diff options
13 files changed, 180 insertions, 42 deletions
diff --git a/chrome/browser/sync/notifier/base/ssl_adapter.cc b/chrome/browser/sync/notifier/base/ssl_adapter.cc new file mode 100644 index 0000000..a9218ae --- /dev/null +++ b/chrome/browser/sync/notifier/base/ssl_adapter.cc @@ -0,0 +1,27 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/browser/sync/notifier/base/ssl_adapter.h" + +#if defined(OS_WIN) +#include "talk/base/ssladapter.h" +#else +#include "chrome/browser/sync/notifier/communicator/ssl_socket_adapter.h" +#endif + +namespace notifier { + +talk_base::SSLAdapter* CreateSSLAdapter(talk_base::AsyncSocket* socket) { + talk_base::SSLAdapter* ssl_adapter = +#if defined(OS_WIN) + talk_base::SSLAdapter::Create(socket); +#else + notifier::SSLSocketAdapter::Create(socket); +#endif + DCHECK(ssl_adapter); + return ssl_adapter; +} + +} // namespace notifier + diff --git a/chrome/browser/sync/notifier/base/ssl_adapter.h b/chrome/browser/sync/notifier/base/ssl_adapter.h new file mode 100644 index 0000000..1ce0fa9 --- /dev/null +++ b/chrome/browser/sync/notifier/base/ssl_adapter.h @@ -0,0 +1,33 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_BROWSER_SYNC_NOTIFIER_BASE_SSL_ADAPTER_H_ +#define CHROME_BROWSER_SYNC_NOTIFIER_BASE_SSL_ADAPTER_H_ + +namespace talk_base { +class AsyncSocket; +class SSLAdapter; +} // namespace talk_base + +namespace notifier { + +// Wraps the given socket in a platform-dependent SSLAdapter +// implementation. +talk_base::SSLAdapter* CreateSSLAdapter(talk_base::AsyncSocket* socket); + +// Utility template class that overrides CreateSSLAdapter() to use the +// above function. +template <class SocketFactory> +class SSLAdapterSocketFactory : public SocketFactory { + public: + virtual talk_base::SSLAdapter* CreateSSLAdapter( + talk_base::AsyncSocket* socket) { + return ::notifier::CreateSSLAdapter(socket); + } +}; + +} // namespace notifier + +#endif // CHROME_BROWSER_SYNC_NOTIFIER_BASE_SSL_ADAPTER_H_ + diff --git a/chrome/browser/sync/notifier/communicator/ssl_socket_adapter.cc b/chrome/browser/sync/notifier/communicator/ssl_socket_adapter.cc index 6fc08b5..414cc79 100755 --- a/chrome/browser/sync/notifier/communicator/ssl_socket_adapter.cc +++ b/chrome/browser/sync/notifier/communicator/ssl_socket_adapter.cc @@ -8,6 +8,7 @@ #include "base/message_loop.h" #include "chrome/browser/net/url_request_context_getter.h" #include "chrome/browser/profile.h" +#include "net/base/net_errors.h" #include "net/base/ssl_config_service.h" #include "net/socket/client_socket_factory.h" #include "net/url_request/url_request_context.h" @@ -57,7 +58,7 @@ SSLSocketAdapter* SSLSocketAdapter::Create(AsyncSocket* socket) { } SSLSocketAdapter::SSLSocketAdapter(AsyncSocket* socket) - : AsyncSocketAdapter(socket), + : SSLAdapter(socket), ignore_bad_cert_(false), ALLOW_THIS_IN_INITIALIZER_LIST( connected_callback_(this, &SSLSocketAdapter::OnConnected)), @@ -104,6 +105,7 @@ int SSLSocketAdapter::BeginSSL() { if (result == net::ERR_IO_PENDING || result == net::OK) { return 0; } else { + LOG(ERROR) << "Could not start SSL: " << net::ErrorToString(result); return result; } } diff --git a/chrome/browser/sync/notifier/communicator/ssl_socket_adapter.h b/chrome/browser/sync/notifier/communicator/ssl_socket_adapter.h index 550132f..fe869fe 