diff options
26 files changed, 49 insertions, 125 deletions
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc index 9c3b997..8e00a2b 100644 --- a/chrome/browser/io_thread.cc +++ b/chrome/browser/io_thread.cc @@ -256,7 +256,8 @@ ConstructProxyScriptFetcherContext(IOThread::Globals* globals, context->set_net_log(net_log); context->set_host_resolver(globals->host_resolver.get()); context->set_cert_verifier(globals->cert_verifier.get()); - context->set_dnsrr_resolver(globals->dnsrr_resolver.get()); + context->set_transport_security_state( + globals->transport_security_state.get()); context->set_http_auth_handler_factory( globals->http_auth_handler_factory.get()); context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); @@ -282,7 +283,8 @@ ConstructSystemRequestContext(IOThread::Globals* globals, context->set_net_log(net_log); context->set_host_resolver(globals->host_resolver.get()); context->set_cert_verifier(globals->cert_verifier.get()); - context->set_dnsrr_resolver(globals->dnsrr_resolver.get()); + context->set_transport_security_state( + globals->transport_security_state.get()); context->set_http_auth_handler_factory( globals->http_auth_handler_factory.get()); context->set_proxy_service(globals->system_proxy_service.get()); @@ -446,6 +448,7 @@ void IOThread::Init() { CreateGlobalHostResolver(net_log_)); globals_->cert_verifier.reset(new net::CertVerifier); globals_->dnsrr_resolver.reset(new net::DnsRRResolver); + globals_->transport_security_state.reset(new net::TransportSecurityState("")); globals_->ssl_config_service = GetSSLConfigService(); globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( globals_->host_resolver.get())); @@ -464,6 +467,8 @@ void IOThread::Init() { session_params.cert_verifier = globals_->cert_verifier.get(); session_params.origin_bound_cert_service = globals_->system_origin_bound_cert_service.get(); + session_params.transport_security_state = + globals_->transport_security_state.get(); session_params.proxy_service = globals_->proxy_script_fetcher_proxy_service.get(); session_params.http_auth_handler_factory = @@ -656,7 +661,8 @@ void IOThread::InitSystemRequestContextOnIOThread() { system_params.cert_verifier = globals_->cert_verifier.get(); system_params.origin_bound_cert_service = globals_->system_origin_bound_cert_service.get(); - system_params.dnsrr_resolver = globals_->dnsrr_resolver.get(); + system_params.transport_security_state = + globals_->transport_security_state.get(); system_params.dns_cert_checker = NULL; system_params.ssl_host_info_factory = NULL; system_params.proxy_service = globals_->system_proxy_service.get(); diff --git a/chrome/browser/io_thread.h b/chrome/browser/io_thread.h index 974dab4..8a861cc 100644 --- a/chrome/browser/io_thread.h +++ b/chrome/browser/io_thread.h @@ -41,6 +41,7 @@ class ProxyConfigService; class ProxyService; class SdchManager; class SSLConfigService; +class TransportSecurityState; class URLRequestContext; class URLRequestContextGetter; class URLSecurityManager; @@ -65,6 +66,10 @@ class IOThread : public content::BrowserThreadDelegate { scoped_ptr<net::NetworkDelegate> system_network_delegate; scoped_ptr<net::HostResolver> host_resolver; scoped_ptr<net::CertVerifier> cert_verifier; + // This TransportSecurityState doesn't load or save any state. It's only + // used to enforce pinning for system requests and will only use built-in + // pins. + scoped_ptr<net::TransportSecurityState> transport_security_state; scoped_ptr<net::DnsRRResolver> dnsrr_resolver; scoped_refptr<net::SSLConfigService> ssl_config_service; scoped_ptr<net::HttpAuthHandlerFactory> http_auth_handler_factory; diff --git a/chrome/browser/net/connection_tester.cc b/chrome/browser/net/connection_tester.cc index ba7262b..6aa1e9a 100644 --- a/chrome/browser/net/connection_tester.cc +++ b/chrome/browser/net/connection_tester.cc @@ -16,7 +16,6 @@ #include "chrome/common/chrome_switches.h" #include "net/base/cert_verifier.h" #include "net/base/cookie_monster.h" -#include "net/base/dnsrr_resolver.h" #include "net/base/host_resolver.h" #include "net/base/host_resolver_impl.h" #include "net/base/io_buffer.h" @@ -72,7 +71,6 @@ class ExperimentURLRequestContext : public net::URLRequestContext { // The rest of the dependencies are standard, and don't depend on the // experiment being run. storage_.set_cert_verifier(new net::CertVerifier); - storage_.set_dnsrr_resolver(new net::DnsRRResolver); storage_.set_ftp_transaction_factory( new net::FtpNetworkLayer(host_resolver())); storage_.set_ssl_config_service(new net::SSLConfigServiceDefaults); @@ -82,7 +80,6 @@ class ExperimentURLRequestContext : public net::URLRequestContext { net::HttpNetworkSession::Params session_params; session_params.host_resolver = host_resolver(); - session_params.dnsrr_resolver = dnsrr_resolver(); session_params.cert_verifier = cert_verifier(); session_params.proxy_service = proxy_service(); session_params.http_auth_handler_factory = http_auth_handler_factory(); diff --git a/chrome/browser/net/connection_tester_unittest.cc b/chrome/browser/net/connection_tester_unittest.cc index b3dd1f3..3540990 100644 --- a/chrome/browser/net/connection_tester_unittest.cc +++ b/chrome/browser/net/connection_tester_unittest.cc @@ -8,7 +8,6 @@ #include "content/test/test_browser_thread.h" #include "net/base/cert_verifier.h" #include "net/base/cookie_monster.h" -#include "net/base/dnsrr_resolver.h" #include "net/base/mock_host_resolver.h" #include "net/base/ssl_config_service_defaults.h" #include "net/ftp/ftp_network_layer.h" @@ -108,7 +107,6 @@ class ConnectionTesterTest : public PlatformTest { ConnectionTesterDelegate test_delegate_; net::MockHostResolver host_resolver_; net::CertVerifier cert_verifier_; - net::DnsRRResolver dnsrr_resolver_; scoped_ptr<net::ProxyService> proxy_service_; scoped_refptr<net::SSLConfigService> ssl_config_service_; scoped_ptr<net::HttpTransactionFactory> http_transaction_factory_; @@ -120,7 +118,6 @@ class ConnectionTesterTest : public PlatformTest { void InitializeRequestContext() { proxy_script_fetcher_context_->set_host_resolver(&host_resolver_); proxy_script_fetcher_context_->set_cert_verifier(&cert_verifier_); - proxy_script_fetcher_context_->set_dnsrr_resolver(&dnsrr_resolver_); proxy_script_fetcher_context_->set_http_auth_handler_factory( &http_auth_handler_factory_); proxy_service_.reset(net::ProxyService::CreateDirect()); @@ -129,7 +126,6 @@ class ConnectionTesterTest : public PlatformTest { net::HttpNetworkSession::Params session_params; session_params.host_resolver = &host_resolver_; session_params.cert_verifier = &cert_verifier_; - session_params.dnsrr_resolver = &dnsrr_resolver_; session_params.http_auth_handler_factory = &http_auth_handler_factory_; session_params.ssl_config_service = ssl_config_service_; session_params.proxy_service = proxy_service_.get(); diff --git a/chrome/browser/profiles/off_the_record_profile_io_data.cc b/chrome/browser/profiles/off_the_record_profile_io_data.cc index 93e232d..b7b022a 100644 --- a/chrome/browser/profiles/off_the_record_profile_io_data.cc +++ b/chrome/browser/profiles/off_the_record_profile_io_data.cc @@ -161,8 +161,6 @@ void OffTheRecordProfileIOData::LazyInitializeInternal( io_thread_globals->host_resolver.get()); main_context->set_cert_verifier( io_thread_globals->cert_verifier.get()); - main_context->set_dnsrr_resolver( - io_thread_globals->dnsrr_resolver.get()); main_context->set_http_auth_handler_factory( io_thread_globals->http_auth_handler_factory.get()); main_context->set_dns_cert_checker(dns_cert_checker()); @@ -200,7 +198,7 @@ void OffTheRecordProfileIOData::LazyInitializeInternal( new net::HttpCache(main_context->host_resolver(), main_context->cert_verifier(), main_context->origin_bound_cert_service(), - main_context->dnsrr_resolver(), + main_context->transport_security_state(), main_context->dns_cert_checker(), main_context->proxy_service(), main_context->ssl_config_service(), diff --git a/chrome/browser/profiles/profile_impl_io_data.cc