +} // namespace net diff --git a/net/base/ssl_host_info.h b/net/base/ssl_host_info.h index 77c40fb..ae9ac6a 100644 --- a/net/base/ssl_host_info.h +++ b/net/base/ssl_host_info.h @@ -15,9 +15,10 @@ namespace net { // This information may be stored on disk so does not include keys or session // information etc. Primarily it's intended for caching the server's // certificates. -class SSLHostInfo : - public base::RefCountedThreadSafe<SSLHostInfo> { +class SSLHostInfo { public: + virtual ~SSLHostInfo(); + // Start will commence the lookup. This must be called before any other // methods. By opportunistically calling this early, it may be possible to // overlap this object's lookup and reduce latency. @@ -45,10 +46,15 @@ class SSLHostInfo : // this object and the store operation will still complete. This can only be // called once WaitForDataReady has returned OK or called its callback. virtual void Set(const std::string& new_data) = 0; +}; + +class SSLHostInfoFactory { + public: + virtual ~SSLHostInfoFactory(); - protected: - friend class base::RefCountedThreadSafe<SSLHostInfo>; - virtual ~SSLHostInfo() { } + // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname + // or NULL on failure. + virtual SSLHostInfo* GetForHost(const std::string& hostname) = 0; }; } // namespace net diff --git a/net/http/disk_cache_based_ssl_host_info.cc b/net/http/disk_cache_based_ssl_host_info.cc index 61ee450..f2de223 100644 --- a/net/http/disk_cache_based_ssl_host_info.cc +++ b/net/http/disk_cache_based_ssl_host_info.cc @@ -34,7 +34,8 @@ void DiskCacheBasedSSLHostInfo::Start() { DiskCacheBasedSSLHostInfo::~DiskCacheBasedSSLHostInfo() { DCHECK(!user_callback_); - DCHECK(!entry_); + if (entry_) + entry_->Close(); callback_->Cancel(); } diff --git a/net/http/http_cache.cc b/net/http/http_cache.cc index 867d003..8098ebd 100644 --- a/net/http/http_cache.cc +++ b/net/http/http_cache.cc @@ -24,7 +24,9 @@ #include "net/base/io_buffer.h" #include "net/base/load_flags.h" #include "net/base/net_errors.h" +#include "net/base/ssl_host_info.h" #include "net/disk_cache/disk_cache.h" +#include "net/http/disk_cache_based_ssl_host_info.h" #include "net/http/http_cache_transaction.h" #include "net/http/http_network_layer.h" #include "net/http/http_network_session.h" @@ -242,6 +244,22 @@ void HttpCache::MetadataWriter::OnIOComplete(int result) { //----------------------------------------------------------------------------- +class HttpCache::SSLHostInfoFactoryAdaptor : public SSLHostInfoFactory { + public: + SSLHostInfoFactoryAdaptor(HttpCache* http_cache) + : http_cache_(http_cache) { + } + + SSLHostInfo* GetForHost(const std::string& hostname) { + return new DiskCacheBasedSSLHostInfo(hostname, http_cache_); + } + + private: + HttpCache* const http_cache_; +}; + +//----------------------------------------------------------------------------- + HttpCache::HttpCache(HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, ProxyService* proxy_service, @@ -253,8 +271,11 @@ HttpCache::HttpCache(HostResolver* host_resolver, : backend_factory_(backend_factory), building_backend_(false), mode_(NORMAL), + ssl_host_info_factory_(new SSLHostInfoFactoryAdaptor( + ALLOW_THIS_IN_INITIALIZER_LIST(this))), network_layer_(HttpNetworkLayer::CreateFactory(host_resolver, - dnsrr_resolver, proxy_service, ssl_config_service, + dnsrr_resolver, ssl_host_info_factory_.get(), + proxy_service, ssl_config_service, http_auth_handler_factory, network_delegate, net_log)), ALLOW_THIS_IN_INITIALIZER_LIST(task_factory_(this)), enable_range_support_(true) { diff --git a/net/http/http_cache.h b/net/http/http_cache.h index 775d035..1406cd0 100644 --- a/net/http/http_cache.h +++ b/net/http/http_cache.h @@ -116,7 +116,7 @@ class HttpCache : public HttpTransactionFactory, }; // The disk cache is initialized lazily (by CreateTransaction) in this case. - // The HttpCache takes ownership of the |backend_factory|. + // The HttpCache takes ownership of the |backend_factory|. HttpCache(HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, ProxyService* proxy_service, @@ -200,6 +200,7 @@ class HttpCache : public HttpTransactionFactory, class BackendCallback; class MetadataWriter; + class SSLHostInfoFactoryAdaptor; class Transaction; class WorkItem; friend class Transaction; @@ -353,6 +354,8 @@ class HttpCache : public HttpTransactionFactory, Mode mode_; + scoped_ptr<SSLHostInfoFactoryAdaptor> ssl_host_info_factory_; + scoped_ptr<HttpTransactionFactory> network_layer_; scoped_ptr<disk_cache::Backend> disk_cache_; diff --git a/net/http/http_cache_transaction.cc b/net/http/http_cache_transaction.cc index 6550703..58288f4 100644 --- a/net/http/http_cache_transaction.cc +++ b/net/http/http_cache_transaction.cc @@ -625,16 +625,6 @@ int HttpCache::Transaction::DoSendRequest() { return rv; next_state_ = STATE_SEND_REQUEST_COMPLETE; - if (request_->url.SchemeIs("https") && - SSLConfigService::snap_start_enabled()) { - // TODO(agl): in order to support AlternateProtocol there should probably - // be an object hanging off the HttpNetworkSession which constructs these. - // Note: when this test is removed, don't forget to remove the #include of - // ssl_config_service.h - scoped_refptr<DiskCacheBasedSSLHostInfo> hostinfo = - new DiskCacheBasedSSLHostInfo(request_->url.host(), cache_); - network_trans_->SetSSLHostInfo(hostinfo.get()); - } rv = network_trans_->Start(request_, &io_callback_, net_log_); return rv; } diff --git a/net/http/http_network_layer.cc b/net/http/http_network_layer.cc index 0f53d4c..5322e85 100644 --- a/net/http/http_network_layer.cc +++ b/net/http/http_network_layer.cc @@ -22,6 +22,7 @@ namespace net { HttpTransactionFactory* HttpNetworkLayer::CreateFactory( HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, SSLConfigService* ssl_config_service, HttpAuthHandlerFactory* http_auth_handler_factory, @@ -30,7 +31,8 @@ HttpTransactionFactory* HttpNetworkLayer::CreateFactory( DCHECK(proxy_service); return new HttpNetworkLayer(ClientSocketFactory::GetDefaultFactory(), - host_resolver, dnsrr_resolver, proxy_service, + host_resolver, dnsrr_resolver, + ssl_host_info_factory, proxy_service, ssl_config_service, http_auth_handler_factory, network_delegate, net_log); @@ -49,6 +51,7 @@ HttpNetworkLayer::HttpNetworkLayer( ClientSocketFactory* socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, SSLConfigService* ssl_config_service, HttpAuthHandlerFactory* http_auth_handler_factory, @@ -57,6 +60,7 @@ HttpNetworkLayer::HttpNetworkLayer( : socket_factory_(socket_factory), host_resolver_(host_resolver), dnsrr_resolver_(dnsrr_resolver), + ssl_host_info_factory_(ssl_host_info_factory), proxy_service_(proxy_service), ssl_config_service_(ssl_config_service), session_(NULL), @@ -73,6 +77,7 @@ HttpNetworkLayer::HttpNetworkLayer( ClientSocketFactory* socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, SSLConfigService* ssl_config_service, SpdySessionPool* spdy_session_pool, @@ -82,6 +87,7 @@ HttpNetworkLayer::HttpNetworkLayer( : socket_factory_(socket_factory), host_resolver_(host_resolver), dnsrr_resolver_(dnsrr_resolver), + ssl_host_info_factory_(ssl_host_info_factory), proxy_service_(proxy_service), ssl_config_service_(ssl_config_service), session_(NULL), @@ -97,6 +103,7 @@ HttpNetworkLayer::HttpNetworkLayer( HttpNetworkLayer::HttpNetworkLayer(HttpNetworkSession* session) : socket_factory_(ClientSocketFactory::GetDefaultFactory()), dnsrr_resolver_(NULL), + ssl_host_info_factory_(NULL), ssl_config_service_(NULL), session_(session), spdy_session_pool_(NULL), @@ -137,6 +144,7 @@ HttpNetworkSession* HttpNetworkLayer::GetSession() { session_ = new HttpNetworkSession( host_resolver_, dnsrr_resolver_, + ssl_host_info_factory_, proxy_service_, socket_factory_, ssl_config_service_, @@ -147,6 +155,7 @@ HttpNetworkSession* HttpNetworkLayer::GetSession() { // These were just temps for lazy-initializing HttpNetworkSession. host_resolver_ = NULL; dnsrr_resolver_ = NULL; + ssl_host_info_factory_ = NULL; proxy_service_ = NULL; socket_factory_ = NULL; http_auth_handler_factory_ = NULL; diff --git a/net/http/http_network_layer.h b/net/http/http_network_layer.h index 7872fdd..63ae3f2 100644 --- a/net/http/http_network_layer.h +++ b/net/http/http_network_layer.h @@ -25,6 +25,7 @@ class NetLog; class ProxyService; class SpdySessionPool; class SSLConfigService; +class SSLHostInfoFactory; class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { public: @@ -33,6 +34,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { HttpNetworkLayer(ClientSocketFactory* socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, SSLConfigService* ssl_config_service, HttpAuthHandlerFactory* http_auth_handler_factory, @@ -44,6 +46,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { ClientSocketFactory* socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, SSLConfigService* ssl_config_service, SpdySessionPool* spdy_session_pool, @@ -59,6 +62,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { static HttpTransactionFactory* CreateFactory( HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, SSLConfigService* ssl_config_service, HttpAuthHandlerFactory* http_auth_handler_factory, @@ -96,6 +100,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { // creating |session_|. HostResolver* host_resolver_; DnsRRResolver* dnsrr_resolver_; + SSLHostInfoFactory* ssl_host_info_factory_; scoped_refptr<ProxyService> proxy_service_; // The SSL config service being used for the session. diff --git a/net/http/http_network_layer_unittest.cc b/net/http/http_network_layer_unittest.cc index 378962e..dadda13 100644 --- a/net/http/http_network_layer_unittest.cc +++ b/net/http/http_network_layer_unittest.cc @@ -25,6 +25,7 @@ TEST_F(HttpNetworkLayerTest, CreateAndDestroy) { NULL, &host_resolver, NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, net::ProxyService::CreateDirect(), new net::SSLConfigServiceDefaults, NULL, @@ -43,6 +44,7 @@ TEST_F(HttpNetworkLayerTest, Suspend) { NULL, &host_resolver, NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, net::ProxyService::CreateDirect(), new net::SSLConfigServiceDefaults, NULL, @@ -90,6 +92,7 @@ TEST_F(HttpNetworkLayerTest, GET) { &mock_socket_factory, &host_resolver, NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, net::ProxyService::CreateDirect(), new net::SSLConfigServiceDefaults, NULL, diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc index 410d9e6..d96f901 100644 --- a/net/http/http_network_session.cc +++ b/net/http/http_network_session.cc @@ -21,6 +21,7 @@ namespace net { HttpNetworkSession::HttpNetworkSession( HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, ClientSocketFactory* client_socket_factory, SSLConfigService* ssl_config_service, @@ -37,6 +38,7 @@ HttpNetworkSession::HttpNetworkSession( client_socket_factory, host_resolver, dnsrr_resolver, + ssl_host_info_factory, proxy_service, ssl_config_service), spdy_session_pool_(spdy_session_pool), diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h index bf5e98b..53ae36a 100644 --- a/net/http/http_network_session.h +++ b/net/http/http_network_session.h @@ -38,6 +38,7 @@ class HttpResponseBodyDrainer; class SpdySessionPool; class SOCKSClientSocketPool; class SSLClientSocketPool; +class SSLHostInfoFactory; class TCPClientSocketPool; // This class holds session objects used by HttpNetworkTransaction objects. @@ -47,6 +48,7 @@ class HttpNetworkSession : public