100755 --- a/chrome/browser/sync/notifier/communicator/ssl_socket_adapter.h +++ b/chrome/browser/sync/notifier/communicator/ssl_socket_adapter.h @@ -12,6 +12,7 @@ #include "net/socket/client_socket.h" #include "net/socket/ssl_client_socket.h" #include "talk/base/asyncsocket.h" +#include "talk/base/ssladapter.h" namespace net { class LoadLog; @@ -77,13 +78,10 @@ class TransportSocket : public net::ClientSocket, public sigslot::has_slots<> { // This provides a talk_base::AsyncSocketAdapter interface around Chromium's // net::SSLClientSocket class. This allows notifier to use Chromium's SSL // implementation instead of OpenSSL. -class SSLSocketAdapter : public talk_base::AsyncSocketAdapter { +class SSLSocketAdapter : public talk_base::SSLAdapter { public: explicit SSLSocketAdapter(talk_base::AsyncSocket* socket); - bool ignore_bad_cert() const { return ignore_bad_cert_; } - void set_ignore_bad_cert(bool ignore) { ignore_bad_cert_ = ignore; } - // StartSSL returns 0 if successful, or non-zero on failure. // If StartSSL is called while the socket is closed or connecting, the SSL // negotiation will begin as soon as the socket connects. diff --git a/chrome/browser/sync/notifier/communicator/xmpp_socket_adapter.cc b/chrome/browser/sync/notifier/communicator/xmpp_socket_adapter.cc index b7a3602..e6ede1d 100644 --- a/chrome/browser/sync/notifier/communicator/xmpp_socket_adapter.cc +++ b/chrome/browser/sync/notifier/communicator/xmpp_socket_adapter.cc @@ -8,18 +8,13 @@ #include <string> #include "base/logging.h" +#include "chrome/browser/sync/notifier/base/ssl_adapter.h" #include "chrome/browser/sync/notifier/communicator/product_info.h" -#if defined(OS_LINUX) || defined(OS_MACOSX) -#include "chrome/browser/sync/notifier/communicator/ssl_socket_adapter.h" -#endif #include "talk/base/byteorder.h" #include "talk/base/common.h" #include "talk/base/firewallsocketserver.h" #include "talk/base/logging.h" #include "talk/base/socketadapters.h" -#if defined(OS_WIN) -#include "talk/base/ssladapter.h" -#endif #include "talk/xmpp/xmppengine.h" namespace notifier { @@ -137,12 +132,8 @@ bool XmppSocketAdapter::Connect(const talk_base::SocketAddress& addr) { } #if defined(FEATURE_ENABLE_SSL) -#if defined(OS_WIN) - talk_base::SSLAdapter* ssl = talk_base::SSLAdapter::Create(socket); -#else - notifier::SSLSocketAdapter* ssl = notifier::SSLSocketAdapter::Create(socket); -#endif - socket = ssl; + talk_base::SSLAdapter* ssl_adapter = notifier::CreateSSLAdapter(socket); + socket = ssl_adapter; // For our purposes the SSL adapter is the socket. #endif socket->SignalReadEvent.connect(this, &XmppSocketAdapter::OnReadEvent); @@ -329,13 +320,8 @@ bool XmppSocketAdapter::StartTls(const std::string& verify_host_name) { ASSERT(write_buffer_length_ == 0); -#if defined(OS_WIN) talk_base::SSLAdapter* ssl_adapter = static_cast<talk_base::SSLAdapter*>(socket_); -#else - notifier::SSLSocketAdapter* ssl_adapter = - static_cast<notifier::SSLSocketAdapter*>(socket_); -#endif if (allow_unverified_certs_) { ssl_adapter->set_ignore_bad_cert(true); diff --git a/chrome/browser/sync/notifier/gaia_auth/gaiaauth.cc b/chrome/browser/sync/notifier/gaia_auth/gaiaauth.cc index 8ff7c6f..0afae73 100644 --- a/chrome/browser/sync/notifier/gaia_auth/gaiaauth.cc +++ b/chrome/browser/sync/notifier/gaia_auth/gaiaauth.cc @@ -5,6 +5,7 @@ #include <string> #include "base/logging.h" +#include "chrome/browser/sync/notifier/base/ssl_adapter.h" #include "chrome/browser/sync/notifier/gaia_auth/gaiaauth.h" #include "talk/base/asynchttprequest.h" #include "talk/base/firewallsocketserver.h" @@ -80,7 +81,12 @@ class GaiaAuth::WorkerThread : public talk_base::SignalThread { success_ = true; error_ = false; } else { - talk_base::PhysicalSocketServer physical; + // SocketFactory::CreateSSLAdapter() is called on the following + // object somewhere in the depths of libjingle so we wrap it + // with SSLAdapterSocketFactory to make sure it returns the + // right SSLAdapter (see http://crbug.com/30721 ). + notifier::SSLAdapterSocketFactory<talk_base::PhysicalSocketServer> + physical; talk_base::SocketServer* ss = &physical; if (firewall_) { ss = new talk_base::FirewallSocketServer(ss, firewall_); @@ -94,7 +100,18 @@ class GaiaAuth::WorkerThread : public talk_base::SignalThread { } factory.SetLogging(talk_base::LS_VERBOSE, "GaiaAuth"); +#if defined(OS_WIN) talk_base::ReuseSocketPool pool(&factory); +#else + // On non-Windows platforms our SSL socket wrapper + // implementation does not support restartable SSL sockets, so + // we turn it off and use a NewSocketPool instead. This means + // that we create separate connections for each HTTP request but + // this is okay since we do only two (in GaiaRequestSid() and + // GaiaRequestAuthToken()). + factory.SetUseRestartableSSLSockets(false); + talk_base::NewSocketPool pool(&factory); +#endif talk_base::HttpClient http(agent_, &pool); talk_base::HttpMonitor monitor(ss); diff --git a/chrome/chrome.gyp b/chrome/chrome.gyp index 903c39c..c010272 100755 --- a/chrome/chrome.gyp +++ b/chrome/chrome.gyp @@ -621,6 +621,8 @@ 'browser/sync/notifier/base/network_status_detector_task_mt.h', 'browser/sync/notifier/base/posix/time_posix.cc', 'browser/sync/notifier/base/signal_thread_task.h', + 'browser/sync/notifier/base/ssl_adapter.h', + 'browser/sync/notifier/base/ssl_adapter.cc', 'browser/sync/notifier/base/static_assert.h', 'browser/sync/notifier/base/task_pump.cc', 'browser/sync/notifier/base/task_pump.h', diff --git a/third_party/libjingle/README.chromium b/third_party/libjingle/README.chromium index a4d124e..5b177c8 100644 --- a/third_party/libjingle/README.chromium +++ b/third_party/libjingle/README.chromium @@ -40,3 +40,6 @@ Local Modifications: library. The #define guard is SAFE_TO_DEFINE_TALK_BASE_LOGGING_MACROS. * Updated signalthread.* and dependencies to add threadcounting and improve multithread safety. + * Added a CreateSSLAdapter() function to SocketFactory to allow SSL + adapter creation behavior to be overridden. + * Improved handling and error-checking of SSL adapters. diff --git a/third_party/libjingle/files/talk/base/asynchttprequest.cc b/third_party/libjingle/files/talk/base/asynchttprequest.cc index bf7bc85..9b3d414 100644 --- a/third_party/libjingle/files/talk/base/asynchttprequest.cc +++ b/third_party/libjingle/files/talk/base/asynchttprequest.cc @@ -70,9 +70,15 @@ talk_base::AsyncSocket * SslSocketFactory::CreateAsyncSocket(int type) { } if (!hostname_.empty()) { - talk_base::SSLAdapter * ssl_adapter = talk_base::SSLAdapter::Create(socket); + talk_base::SSLAdapter * ssl_adapter = factory_->CreateSSLAdapter(socket); ssl_adapter->set_ignore_bad_cert(ignore_bad_cert_); - ssl_adapter->StartSSL(hostname_.c_str(), true); + int error = ssl_adapter->StartSSL(hostname_.c_str(), + use_restartable_ssl_sockets_); + if (error != 0) { + LOG(LS_WARNING) << "Could not start SSL; error = " << error; + delete ssl_adapter; + return 0; + } socket = ssl_adapter; } diff --git a/third_party/libjingle/files/talk/base/asynchttprequest.h b/third_party/libjingle/files/talk/base/asynchttprequest.h index 7f2f348..543210d 100644 --- a/third_party/libjingle/files/talk/base/asynchttprequest.h +++ b/third_party/libjingle/files/talk/base/asynchttprequest.h @@ -102,7 +102,8 @@ class SslSocketFactory : public talk_base::SocketFactory { public: SslSocketFactory(talk_base::SocketFactory * factory, const std::string &user_agent) : factory_(factory), logging_level_(talk_base::LS_VERBOSE), - binary_mode_(false), agent_(user_agent) { } + binary_mode_(false), agent_(user_agent), + ignore_bad_cert_(false), use_restartable_ssl_sockets_(false) { } void UseSSL(const char * hostname) { hostname_ = hostname; } void DisableSSL() { hostname_.clear(); } @@ -111,6 +112,12 @@ class SslSocketFactory : public talk_base::SocketFactory { const talk_base::ProxyInfo& proxy() const { return proxy_; } bool ignore_bad_cert() {return ignore_bad_cert_;} void SetIgnoreBadCert(bool ignore) { ignore_bad_cert_ = ignore; } + bool use_restartable_ssl_sockets() const { + return use_restartable_ssl_sockets_; + } + void SetUseRestartableSSLSockets(bool use_restartable_ssl_sockets) { + use_restartable_ssl_sockets_ = use_restartable_ssl_sockets; + } void SetLogging(talk_base::LoggingSeverity level, const std::string& label, bool binary_mode = false) { @@ -130,6 +137,7 @@ private: bool binary_mode_; std::string agent_; bool ignore_bad_cert_; + bool use_restartable_ssl_sockets_; }; /////////////////////////////////////////////////////////////////////////////// diff --git a/third_party/libjingle/files/talk/base/socketfactory.h b/third_party/libjingle/files/talk/base/socketfactory.h index 2a4aee2..fd12375 100644 --- a/third_party/libjingle/files/talk/base/socketfactory.h +++ b/third_party/libjingle/files/talk/base/socketfactory.h @@ -30,6 +30,7 @@ #include "talk/base/socket.h" #include "talk/base/asyncsocket.h" +#include "talk/base/ssladapter.h" namespace talk_base { @@ -44,6 +45,11 @@ public: // Returns a new socket for nonblocking communication. The type can be // SOCK_DGRAM and SOCK_STREAM. virtual AsyncSocket* CreateAsyncSocket(int type) = 0; + + // Wraps the given socket in an SSL adapter. + virtual SSLAdapter* CreateSSLAdapter(AsyncSocket* socket) { + return SSLAdapter::Create(socket); + } }; } // namespace talk_base diff --git a/third_party/libjingle/files/talk/base/socketpool.cc b/third_party/libjingle/files/talk/base/socketpool.cc index 614ce89..b90b2c9 100644 --- a/third_party/libjingle/files/talk/base/socketpool.cc +++ b/third_party/libjingle/files/talk/base/socketpool.cc @@ -139,7 +139,6 @@ StreamInterface* NewSocketPool::RequestConnectedStream(const SocketAddress& remote, int* err) { AsyncSocket* socket = factory_->CreateAsyncSocket(SOCK_STREAM); if (!socket) { - ASSERT(false); if (err) *err = -1; return NULL; @@ -186,7 +185,6 @@ ReuseSocketPool::RequestConnectedStream(const