b/chrome/browser/profiles/profile_impl_io_data.cc index 02bb06a..f614d3b 100644 --- a/chrome/browser/profiles/profile_impl_io_data.cc +++ b/chrome/browser/profiles/profile_impl_io_data.cc @@ -285,10 +285,6 @@ void ProfileImplIOData::LazyInitializeInternal( io_thread_globals->cert_verifier.get()); media_request_context_->set_cert_verifier( io_thread_globals->cert_verifier.get()); - main_context->set_dnsrr_resolver( - io_thread_globals->dnsrr_resolver.get()); - media_request_context_->set_dnsrr_resolver( - io_thread_globals->dnsrr_resolver.get()); main_context->set_http_auth_handler_factory( io_thread_globals->http_auth_handler_factory.get()); media_request_context_->set_http_auth_handler_factory( @@ -373,7 +369,7 @@ void ProfileImplIOData::LazyInitializeInternal( main_context->host_resolver(), main_context->cert_verifier(), main_context->origin_bound_cert_service(), - main_context->dnsrr_resolver(), + main_context->transport_security_state(), main_context->dns_cert_checker(), main_context->proxy_service(), main_context->ssl_config_service(), diff --git a/chrome/service/net/service_url_request_context.cc b/chrome/service/net/service_url_request_context.cc index d91f400..6a11d70 100644 --- a/chrome/service/net/service_url_request_context.cc +++ b/chrome/service/net/service_url_request_context.cc @@ -16,7 +16,6 @@ #include "chrome/service/service_process.h" #include "net/base/cert_verifier.h" #include "net/base/cookie_monster.h" -#include "net/base/dnsrr_resolver.h" #include "net/base/host_resolver.h" #include "net/base/ssl_config_service_defaults.h" #include "net/ftp/ftp_network_layer.h" @@ -117,7 +116,6 @@ ServiceURLRequestContext::ServiceURLRequestContext( storage_.set_proxy_service(net::ProxyService::CreateUsingSystemProxyResolver( net_proxy_config_service, 0u, NULL)); storage_.set_cert_verifier(new net::CertVerifier); - storage_.set_dnsrr_resolver(new net::DnsRRResolver); storage_.set_ftp_transaction_factory( new net::FtpNetworkLayer(host_resolver())); storage_.set_ssl_config_service(new net::SSLConfigServiceDefaults); @@ -128,7 +126,6 @@ ServiceURLRequestContext::ServiceURLRequestContext( net::HttpNetworkSession::Params session_params; session_params.host_resolver = host_resolver(); session_params.cert_verifier = cert_verifier(); - session_params.dnsrr_resolver = dnsrr_resolver(); session_params.proxy_service = proxy_service(); session_params.ssl_config_service = ssl_config_service(); session_params.http_auth_handler_factory = http_auth_handler_factory(); diff --git a/content/shell/shell_url_request_context_getter.cc b/content/shell/shell_url_request_context_getter.cc index 52c6683..01eafe6 100644 --- a/content/shell/shell_url_request_context_getter.cc +++ b/content/shell/shell_url_request_context_getter.cc @@ -10,7 +10,6 @@ #include "net/base/cert_verifier.h" #include "net/base/cookie_monster.h" #include "net/base/default_origin_bound_cert_store.h" -#include "net/base/dnsrr_resolver.h" #include "net/base/host_resolver.h" #include "net/base/origin_bound_cert_service.h" #include "net/base/ssl_config_service_defaults.h" @@ -77,13 +76,11 @@ net::URLRequestContext* ShellURLRequestContextGetter::GetURLRequestContext() { BrowserThread::GetMessageLoopProxyForThread( BrowserThread::CACHE)); - storage_->set_dnsrr_resolver(new net::DnsRRResolver()); - net::HttpCache* main_cache = new net::HttpCache( url_request_context_->host_resolver(), url_request_context_->cert_verifier(), url_request_context_->origin_bound_cert_service(), - url_request_context_->dnsrr_resolver(), + NULL, //tranport_security_state NULL, //dns_cert_checker url_request_context_->proxy_service(), url_request_context_->ssl_config_service(), diff --git a/jingle/notifier/base/proxy_resolving_client_socket.cc b/jingle/notifier/base/proxy_resolving_client_socket.cc index 302a8ed..3d46ed6b 100644 --- a/jingle/notifier/base/proxy_resolving_client_socket.cc +++ b/jingle/notifier/base/proxy_resolving_client_socket.cc @@ -48,7 +48,8 @@ ProxyResolvingClientSocket::ProxyResolvingClientSocket( session_params.cert_verifier = request_context->cert_verifier(); // TODO(rkn): This is NULL because OriginBoundCertService is not thread safe. session_params.origin_bound_cert_service = NULL; - session_params.dnsrr_resolver = request_context->dnsrr_resolver(); + // transport_security_state is NULL because it's not thread safe. + session_params.transport_security_state = NULL; session_params.dns_cert_checker = request_context->dns_cert_checker(); session_params.proxy_service = request_context->proxy_service(); session_params.ssl_host_info_factory = NULL; diff --git a/net/http/disk_cache_based_ssl_host_info_unittest.cc b/net/http/disk_cache_based_ssl_host_info_unittest.cc index 3e84d47..9fb4727 100644 --- a/net/http/disk_cache_based_ssl_host_info_unittest.cc +++ b/net/http/disk_cache_based_ssl_host_info_unittest.cc @@ -5,6 +5,7 @@ #include "base/bind.h" #include "base/bind_helpers.h" #include "base/compiler_specific.h" +#include "base/message_loop.h" #include "net/base/net_errors.h" #include "net/base/ssl_config_service.h" #include "net/http/disk_cache_based_ssl_host_info.h" diff --git a/net/http/http_cache.cc b/net/http/http_cache.cc index 58fa5cb..4aa37fa 100644 --- a/net/http/http_cache.cc +++ b/net/http/http_cache.cc @@ -45,7 +45,7 @@ HttpNetworkSession* CreateNetworkSession( HostResolver* host_resolver, CertVerifier* cert_verifier, OriginBoundCertService* origin_bound_cert_service, - DnsRRResolver* dnsrr_resolver, + TransportSecurityState* transport_security_state, DnsCertProvenanceChecker* dns_cert_checker, ProxyService* proxy_service, SSLHostInfoFactory* ssl_host_info_factory, @@ -58,7 +58,7 @@ HttpNetworkSession* CreateNetworkSession( params.host_resolver = host_resolver; params.cert_verifier = cert_verifier; params.origin_bound_cert_service = origin_bound_cert_service; - params.dnsrr_resolver = dnsrr_resolver; + params.transport_security_state = transport_security_state; params.dns_cert_checker = dns_cert_checker; params.proxy_service = proxy_service; params.ssl_host_info_factory = ssl_host_info_factory; @@ -318,7 +318,7 @@ class HttpCache::SSLHostInfoFactoryAdaptor : public SSLHostInfoFactory { HttpCache::HttpCache(HostResolver* host_resolver, CertVerifier* cert_verifier, OriginBoundCertService* origin_bound_cert_service, - DnsRRResolver* dnsrr_resolver, + TransportSecurityState* transport_security_state, DnsCertProvenanceChecker* dns_cert_checker_, ProxyService* proxy_service, SSLConfigService* ssl_config_service, @@ -340,7 +340,7 @@ HttpCache::HttpCache(HostResolver* host_resolver, host_resolver, cert_verifier, origin_bound_cert_service, - dnsrr_resolver, + transport_security_state, dns_cert_checker_, proxy_service, ssl_host_info_factory_.get(), diff --git a/net/http/http_cache.h b/net/http/http_cache.h index 526da58..0e12443 100644 --- a/net/http/http_cache.h +++ b/net/http/http_cache.h @@ -44,11 +44,9 @@ namespace net { class CertVerifier; class DnsCertProvenanceChecker; -class DnsRRResolver; class HostResolver; class HttpAuthHandlerFactory; class HttpNetworkSession; -struct HttpRequestInfo; class HttpResponseInfo; class HttpServerProperties; class IOBuffer; @@ -57,7 +55,9 @@ class NetworkDelegate; class OriginBoundCertService; class ProxyService; class SSLConfigService; +class TransportSecurityState; class ViewCacheHelper; +struct HttpRequestInfo; class NET_EXPORT HttpCache : public HttpTransactionFactory, public base::SupportsWeakPtr<HttpCache>, @@ -123,7 +123,7 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory, HttpCache(HostResolver* host_resolver, CertVerifier* cert_verifier, OriginBoundCertService* origin_bound_cert_service, - DnsRRResolver* dnsrr_resolver, + TransportSecurityState* transport_security_state, DnsCertProvenanceChecker* dns_cert_checker, ProxyService* proxy_service, SSLConfigService* ssl_config_service, diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc index ffdaee5..cc3fdd1f 100644 --- a/net/http/http_network_session.cc +++ b/net/http/http_network_session.cc @@ -40,7 +40,7 @@ HttpNetworkSession::HttpNetworkSession(const Params& params) params.host_resolver, params.cert_verifier, params.origin_bound_cert_service, - params.dnsrr_resolver, + params.transport_security_state, params.dns_cert_checker, params.ssl_host_info_factory, params.proxy_service, diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h index a6c6912..083d807 100644 --- a/net/http/http_network_session.h +++ b/net/http/http_network_session.h @@ -28,7 +28,6 @@ namespace net { class CertVerifier; class ClientSocketFactory; class DnsCertProvenanceChecker; -class DnsRRResolver; class HostResolver; class HttpAuthHandlerFactory; class HttpNetworkSessionPeer; @@ -44,6 +43,7 @@ class SSLClientSocketPool; class SSLConfigService; class SSLHostInfoFactory; class TransportClientSocketPool; +class TransportSecurityState; // This class holds session objects used by HttpNetworkTransaction objects. class NET_EXPORT HttpNetworkSession @@ -56,7 +56,7 @@ class NET_EXPORT HttpNetworkSession host_resolver(NULL), cert_verifier(NULL), origin_bound_cert_service(NULL), - dnsrr_resolver(NULL), + transport_security_state(NULL), dns_cert_checker(NULL), proxy_service(NULL), ssl_host_info_factory(NULL), @@ -70,7 +70,7 @@ class NET_EXPORT HttpNetworkSession HostResolver* host_resolver; CertVerifier* cert_verifier; OriginBoundCertService* origin_bound_cert_service; - DnsRRResolver* dnsrr_resolver; + TransportSecurityState* transport_security_state; DnsCertProvenanceChecker* dns_cert_checker; ProxyService* proxy_service; SSLHostInfoFactory* ssl_host_info_factory; diff --git a/net/socket/client_socket_pool_manager_impl.cc b/net/socket/client_socket_pool_manager_impl.cc index 3626ec7..3159c09 100644 --- a/net/socket/client_socket_pool_manager_impl.cc +++ b/net/socket/client_socket_pool_manager_impl.cc @@ -38,7 +38,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( HostResolver* host_resolver, CertVerifier* cert_verifier, OriginBoundCertService* origin_bound_cert_service, - DnsRRResolver* dnsrr_resolver, + TransportSecurityState* transport_security_state, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, @@ -48,7 +48,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( host_resolver_(host_resolver), cert_verifier_(cert_verifier), origin_bound_cert_service_(origin_bound_cert_service), - dnsrr_resolver_(dnsrr_resolver), + transport_security_state_(transport_security_state), dns_cert_checker_(dns_cert_checker), ssl_host_info_factory_(ssl_host_info_factory), proxy_service_(proxy_service), @@ -67,7 +67,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( host_resolver, cert_verifier, origin_bound_cert_service, - dnsrr_resolver, + transport_security_state, dns_cert_checker, ssl_host_info_factory, socket_factory, @@ -287,7 +287,7 @@ ClientSocketPoolManagerImpl::GetSocketPoolForHTTPProxy( host_resolver_, cert_verifier_, origin_bound_cert_service_, - dnsrr_resolver_, + transport_security_state_, dns_cert_checker_, ssl_host_info_factory_, socket_factory_, @@ -326,7 +326,7 @@ SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSSLWithProxy( host_resolver_, cert_verifier_, origin_bound_cert_service_, - dnsrr_resolver_, + transport_security_state_, dns_cert_checker_, ssl_host_info_factory_, socket_factory_, diff --git a/net/socket/client_socket_pool_manager_impl.h b/net/socket/client_socket_pool_manager_impl.h index 554cfcb..a4ba519 100644 --- a/net/socket/client_socket_pool_manager_impl.h +++ b/net/socket/client_socket_pool_manager_impl.h @@ -24,7 +24,6 @@ class CertVerifier; class ClientSocketFactory; class ClientSocketPoolHistograms; class DnsCertProvenanceChecker; -class DnsRRResolver; class HttpProxyClientSocketPool; class HostResolver; class NetLog; @@ -35,6 +34,7 @@ class SSLClientSocketPool; class SSLConfigService; class SSLHostInfoFactory; class TransportClientSocketPool; +class TransportSecurityState; namespace internal { @@ -63,7 +63,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe, HostResolver* host_resolver, CertVerifier* cert_verifier, OriginBoundCertService* origin_bound_cert_service, - DnsRRResolver* dnsrr_resolver, + TransportSecurityState* transport_security_state, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, ProxyService* proxy_service, @@ -109,7 +109,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe, HostResolver* const host_resolver_; CertVerifier* const cert_verifier_; OriginBoundCertService* const origin_bound_cert_service_; - DnsRRResolver* const dnsrr_resolver_; + TransportSecurityState* const transport_security_state_; DnsCertProvenanceChecker* const dns_cert_checker_; SSLHostInfoFactory* const ssl_host_info_factory_; ProxyService* const proxy_service_; diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h index feaa3cf..c847e9f 100644 --- a/net/socket/ssl_client_socket.h +++ b/net/socket/ssl_client_socket.h @@ -18,29 +18,12 @@ namespace net { class CertVerifier; class DnsCertProvenanceChecker; -class DnsRRResolver; class OriginBoundCertService; class SSLCertRequestInfo; class SSLHostInfo; class SSLHostInfoFactory; class SSLInfo; -struct RRResponse; - -// DNSSECProvider is an interface to an object that can return DNSSEC data. -class DNSSECProvider { - public: - // GetDNSSECRecords will either: - // 1) set |*out| to NULL and return OK. - // 2) set |*out| to a pointer, which is owned by this object, and return OK. - // 3) return IO_PENDING and call |callback| on the current MessageLoop at - // some point in the future. Once the callback has been made, this - // function will return OK if called again. - virtual int GetDNSSECRecords(RRResponse** out, - OldCompletionCallback* callback) = 0; - - private: - ~DNSSECProvider() {} -}; +class TransportSecurityState; // This struct groups together several fields which are used by various // classes related to SSLClientSocket. @@ -48,24 +31,23 @@ struct SSLClientSocketContext { SSLClientSocketContext() : cert_verifier(NULL), origin_bound_cert_service(NULL), - dnsrr_resolver(NULL), dns_cert_checker(NULL), ssl_host_info_factory(NULL) {} SSLClientSocketContext(CertVerifier* cert_verifier_arg, OriginBoundCertService* origin_bound_cert_service_arg, - DnsRRResolver* dnsrr_resolver_arg, + TransportSecurityState* transport_security_state_arg, DnsCertProvenanceChecker* dns_cert_checker_arg, SSLHostInfoFactory* ssl_host_info_factory_arg) : cert_verifier(cert_verifier_arg), origin_bound_cert_service(origin_bound_cert_service_arg), - dnsrr_resolver(dnsrr_resolver_arg), + transport_security_state(transport_security_state_arg), dns_cert_checker(dns_cert_checker_arg), ssl_host_info_factory(ssl_host_info_factory_arg) {} CertVerifier* cert_verifier; OriginBoundCertService* origin_bound_cert_service; - DnsRRResolver* dnsrr_resolver; + TransportSecurityState* transport_security_state; DnsCertProvenanceChecker* dns_cert_checker; SSLHostInfoFactory* ssl_host_info_factory; }; @@ -140,8 +122,6 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { virtual bool set_was_npn_negotiated(bool negotiated); - virtual void UseDNSSEC(DNSSECProvider*) { } - virtual bool was_spdy_negotiated() const; virtual bool set_was_spdy_negotiated(bool negotiated); diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 6d99f28..6464cd7 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -84,7 +84,6 @@ #include "net/base/cert_verifier.h" #include "net/base/connection_type_histograms.h" #include "net/base/dns_util.h" -#include "net/base/dnsrr_resolver.h" #include "net/base/dnssec_chain_verifier.h" #include "net/base/transport_security_state.h" #include "net/base/io_buffer.h" diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc index 601ad73..dffe962 100644 --- a/net/socket/ssl_client_socket_pool.cc +++ b/net/socket/ssl_client_socket_pool.cc @@ -194,9 +194,6 @@ int SSLConnectJob::DoTransportConnect() { } if (ssl_host_info_.get()) { - if (context_.dnsrr_resolver) - ssl_host_info_->StartDnsLookup(context_.dnsrr_resolver); - // This starts fetching the SSL