base::RefCounted<HttpNetworkSession>, HttpNetworkSession( HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, ClientSocketFactory* client_socket_factory, SSLConfigService* ssl_config_service, diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index 7d43117..fc1def9 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -416,10 +416,6 @@ uint64 HttpNetworkTransaction::GetUploadProgress() const { return stream_->GetUploadProgress(); } -void HttpNetworkTransaction::SetSSLHostInfo(SSLHostInfo* host_info) { - ssl_config_.ssl_host_info = host_info; -} - void HttpNetworkTransaction::OnStreamReady(HttpStream* stream) { DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); DCHECK(stream_request_.get()); diff --git a/net/http/http_network_transaction.h b/net/http/http_network_transaction.h index a8d371d..ce0c5bd 100644 --- a/net/http/http_network_transaction.h +++ b/net/http/http_network_transaction.h @@ -29,7 +29,6 @@ class HttpNetworkSession; class HttpStream; class HttpStreamRequest; class IOBuffer; -class SSLHostInfo; struct HttpRequestInfo; class HttpNetworkTransaction : public HttpTransaction, @@ -56,7 +55,6 @@ class HttpNetworkTransaction : public HttpTransaction, virtual const HttpResponseInfo* GetResponseInfo() const; virtual LoadState GetLoadState() const; virtual uint64 GetUploadProgress() const; - virtual void SetSSLHostInfo(SSLHostInfo* host_info); // StreamRequest::Delegate methods: virtual void OnStreamReady(HttpStream* stream); diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc index a128b3d..2066264 100644 --- a/net/http/http_network_transaction_unittest.cc +++ b/net/http/http_network_transaction_unittest.cc @@ -99,6 +99,7 @@ struct SessionDependencies { HttpNetworkSession* CreateSession(SessionDependencies* session_deps) { return new HttpNetworkSession(session_deps->host_resolver.get(), NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, session_deps->proxy_service, &session_deps->socket_factory, session_deps->ssl_config_service, @@ -296,7 +297,7 @@ template<> CaptureGroupNameSSLSocketPool::CaptureGroupNameSocketPool( HttpNetworkSession* session) : SSLClientSocketPool(0, 0, NULL, session->host_resolver(), NULL, NULL, - NULL, NULL, NULL, NULL, NULL) {} + NULL, NULL, NULL, NULL, NULL, NULL) {} //----------------------------------------------------------------------------- @@ -6424,8 +6425,8 @@ TEST_F(HttpNetworkTransactionTest, SSLConfig ssl_config; session->ssl_config_service()->GetSSLConfig(&ssl_config); ClientSocket* socket = connection->release_socket(); - socket = session->socket_factory()->CreateSSLClientSocket(socket, "" , - ssl_config); + socket = session->socket_factory()->CreateSSLClientSocket( + socket, "" , ssl_config, NULL /* ssl_host_info */); connection->set_socket(socket); EXPECT_EQ(ERR_IO_PENDING, socket->Connect(&callback)); EXPECT_EQ(OK, callback.WaitForResult()); diff --git a/net/http/http_proxy_client_socket_pool_unittest.cc b/net/http/http_proxy_client_socket_pool_unittest.cc index 71485e9..e1ca2fe 100644 --- a/net/http/http_proxy_client_socket_pool_unittest.cc +++ b/net/http/http_proxy_client_socket_pool_unittest.cc @@ -66,6 +66,7 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam { &ssl_histograms_, host_resolver_.get(), NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, &socket_factory_, &tcp_socket_pool_, NULL, @@ -76,6 +77,7 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam { HttpAuthHandlerFactory::CreateDefault(host_resolver_.get())), session_(new HttpNetworkSession(host_resolver_.get(), NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, ProxyService::CreateDirect(), &socket_factory_, new SSLConfigServiceDefaults, diff --git a/net/http/http_response_body_drainer_unittest.cc b/net/http/http_response_body_drainer_unittest.cc index 119d8f7..d57952d 100644 --- a/net/http/http_response_body_drainer_unittest.cc +++ b/net/http/http_response_body_drainer_unittest.cc @@ -177,6 +177,7 @@ class HttpResponseBodyDrainerTest : public testing::Test { : session_(new HttpNetworkSession( NULL, NULL, + NULL /* ssl_host_info_factory */, ProxyService::CreateDirect(), NULL, new SSLConfigServiceDefaults, diff --git a/net/net.gyp b/net/net.gyp index 699f093..f6a1344 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -173,6 +173,8 @@ 'base/ssl_config_service_win.cc', 'base/ssl_config_service_win.h', 'base/ssl_false_start_blacklist.cc', + 'base/ssl_host_info.cc', + 'base/ssl_host_info.h', 'base/ssl_info.cc', 'base/ssl_info.h', 'base/static_cookie_policy.cc', diff --git a/net/proxy/proxy_script_fetcher_impl_unittest.cc b/net/proxy/proxy_script_fetcher_impl_unittest.cc index 2634f99..f84be57 100644 --- a/net/proxy/proxy_script_fetcher_impl_unittest.cc +++ b/net/proxy/proxy_script_fetcher_impl_unittest.cc @@ -41,7 +41,7 @@ class RequestContext : public URLRequestContext { ssl_config_service_ = new net::SSLConfigServiceDefaults; http_transaction_factory_ = new net::HttpCache( - net::HttpNetworkLayer::CreateFactory(host_resolver_, NULL, + net::HttpNetworkLayer::CreateFactory(host_resolver_, NULL, NULL, proxy_service_, ssl_config_service_, NULL, NULL, NULL), net::HttpCache::DefaultBackend::InMemory(0)); } diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc index d0793cb..a31af007 100644 --- a/net/socket/client_socket_factory.cc +++ b/net/socket/client_socket_factory.cc @@ -6,6 +6,7 @@ #include "base/singleton.h" #include "build/build_config.h" +#include "net/base/ssl_host_info.h" #include "net/socket/client_socket_handle.h" #if defined(OS_WIN) #include "net/socket/ssl_client_socket_win.h" @@ -26,13 +27,16 @@ namespace { SSLClientSocket* DefaultSSLClientSocketFactory( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { + scoped_ptr<SSLHostInfo> shi(ssl_host_info); #if defined(OS_WIN) return new