SocketAddress& remote, int* err) { LOG(LS_INFO) << "ReuseSocketPool - Creating new socket"; AsyncSocket* socket = factory_->CreateAsyncSocket(SOCK_STREAM); if (!socket) { - ASSERT(false); if (err) *err = -1; return NULL; diff --git a/third_party/libjingle/mods-since-v0_4_0.diff b/third_party/libjingle/mods-since-v0_4_0.diff index b36cf65..afddbc2 100644 --- a/third_party/libjingle/mods-since-v0_4_0.diff +++ b/third_party/libjingle/mods-since-v0_4_0.diff @@ -1,4 +1,3 @@ -Only in libjingle/files: .svn Only in libjingle-0.4.0: Makefile.in diff -r libjingle-0.4.0/README libjingle/files/README 1,39c1,39 @@ -206,16 +205,43 @@ Only in libjingle-0.4.0: depcomp Only in libjingle-0.4.0: install-sh Only in libjingle-0.4.0: ltmain.sh Only in libjingle-0.4.0: missing -Only in libjingle/files/talk: .svn Only in libjingle-0.4.0/talk: Makefile.in -Only in libjingle/files/talk/base: .svn Only in libjingle-0.4.0/talk/base: Makefile.in +diff -r libjingle-0.4.0/talk/base/asynchttprequest.cc libjingle/files/talk/base/asynchttprequest.cc +73c73 +< talk_base::SSLAdapter * ssl_adapter = talk_base::SSLAdapter::Create(socket); +--- +> talk_base::SSLAdapter * ssl_adapter = factory_->CreateSSLAdapter(socket); +75c75,81 +< ssl_adapter->StartSSL(hostname_.c_str(), true); +--- +> int error = ssl_adapter->StartSSL(hostname_.c_str(), +> use_restartable_ssl_sockets_); +> if (error != 0) { +> LOG(LS_WARNING) << "Could not start SSL; error = " << error; +> delete ssl_adapter; +> return 0; +> } diff -r libjingle-0.4.0/talk/base/asynchttprequest.h libjingle/files/talk/base/asynchttprequest.h 23,24c23 < public SignalThread, < public sigslot::has_slots<> { --- > public SignalThread { +106c105,106 +< binary_mode_(false), agent_(user_agent) { } +--- +> binary_mode_(false), agent_(user_agent), +> ignore_bad_cert_(false), use_restartable_ssl_sockets_(false) { } +114a115,120 +> bool use_restartable_ssl_sockets() const { +> return use_restartable_ssl_sockets_; +> } +> void SetUseRestartableSSLSockets(bool use_restartable_ssl_sockets) { +> use_restartable_ssl_sockets_ = use_restartable_ssl_sockets; +> } +133a140 +> bool use_restartable_ssl_sockets_; diff -r libjingle-0.4.0/talk/base/asynctcpsocket.cc libjingle/files/talk/base/asynctcpsocket.cc 31a32,33 > #include <cstring> @@ -305,6 +331,18 @@ diff -r libjingle-0.4.0/talk/base/httpclient.cc libjingle/files/talk/base/httpcl diff -r libjingle-0.4.0/talk/base/logging.cc libjingle/files/talk/base/logging.cc 27a28 > #include <stdio.h> +76c77 +< #if _DEBUG +--- +> #if LOGGING +78c79 +< #else // !_DEBUG +--- +> #else +80c81 +< #endif // !_DEBUG +--- +> #endif diff -r libjingle-0.4.0/talk/base/logging.h libjingle/files/talk/base/logging.h 67a68,69 > @@ -313,6 +351,10 @@ diff -r libjingle-0.4.0/talk/base/logging.h libjingle/files/talk/base/logging.h > #endif // defined(SAFE_TO_DEFINE_TALK_BASE_LOGGING_MACROS) 195a199 > #if defined(SAFE_TO_DEFINE_TALK_BASE_LOGGING_MACROS) +197c201 +< #if defined(_DEBUG) && !defined(NDEBUG) +--- +> #if !defined(NDEBUG) 290a295 > #endif // defined(SAFE_TO_DEFINE_TALK_BASE_LOGGING_MACROS) diff -r libjingle-0.4.0/talk/base/messagequeue.cc libjingle/files/talk/base/messagequeue.cc @@ -802,7 +844,6 @@ diff -r libjingle-0.4.0/talk/base/signalthread.h libjingle/files/talk/base/signa > kComplete, // Work is done > kStopping, // Work is