host info from the disk cache for early // certificate verification and the TLS cached information extension. ssl_host_info_->Start(); @@ -447,7 +444,7 @@ SSLClientSocketPool::SSLClientSocketPool( HostResolver* host_resolver, CertVerifier* cert_verifier, OriginBoundCertService* origin_bound_cert_service, - DnsRRResolver* dnsrr_resolver, + TransportSecurityState* transport_security_state, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, ClientSocketFactory* client_socket_factory, @@ -470,7 +467,7 @@ SSLClientSocketPool::SSLClientSocketPool( SSLClientSocketContext( cert_verifier, origin_bound_cert_service, - dnsrr_resolver, + transport_security_state, dns_cert_checker, ssl_host_info_factory), net_log)), diff --git a/net/socket/ssl_client_socket_pool.h b/net/socket/ssl_client_socket_pool.h index ac5c22b7..2ca42b5 100644 --- a/net/socket/ssl_client_socket_pool.h +++ b/net/socket/ssl_client_socket_pool.h @@ -26,7 +26,6 @@ class CertVerifier; class ClientSocketFactory; class ConnectJobFactory; class DnsCertProvenanceChecker; -class DnsRRResolver; class HostPortPair; class HttpProxyClientSocketPool; class HttpProxySocketParams; @@ -34,8 +33,9 @@ class SOCKSClientSocketPool; class SOCKSSocketParams; class SSLClientSocket; class SSLHostInfoFactory; -class TransportSocketParams; class TransportClientSocketPool; +class TransportSecurityState; +class TransportSocketParams; // SSLSocketParams only needs the socket params for the transport socket // that will be used (denoted by |proxy|). @@ -179,7 +179,7 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool HostResolver* host_resolver, CertVerifier* cert_verifier, OriginBoundCertService* origin_bound_cert_service, - DnsRRResolver* dnsrr_resolver, + TransportSecurityState* transport_security_state, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, ClientSocketFactory* client_socket_factory, diff --git a/net/socket/ssl_host_info.cc b/net/socket/ssl_host_info.cc index 83fab41..ad9165c 100644 --- a/net/socket/ssl_host_info.cc +++ b/net/socket/ssl_host_info.cc @@ -8,8 +8,6 @@ #include "base/metrics/histogram.h" #include "base/pickle.h" #include "base/string_piece.h" -#include "net/base/dns_util.h" -#include "net/base/dnsrr_resolver.h" #include "net/base/ssl_config_service.h" #include "net/base/x509_certificate.h" #include "net/socket/ssl_client_socket.h" @@ -35,22 +33,10 @@ SSLHostInfo::SSLHostInfo( rev_checking_enabled_(ssl_config.rev_checking_enabled), verify_ev_cert_(ssl_config.verify_ev_cert), verifier_(cert_verifier), - ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)), - dnsrr_resolver_(NULL), - dns_callback_(NULL), - dns_handle_(DnsRRResolver::kInvalidHandle) { + ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)) { } SSLHostInfo::~SSLHostInfo() { - if (dns_handle_ != DnsRRResolver::kInvalidHandle) { - dnsrr_resolver_->CancelResolve(dns_handle_); - delete dns_callback_; - } -} - -void SSLHostInfo::StartDnsLookup(DnsRRResolver* dnsrr_resolver) { - dnsrr_resolver_ = dnsrr_resolver; - // Note: currently disabled. } const SSLHostInfo::State& SSLHostInfo::state() const { diff --git a/net/socket/ssl_host_info.h b/net/socket/ssl_host_info.h index 54eeb2f..406dae9 100644 --- a/net/socket/ssl_host_info.h +++ b/net/socket/ssl_host_info.h @@ -15,7 +15,6 @@ #include "net/base/cert_verifier.h" #include "net/base/cert_verify_result.h" #include "net/base/completion_callback.h" -#include "net/base/dnsrr_resolver.h" #include "net/base/net_export.h" #include "net/socket/ssl_client_socket.h" @@ -60,9 +59,6 @@ class NET_EXPORT_PRIVATE SSLHostInfo { // callback. virtual void Persist() = 0; - // StartDnsLookup triggers a DNS lookup for the host. - void StartDnsLookup(DnsRRResolver* dnsrr_resolver); - struct State { State(); ~State(); @@ -132,12 +128,6 @@ class NET_EXPORT_PRIVATE SSLHostInfo { SingleRequestCertVerifier verifier_; scoped_refptr<X509Certificate> cert_; base::WeakPtrFactory<SSLHostInfo> weak_factory_; - - DnsRRResolver* dnsrr_resolver_; - OldCompletionCallback* dns_callback_; - DnsRRResolver::Handle