SSLClientSocketWin(transport_socket, hostname, ssl_config); #elif defined(USE_OPENSSL) return new SSLClientSocketOpenSSL(transport_socket, hostname, ssl_config); #elif defined(USE_NSS) - return new SSLClientSocketNSS(transport_socket, hostname, ssl_config); + return new SSLClientSocketNSS(transport_socket, hostname, ssl_config, + shi.release()); #elif defined(OS_MACOSX) // TODO(wtc): SSLClientSocketNSS can't do SSL client authentication using // Mac OS X CDSA/CSSM yet (http://crbug.com/45369), so fall back on @@ -40,7 +44,8 @@ SSLClientSocket* DefaultSSLClientSocketFactory( if (ssl_config.send_client_cert) return new SSLClientSocketMac(transport_socket, hostname, ssl_config); - return new SSLClientSocketNSS(transport_socket, hostname, ssl_config); + return new SSLClientSocketNSS(transport_socket, hostname, ssl_config, + shi.release()); #else NOTIMPLEMENTED(); return NULL; @@ -61,8 +66,9 @@ class DefaultClientSocketFactory : public ClientSocketFactory { virtual SSLClientSocket* CreateSSLClientSocket( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { - return g_ssl_factory(transport_socket, hostname, ssl_config); + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { + return g_ssl_factory(transport_socket, hostname, ssl_config, ssl_host_info); } }; @@ -83,10 +89,12 @@ void ClientSocketFactory::SetSSLClientSocketFactory( SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( ClientSocket* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { ClientSocketHandle* socket_handle = new ClientSocketHandle(); socket_handle->set_socket(transport_socket); - return CreateSSLClientSocket(socket_handle, hostname, ssl_config); + return CreateSSLClientSocket(socket_handle, hostname, ssl_config, + ssl_host_info); } } // namespace net diff --git a/net/socket/client_socket_factory.h b/net/socket/client_socket_factory.h index 97fb361..ad2cc54 100644 --- a/net/socket/client_socket_factory.h +++ b/net/socket/client_socket_factory.h @@ -17,12 +17,14 @@ class ClientSocket; class ClientSocketHandle; class SSLClientSocket; struct SSLConfig; +class SSLHostInfo; // Callback function to create new SSLClientSocket objects. typedef SSLClientSocket* (*SSLClientSocketFactory)( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config); + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info); // An interface used to instantiate ClientSocket objects. Used to facilitate // testing code with mock socket implementations. @@ -40,13 +42,14 @@ class ClientSocketFactory { virtual SSLClientSocket* CreateSSLClientSocket( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) = 0; - + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) = 0; // Deprecated function (http://crbug.com/37810) that takes a ClientSocket. virtual SSLClientSocket* CreateSSLClientSocket(ClientSocket* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config); + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info); // Returns the default ClientSocketFactory. static ClientSocketFactory* GetDefaultFactory(); diff --git a/net/socket/client_socket_pool_base_unittest.cc b/net/socket/client_socket_pool_base_unittest.cc index 0f06160..1f99b3d 100644 --- a/net/socket/client_socket_pool_base_unittest.cc +++ b/net/socket/client_socket_pool_base_unittest.cc @@ -106,8 +106,10 @@ class MockClientSocketFactory : public ClientSocketFactory { virtual SSLClientSocket* CreateSSLClientSocket( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { NOTIMPLEMENTED(); + delete ssl_host_info; return NULL; } diff --git a/net/socket/client_socket_pool_manager.cc b/net/socket/client_socket_pool_manager.cc index 0fca83d..512360b 100644 --- a/net/socket/client_socket_pool_manager.cc +++ b/net/socket/client_socket_pool_manager.cc @@ -56,12 +56,14 @@ ClientSocketPoolManager::ClientSocketPoolManager( ClientSocketFactory* socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, SSLConfigService* ssl_config_service) : net_log_(net_log), socket_factory_(socket_factory), host_resolver_(host_resolver), dnsrr_resolver_(dnsrr_resolver), + ssl_host_info_factory_(ssl_host_info_factory), proxy_service_(proxy_service), ssl_config_service_(ssl_config_service), tcp_pool_histograms_("TCP"), @@ -77,6 +79,7 @@ ClientSocketPoolManager::ClientSocketPoolManager( &ssl_pool_histograms_, host_resolver, dnsrr_resolver, + ssl_host_info_factory, socket_factory, tcp_socket_pool_.get(), NULL /* no socks proxy */, @@ -225,6 +228,7 @@ HttpProxyClientSocketPool* ClientSocketPoolManager::GetSocketPoolForHTTPProxy( &ssl_for_https_proxy_pool_histograms_, host_resolver_, dnsrr_resolver_, + ssl_host_info_factory_, socket_factory_, tcp_https_ret.first->second /* https proxy */, NULL /* no socks proxy */, @@ -259,6 +263,7 @@ SSLClientSocketPool* ClientSocketPoolManager::GetSocketPoolForSSLWithProxy( &ssl_pool_histograms_, host_resolver_, dnsrr_resolver_, + ssl_host_info_factory_, socket_factory_, NULL, /* no tcp pool, we always go through a proxy */ GetSocketPoolForSOCKSProxy(proxy_server), diff --git a/net/socket/client_socket_pool_manager.h b/net/socket/client_socket_pool_manager.h index c455956..c6d8f6f 100644 --- a/net/socket/client_socket_pool_manager.h +++ b/net/socket/client_socket_pool_manager.h @@ -34,6 +34,7 @@ class ProxyService; class SOCKSClientSocketPool; class SSLClientSocketPool; class SSLConfigService; +class SSLHostInfoFactory; class TCPClientSocketPool; namespace internal { @@ -60,6 +61,7 @@ class ClientSocketPoolManager : public NonThreadSafe { ClientSocketFactory* socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, SSLConfigService* ssl_config_service); ~ClientSocketPoolManager(); @@ -102,7 +104,8 @@ class ClientSocketPoolManager : public NonThreadSafe { NetLog* const net_log_; ClientSocketFactory* const