being interrupted > } state_; -Only in libjingle/files/talk/base: signalthread_unittest.cc diff -r libjingle-0.4.0/talk/base/socket.h libjingle/files/talk/base/socket.h 77a78 > #undef ETIMEDOUT // remove pthread.h's definition @@ -810,6 +851,20 @@ diff -r libjingle-0.4.0/talk/base/socketadapters.cc libjingle/files/talk/base/so 43a44,45 > #include <cstring> > +diff -r libjingle-0.4.0/talk/base/socketfactory.h libjingle/files/talk/base/socketfactory.h +32a33 +> #include "talk/base/ssladapter.h" +46a48,52 +> +> // Wraps the given socket in an SSL adapter. +> virtual SSLAdapter* CreateSSLAdapter(AsyncSocket* socket) { +> return SSLAdapter::Create(socket); +> } +diff -r libjingle-0.4.0/talk/base/socketpool.cc libjingle/files/talk/base/socketpool.cc +142d141 +< ASSERT(false); +189d187 +< ASSERT(false); diff -r libjingle-0.4.0/talk/base/ssladapter.cc libjingle/files/talk/base/ssladapter.cc 34c34,35 < #define SSL_USE_OPENSSL 1 @@ -906,23 +961,25 @@ diff -r libjingle-0.4.0/talk/base/thread.cc libjingle/files/talk/base/thread.cc 128a139,140 > CritScope cs(&started_crit_); > stopped_ = true; -168a181,184 +131a144 +> started_ = false; +168a182,185 > CritScope cs(&started_crit_); > // Make sure Join() hasn't been called yet. > if (stopped_) > return; -181a198,199 +181a199,200 > CritScope cs(&started_crit_); > stopped_ = true; -191a210,212 +191a211,213 > // Make sure the thread hasn't been deleted. > if (!g_thmgr.ThreadActive(thread)) > return NULL; -207c228 +207c229 < MessageQueue::Stop(); --- > MessageQueue::Quit(); -329c350 +329c351 < return false; --- > return !IsQuitting(); @@ -957,9 +1014,7 @@ Only in libjingle/files/talk/base: winsock_initializer.h Only in libjingle-0.4.0/talk: examples Only in libjingle-0.4.0/talk: libjingle.sln Only in libjingle-0.4.0/talk: libjingle.vcproj -Only in libjingle/files/talk/p2p: .svn Only in libjingle-0.4.0/talk/p2p: Makefile.in -Only in libjingle/files/talk/p2p/base: .svn Only in libjingle-0.4.0/talk/p2p/base: Makefile.in diff -r libjingle-0.4.0/talk/p2p/base/p2ptransport.cc libjingle/files/talk/p2p/base/p2ptransport.cc 37c37 @@ -1009,7 +1064,6 @@ diff -r libjingle-0.4.0/talk/p2p/base/transport.cc libjingle/files/talk/p2p/base < #include "talk/xmpp/constants.h" --- > #include "talk/xmpp/xmppconstants.h" -Only in libjingle/files/talk/p2p/client: .svn Only in libjingle-0.4.0/talk/p2p/client: Makefile.in diff -r libjingle-0.4.0/talk/p2p/client/httpportallocator.cc libjingle/files/talk/p2p/client/httpportallocator.cc 82c82 @@ -1018,7 +1072,6 @@ diff -r libjingle-0.4.0/talk/p2p/client/httpportallocator.cc libjingle/files/tal > relay_hosts_.push_back("relay.google.com"); Only in libjingle-0.4.0/talk: session Only in libjingle-0.4.0/talk: third_party -Only in libjingle/files/talk/xmllite: .svn Only in libjingle-0.4.0/talk/xmllite: Makefile.in diff -r libjingle-0.4.0/talk/xmllite/qname.cc libjingle/files/talk/xmllite/qname.cc 39c39 @@ -1170,7 +1223,6 @@ diff -r libjingle-0.4.0/talk/xmllite/xmlprinter.cc libjingle/files/talk/xmllite/ > XmlPrinterImpl::PrintCDATAText(const std::string & text) { > *pout_ << "<![CDATA[" << text << "]]>"; > } -Only in libjingle/files/talk/xmpp: .svn Only in libjingle-0.4.0/talk/xmpp: Makefile.in Only in libjingle-0.4.0/talk/xmpp: constants.cc Only in libjingle-0.4.0/talk/xmpp: constants.h |