socket_factory_; HostResolver* const host_resolver_; - DnsRRResolver* dnsrr_resolver_; + DnsRRResolver* const dnsrr_resolver_; + SSLHostInfoFactory* const ssl_host_info_factory_; const scoped_refptr<ProxyService> proxy_service_; const scoped_refptr<SSLConfigService> ssl_config_service_; diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc index 6f03706..72126f1 100644 --- a/net/socket/socket_test_util.cc +++ b/net/socket/socket_test_util.cc @@ -466,6 +466,7 @@ MockSSLClientSocket::MockSSLClientSocket( net::ClientSocketHandle* transport_socket, const std::string& hostname, const net::SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info, net::SSLSocketDataProvider* data) : MockClientSocket(transport_socket->socket()->NetLog().net_log()), transport_(transport_socket), @@ -473,6 +474,7 @@ MockSSLClientSocket::MockSSLClientSocket( is_npn_state_set_(false), new_npn_value_(false) { DCHECK(data_); + delete ssl_host_info; // we take ownership but don't use it. } MockSSLClientSocket::~MockSSLClientSocket() { @@ -976,10 +978,11 @@ ClientSocket* MockClientSocketFactory::CreateTCPClientSocket( SSLClientSocket* MockClientSocketFactory::CreateSSLClientSocket( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { MockSSLClientSocket* socket = new MockSSLClientSocket(transport_socket, hostname, ssl_config, - mock_ssl_data_.GetNext()); + ssl_host_info, mock_ssl_data_.GetNext()); ssl_client_sockets_.push_back(socket); return socket; } @@ -1020,10 +1023,11 @@ ClientSocket* DeterministicMockClientSocketFactory::CreateTCPClientSocket( SSLClientSocket* DeterministicMockClientSocketFactory::CreateSSLClientSocket( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { MockSSLClientSocket* socket = new MockSSLClientSocket(transport_socket, hostname, ssl_config, - mock_ssl_data_.GetNext()); + ssl_host_info, mock_ssl_data_.GetNext()); ssl_client_sockets_.push_back(socket); return socket; } diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h index eb54b84..445f3c7 100644 --- a/net/socket/socket_test_util.h +++ b/net/socket/socket_test_util.h @@ -48,6 +48,7 @@ enum { class ClientSocket; class MockClientSocket; class SSLClientSocket; +class SSLHostInfo; struct MockConnect { // Asynchronous connection success. @@ -533,7 +534,8 @@ class MockClientSocketFactory : public ClientSocketFactory { virtual SSLClientSocket* CreateSSLClientSocket( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config); + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info); SocketDataProviderArray<SocketDataProvider>& mock_data() { return mock_data_; } @@ -688,6 +690,7 @@ class MockSSLClientSocket : public MockClientSocket { net::ClientSocketHandle* transport_socket, const std::string& hostname, const net::SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info, net::SSLSocketDataProvider* socket); ~MockSSLClientSocket(); @@ -868,7 +871,8 @@ class DeterministicMockClientSocketFactory : public ClientSocketFactory { virtual SSLClientSocket* CreateSSLClientSocket( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config); + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info); SocketDataProviderArray<DeterministicSocketData>& mock_data() { return mock_data_; diff --git a/net/socket/ssl_client_socket_mac_factory.cc b/net/socket/ssl_client_socket_mac_factory.cc index ec41345..bc26261 100644 --- a/net/socket/ssl_client_socket_mac_factory.cc +++ b/net/socket/ssl_client_socket_mac_factory.cc @@ -11,7 +11,9 @@ namespace net { SSLClientSocket* SSLClientSocketMacFactory( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { + delete ssl_host_info; return new SSLClientSocketMac(transport_socket, hostname, ssl_config); } diff --git a/net/socket/ssl_client_socket_mac_factory.h b/net/socket/ssl_client_socket_mac_factory.h index 2c793c2..ca97b00 100644 --- a/net/socket/ssl_client_socket_mac_factory.h +++ b/net/socket/ssl_client_socket_mac_factory.h @@ -10,11 +10,14 @@ namespace net { +class SSLHostInfo; + // Creates SSLClientSocketMac objects. SSLClientSocket* SSLClientSocketMacFactory( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config); + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info); } // namespace net diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 39a2774..95458fa 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -400,7 +400,8 @@ HCERTSTORE SSLClientSocketNSS::cert_store_ = NULL; SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( this, &SSLClientSocketNSS::BufferSendComplete)), ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( @@ -431,7 +432,8 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, nss_bufs_(NULL), net_log_(transport_socket->socket()->NetLog()), predicted_npn_status_(kNextProtoUnsupported), - predicted_npn_proto_used_(false) { + predicted_npn_proto_used_(false), + ssl_host_info_(ssl_host_info) { EnterFunction(""); } @@ -467,9 +469,9 @@ static const uint8 kSnapStartInfoVersion = 0; // SaveSnapStartInfo serialises the information needed to perform a Snap Start // with this server in the future (if any) and tells -// |ssl_config_.ssl_host_info| to preserve it. +// |ssl_host_info_| to preserve it. void SSLClientSocketNSS::SaveSnapStartInfo() { - if (!ssl_config_.ssl_host_info.get()) + if (!ssl_host_info_.get()) return; SECStatus rv; @@ -592,7 +594,7 @@ void SSLClientSocketNSS::SaveSnapStartInfo() { DCHECK_EQ(j, len); LOG(ERROR) << "Setting Snap Start info " << hostname_ << " " << len; - ssl_config_.ssl_host_info->Set(std::string( + ssl_host_info_->Set(std::string( reinterpret_cast<const char *>(&data[0]), len)); CERT_DestroyCertList(cert_list); @@ -736,7 +738,7 @@ int SSLClientSocketNSS::Connect(CompletionCallback* callback) { return rv; } - if (ssl_config_.snap_start_enabled && ssl_config_.ssl_host_info.get()) { + if (ssl_config_.snap_start_enabled && ssl_host_info_.get()) { GotoState(STATE_SNAP_START_LOAD_INFO); } else { GotoState(STATE_HANDSHAKE); @@ -1969,12 +1971,12 @@ void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, int SSLClientSocketNSS::DoSnapStartLoadInfo() { EnterFunction(""); - int rv = ssl_config_.ssl_host_info->WaitForDataReady(&handshake_io_callback_); + int rv = ssl_host_info_->WaitForDataReady(&handshake_io_callback_); if (rv == OK) { LOG(ERROR) << "SSL host info size " << hostname_ << " " - << ssl_config_.ssl_host_info->data().size(); - if (LoadSnapStartInfo(ssl_config_.ssl_host_info->data())) { + << ssl_host_info_->data().size(); + if (LoadSnapStartInfo(ssl_host_info_->data())) { pseudo_connected_ = true; GotoState(STATE_SNAP_START_WAIT_FOR_WRITE); if (user_connect_callback_) diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index db567c4..8518084 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -30,6 +30,7 @@ namespace net { class BoundNetLog; class CertVerifier; class ClientSocketHandle; +class SSLHostInfo; class X509Certificate; // An SSL client socket implemented with Mozilla NSS. @@ -41,7 +42,8 @@ class SSLClientSocketNSS : public SSLClientSocket { // settings. SSLClientSocketNSS(ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config); + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info); ~SSLClientSocketNSS(); // SSLClientSocket methods: @@ -213,12 +215,14 @@ class SSLClientSocketNSS : public SSLClientSocket { // When performing Snap Start we need to predict the NPN protocol which the // server is going to speak before we actually perform the handshake. Thus - // the last NPN protocol used is serialised in |ssl_config.ssl_host_info| + // the last NPN protocol used is serialised in |ssl_host_info_| // and kept in these fields: SSLClientSocket::NextProtoStatus predicted_npn_status_; std::string predicted_npn_proto_; bool predicted_npn_proto_used_; + scoped_ptr<SSLHostInfo> ssl_host_info_; + #if defined(OS_WIN) // A CryptoAPI in-memory certificate store. We use it for two purposes: // 1. Import server certificates into this store so that we can verify and diff --git a/net/socket/ssl_client_socket_nss_factory.cc b/net/socket/ssl_client_socket_nss_factory.cc index 30de930..b5488d9 100644 --- a/net/socket/ssl_client_socket_nss_factory.cc +++ b/net/socket/ssl_client_socket_nss_factory.cc @@ -20,7 +20,9 @@ namespace net { SSLClientSocket* SSLClientSocketNSSFactory( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { + scoped_ptr<SSLHostInfo> shi(ssl_host_info); // TODO(wtc): SSLClientSocketNSS can't do SSL client authentication using // CryptoAPI yet (http://crbug.com/37560), so we fall back on // SSLClientSocketWin. @@ -29,7 +31,8 @@ SSLClientSocket* SSLClientSocketNSSFactory( return new SSLClientSocketWin(transport_socket, hostname, ssl_config); #endif - return new SSLClientSocketNSS(transport_socket, hostname, ssl_config); + return new SSLClientSocketNSS(transport_socket, hostname, ssl_config, + shi.release()); } } // namespace net diff --git a/net/socket/ssl_client_socket_nss_factory.h b/net/socket/ssl_client_socket_nss_factory.h index f977109..d454bb9 100644 --- a/net/socket/ssl_client_socket_nss_factory.h +++ b/net/socket/ssl_client_socket_nss_factory.h @@ -10,11 +10,14 @@ namespace net { +class SSLHostInfo; + // Creates SSLClientSocketNSS objects. SSLClientSocket* SSLClientSocketNSSFactory( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config); + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info); } // namespace net diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc index a338a7f..048ff4b 100644 --- a/net/socket/ssl_client_socket_pool.cc +++ b/net/socket/ssl_client_socket_pool.cc @@ -8,6 +8,7 @@ #include "base/values.h" #include "net/base/net_errors.h" #include "net/base/ssl_cert_request_info.h" +#include "net/base/ssl_host_info.h" #include "net/http/http_proxy_client_socket.h" #include "net/http/http_proxy_client_socket_pool.h" #include "net/socket/client_socket_factory.h" @@ -76,6 +77,7 @@ SSLConnectJob::SSLConnectJob( ClientSocketFactory* client_socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, Delegate* delegate, NetLog* net_log) : ConnectJob(group_name, timeout_duration, delegate, @@ -87,6 +89,7 @@ SSLConnectJob::SSLConnectJob( client_socket_factory_(client_socket_factory), resolver_(host_resolver), dnsrr_resolver_(dnsrr_resolver), + ssl_host_info_factory_(ssl_host_info_factory), ALLOW_THIS_IN_INITIALIZER_LIST( callback_(this, &SSLConnectJob::OnIOComplete)) {} @@ -188,10 +191,14 @@ int SSLConnectJob::DoLoop(int result) { int SSLConnectJob::DoTCPConnect() { DCHECK(tcp_pool_); - if (params_->ssl_config().ssl_host_info.get()) { + if (ssl_host_info_factory_ && SSLConfigService::snap_start_enabled()) { + ssl_host_info_.reset( + ssl_host_info_factory_->GetForHost(params_->hostname())); + } + if (ssl_host_info_.get()) { // This starts fetching the SSL host info from the disk cache for Snap // Start. - params_->ssl_config().ssl_host_info->Start(); + ssl_host_info_->Start(); } next_state_ = STATE_TCP_CONNECT_COMPLETE; @@ -277,7 +284,7 @@ int SSLConnectJob::DoSSLConnect() { ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket( transport_socket_handle_.release(), params_->hostname(), - params_->ssl_config())); + params_->ssl_config(), ssl_host_info_.release())); return ssl_socket_->Connect(&callback_); } @@ -348,7 +355,8 @@ ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob( return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(), tcp_pool_, socks_pool_, http_proxy_pool_, client_socket_factory_, host_resolver_, - dnsrr_resolver_, delegate, net_log_); + dnsrr_resolver_, ssl_host_info_factory_, delegate, + net_log_); } SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( @@ -358,6 +366,7 @@ SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( ClientSocketFactory* client_socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, NetLog* net_log) : tcp_pool_(tcp_pool), socks_pool_(socks_pool), @@ -365,6 +374,7 @@ SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( client_socket_factory_(client_socket_factory), host_resolver_(host_resolver), dnsrr_resolver_(dnsrr_resolver), + ssl_host_info_factory_(ssl_host_info_factory), net_log_(net_log) { base::TimeDelta max_transport_timeout = base::TimeDelta(); base::TimeDelta pool_timeout; @@ -390,6 +400,7 @@ SSLClientSocketPool::SSLClientSocketPool( ClientSocketPoolHistograms* histograms, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ClientSocketFactory* client_socket_factory, TCPClientSocketPool* tcp_pool, SOCKSClientSocketPool* socks_pool, @@ -405,7 +416,8 @@ SSLClientSocketPool::SSLClientSocketPool( base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout), new SSLConnectJobFactory(tcp_pool, socks_pool, http_proxy_pool, client_socket_factory, host_resolver, - dnsrr_resolver, net_log)), + dnsrr_resolver, ssl_host_info_factory, + net_log)), ssl_config_service_(ssl_config_service) { if (ssl_config_service_) ssl_config_service_->AddObserver(this); diff --git a/net/socket/ssl_client_socket_pool.h b/net/socket/ssl_client_socket_pool.h index 935a0d7..1711722 100644 --- a/net/socket/ssl_client_socket_pool.h +++ b/net/socket/ssl_client_socket_pool.h @@ -30,6 +30,7 @@ class HttpProxySocketParams; class SOCKSClientSocketPool; class SOCKSSocketParams; class SSLClientSocket; +class SSLHostInfoFactory; class TCPClientSocketPool; class TCPSocketParams; struct RRResponse; @@ -93,6 +94,7 @@ class SSLConnectJob : public ConnectJob { ClientSocketFactory* client_socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, Delegate* delegate, NetLog* net_log); virtual ~SSLConnectJob(); @@ -140,12 +142,14 @@ class SSLConnectJob : public ConnectJob { HttpProxyClientSocketPool* const http_proxy_pool_; ClientSocketFactory* const client_socket_factory_; HostResolver* const resolver_; - DnsRRResolver* dnsrr_resolver_; + DnsRRResolver* const dnsrr_resolver_; + SSLHostInfoFactory* const ssl_host_info_factory_; State next_state_; CompletionCallbackImpl<SSLConnectJob> callback_; scoped_ptr<ClientSocketHandle> transport_socket_handle_; scoped_ptr<SSLClientSocket> ssl_socket_; + scoped_ptr<SSLHostInfo> ssl_host_info_; // The time the DoSSLConnect() method was called. base::TimeTicks ssl_connect_start_time_; @@ -166,6 +170,7 @@ class SSLClientSocketPool : public ClientSocketPool, ClientSocketPoolHistograms* histograms, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, ClientSocketFactory* client_socket_factory, TCPClientSocketPool* tcp_pool, SOCKSClientSocketPool* socks_pool, @@ -238,6 +243,7 @@ class SSLClientSocketPool : public ClientSocketPool, ClientSocketFactory* client_socket_factory, HostResolver* host_resolver, DnsRRResolver* dnsrr_resolver, + SSLHostInfoFactory* ssl_host_info_factory, NetLog* net_log); virtual ~SSLConnectJobFactory() {} @@ -256,7 +262,8 @@ class SSLClientSocketPool : public ClientSocketPool, HttpProxyClientSocketPool* const http_proxy_pool_; ClientSocketFactory* const client_socket_factory_; HostResolver* const host_resolver_; - DnsRRResolver* dnsrr_resolver_; + DnsRRResolver* const dnsrr_resolver_; + SSLHostInfoFactory* const ssl_host_info_factory_; base::TimeDelta timeout_; NetLog* net_log_; diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc index 755bd44..3ee9394 100644 --- a/net/socket/ssl_client_socket_pool_unittest.cc +++ b/net/socket/ssl_client_socket_pool_unittest.cc @@ -40,6 +40,7 @@ class SSLClientSocketPoolTest : public testing::Test { host_resolver_.get())), session_(new HttpNetworkSession(host_resolver_.get(), NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, ProxyService::CreateDirect(), &socket_factory_, new SSLConfigServiceDefaults, @@ -96,6 +97,7 @@ class SSLClientSocketPoolTest : public testing::Test { ssl_histograms_.get(), NULL, NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, &socket_factory_, tcp_pool ? &tcp_socket_pool_ : NULL, socks_pool ? &socks_socket_pool_ : NULL, diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc index b367a80..bfcbe81 100644 --- a/net/socket/ssl_client_socket_unittest.cc +++ b/net/socket/ssl_client_socket_unittest.cc @@ -67,7 +67,8 @@ TEST_F(SSLClientSocketTest, Connect) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket(transport, - test_server.host_port_pair().host(), kDefaultSSLConfig)); + test_server.host_port_pair().host(), kDefaultSSLConfig, + NULL /* ssl_host_info */)); EXPECT_FALSE(sock->IsConnected()); @@ -110,7 +111,8 @@ TEST_F(SSLClientSocketTest, ConnectExpired) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket(transport, - test_server.host_port_pair().host(), kDefaultSSLConfig)); + test_server.host_port_pair().host(), kDefaultSSLConfig, + NULL /* ssl_host_info */)); EXPECT_FALSE(sock->IsConnected()); @@ -152,7 +154,8 @@ TEST_F(SSLClientSocketTest, ConnectMismatched) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket(transport, - test_server.host_port_pair().host(), kDefaultSSLConfig)); + test_server.host_port_pair().host(), kDefaultSSLConfig, + NULL /* ssl_host_info */)); EXPECT_FALSE(sock->IsConnected()); @@ -197,7 +200,8 @@ TEST_F(SSLClientSocketTest, FLAKY_ConnectClientAuthCertRequested) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket(transport, - test_server.host_port_pair().host(), kDefaultSSLConfig)); + test_server.host_port_pair().host(), kDefaultSSLConfig, + NULL /* ssl_host_info */)); EXPECT_FALSE(sock->IsConnected()); @@ -247,7 +251,8 @@ TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket(transport, - test_server.host_port_pair().host(), ssl_config)); + test_server.host_port_pair().host(), ssl_config, + NULL /* ssl_host_info */)); EXPECT_FALSE(sock->IsConnected()); @@ -297,7 +302,8 @@ TEST_F(SSLClientSocketTest, Read) { socket_factory_->CreateSSLClientSocket( transport, test_server.host_port_pair().host(), - kDefaultSSLConfig)); + kDefaultSSLConfig, + NULL /* ssl_host_info */)); rv = sock->Connect(&callback); if (rv != net::OK) { @@ -357,7 +363,8 @@ TEST_F(SSLClientSocketTest, Read_FullDuplex) { socket_factory_->CreateSSLClientSocket( transport, test_server.host_port_pair().host(), - kDefaultSSLConfig)); + kDefaultSSLConfig, + NULL /* ssl_host_info */)); rv = sock->Connect(&callback); if (rv != net::OK) { @@ -414,7 +421,8 @@ TEST_F(SSLClientSocketTest, Read_SmallChunks) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket(transport, - test_server.host_port_pair().host(), kDefaultSSLConfig)); + test_server.host_port_pair().host(), kDefaultSSLConfig, + NULL /* ssl_host_info */)); rv = sock->Connect(&callback); if (rv != net::OK) { @@ -467,7 +475,8 @@ TEST_F(SSLClientSocketTest, Read_Interrupted) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket(transport, - test_server.host_port_pair().host(), kDefaultSSLConfig)); + test_server.host_port_pair().host(), kDefaultSSLConfig, + NULL /* ssl_host_info */)); rv = sock->Connect(&callback); if (rv != net::OK) { @@ -540,7 +549,8 @@ TEST_F(SSLClientSocketTest, PrematureApplicationData) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket( - transport, test_server.host_port_pair().host(), kDefaultSSLConfig)); + transport, test_server.host_port_pair().host(), kDefaultSSLConfig, + NULL /* ssl_host_info */)); rv = sock->Connect(&callback); EXPECT_EQ(net::ERR_SSL_PROTOCOL_ERROR, rv); diff --git a/net/socket/tcp_client_socket_pool_unittest.cc b/net/socket/tcp_client_socket_pool_unittest.cc index c550232..32ac9f8 100644 --- a/net/socket/tcp_client_socket_pool_unittest.cc +++ b/net/socket/tcp_client_socket_pool_unittest.cc @@ -245,8 +245,10 @@ class MockClientSocketFactory : public ClientSocketFactory { virtual SSLClientSocket* CreateSSLClientSocket( ClientSocketHandle* transport_socket, const std::string& hostname, - const SSLConfig& ssl_config) { + const SSLConfig& ssl_config, + SSLHostInfo* ssl_host_info) { NOTIMPLEMENTED(); + delete ssl_host_info; return NULL; } diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc index aa91962..7c3c5e9 100644 --- a/net/socket_stream/socket_stream.cc +++ b/net/socket_stream/socket_stream.cc @@ -793,8 +793,10 @@ int SocketStream::DoSOCKSConnectComplete(int result) { int SocketStream::DoSSLConnect() { DCHECK(factory_); + // TODO(agl): look into plumbing SSLHostInfo here. socket_.reset(factory_->CreateSSLClientSocket( - socket_.release(), url_.HostNoBrackets(), ssl_config_)); + socket_.release(), url_.HostNoBrackets(), ssl_config_, + NULL /* ssl_host_info */)); next_state_ = STATE_SSL_CONNECT_COMPLETE; metrics_->OnSSLConnection(); return socket_->Connect(&io_callback_); diff --git a/net/spdy/spdy_test_util.h b/net/spdy/spdy_test_util.h index 8c3a1e5..e3e85c8 100644 --- a/net/spdy/spdy_test_util.h +++ b/net/spdy/spdy_test_util.h @@ -354,6 +354,7 @@ class SpdySessionDependencies { SpdySessionDependencies* session_deps) { return new HttpNetworkSession(session_deps->host_resolver.get(), NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, session_deps->proxy_service, session_deps->socket_factory.get(), session_deps->ssl_config_service, @@ -366,6 +367,7 @@ class SpdySessionDependencies { SpdySessionDependencies* session_deps) { return new HttpNetworkSession(session_deps->host_resolver.get(), NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, session_deps->proxy_service, session_deps-> deterministic_socket_factory.get(), @@ -389,6 +391,7 @@ class SpdyURLRequestContext : public URLRequestContext { new HttpNetworkLayer(&socket_factory_, host_resolver_, NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, proxy_service_, ssl_config_service_, new SpdySessionPool(NULL), diff --git a/net/tools/fetch/fetch_client.cc b/net/tools/fetch/fetch_client.cc index b976ce2..42949c8 100644 --- a/net/tools/fetch/fetch_client.cc +++ b/net/tools/fetch/fetch_client.cc @@ -155,6 +155,7 @@ int main(int argc, char**argv) { net::ClientSocketFactory::GetDefaultFactory(), host_resolver.get(), NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, proxy_service, ssl_config_service, http_auth_handler_factory.get(), diff --git a/net/url_request/url_request_unittest.h b/net/url_request/url_request_unittest.h index 99aeda5..2a3ae41 100644 --- a/net/url_request/url_request_unittest.h +++ b/net/url_request/url_request_unittest.h @@ -161,7 +161,8 @@ class TestURLRequestContext : public URLRequestContext { host_resolver_); http_transaction_factory_ = new net::HttpCache( net::HttpNetworkLayer::CreateFactory(host_resolver_, - NULL, + NULL /* dnsrr_resolver */, + NULL /* ssl_host_info_factory */, proxy_service_, ssl_config_service_, http_auth_handler_factory_, diff --git a/remoting/jingle_glue/ssl_socket_adapter.cc b/remoting/jingle_glue/ssl_socket_adapter.cc index 6eca04b..3f49325 100644 --- a/remoting/jingle_glue/ssl_socket_adapter.cc +++ b/remoting/jingle_glue/ssl_socket_adapter.cc @@ -67,7 +67,8 @@ int SSLSocketAdapter::BeginSSL() { transport_socket_->set_addr(talk_base::SocketAddress(hostname_, 0)); ssl_socket_.reset( net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( - transport_socket_, hostname_.c_str(), ssl_config)); + transport_socket_, hostname_.c_str(), ssl_config, + NULL /* ssl_host_info */)); int result = ssl_socket_->Connect(&connected_callback_); |