dns_handle_; - RRResponse dns_response_; - base::TimeTicks dns_lookup_start_time_; base::TimeTicks cert_verification_finished_time_; }; diff --git a/net/url_request/url_request_context.cc b/net/url_request/url_request_context.cc index ccfb5649..142068e 100644 --- a/net/url_request/url_request_context.cc +++ b/net/url_request/url_request_context.cc @@ -19,7 +19,6 @@ URLRequestContext::URLRequestContext() host_resolver_(NULL), cert_verifier_(NULL), origin_bound_cert_service_(NULL), - dnsrr_resolver_(NULL), dns_cert_checker_(NULL), fraudulent_certificate_reporter_(NULL), http_auth_handler_factory_(NULL), @@ -39,7 +38,6 @@ void URLRequestContext::CopyFrom(URLRequestContext* other) { set_host_resolver(other->host_resolver()); set_cert_verifier(other->cert_verifier()); set_origin_bound_cert_service(other->origin_bound_cert_service()); - set_dnsrr_resolver(other->dnsrr_resolver()); set_dns_cert_checker(other->dns_cert_checker()); set_fraudulent_certificate_reporter(other->fraudulent_certificate_reporter()); set_http_auth_handler_factory(other->http_auth_handler_factory()); diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h index 1ac2b16..b3ccd3b 100644 --- a/net/url_request/url_request_context.h +++ b/net/url_request/url_request_context.h @@ -26,7 +26,6 @@ namespace net { class CertVerifier; class CookieStore; class DnsCertProvenanceChecker; -class DnsRRResolver; class FraudulentCertificateReporter; class FtpTransactionFactory; class HostResolver; @@ -88,14 +87,6 @@ class NET_EXPORT URLRequestContext origin_bound_cert_service_ = origin_bound_cert_service; } - DnsRRResolver* dnsrr_resolver() const { - return dnsrr_resolver_; - } - - void set_dnsrr_resolver(DnsRRResolver* dnsrr_resolver) { - dnsrr_resolver_ = dnsrr_resolver; - } - DnsCertProvenanceChecker* dns_cert_checker() const { return dns_cert_checker_; } @@ -225,7 +216,6 @@ class NET_EXPORT URLRequestContext HostResolver* host_resolver_; CertVerifier* cert_verifier_; OriginBoundCertService* origin_bound_cert_service_; - DnsRRResolver* dnsrr_resolver_; DnsCertProvenanceChecker* dns_cert_checker_; FraudulentCertificateReporter* fraudulent_certificate_reporter_; HttpAuthHandlerFactory* http_auth_handler_factory_; diff --git a/net/url_request/url_request_context_storage.cc b/net/url_request/url_request_context_storage.cc index e73bd8e..4f0a2b0 100644 --- a/net/url_request/url_request_context_storage.cc +++ b/net/url_request/url_request_context_storage.cc @@ -7,7 +7,6 @@ #include "base/logging.h" #include "net/base/cert_verifier.h" #include "net/base/cookie_store.h" -#include "net/base/dnsrr_resolver.h" #include "net/base/host_resolver.h" #include "net/base/net_log.h" #include "net/base/network_delegate.h" @@ -52,12 +51,6 @@ void URLRequestContextStorage::set_origin_bound_cert_service( origin_bound_cert_service_.reset(origin_bound_cert_service); } -void URLRequestContextStorage::set_dnsrr_resolver( - DnsRRResolver* dnsrr_resolver) { - context_->set_dnsrr_resolver(dnsrr_resolver); - dnsrr_resolver_.reset(dnsrr_resolver); -} - void URLRequestContextStorage::set_dns_cert_checker( DnsCertProvenanceChecker* dns_cert_checker) { context_->set_dns_cert_checker(dns_cert_checker); diff --git a/net/url_request/url_request_context_storage.h b/net/url_request/url_request_context_storage.h index 2c839cc..4a2df3d 100644 --- a/net/url_request/url_request_context_storage.h +++ b/net/url_request/url_request_context_storage.h @@ -16,7 +16,6 @@ namespace net { class CertVerifier; class CookieStore; class DnsCertProvenanceChecker; -class DnsRRResolver; class FraudulentCertificateReporter; class FtpTransactionFactory; class HostResolver; @@ -50,7 +49,6 @@ class NET_EXPORT URLRequestContextStorage { void set_cert_verifier(CertVerifier* cert_verifier); void set_origin_bound_cert_service( OriginBoundCertService* origin_bound_cert_service); - void set_dnsrr_resolver(DnsRRResolver* dnsrr_resolver); void set_dns_cert_checker(DnsCertProvenanceChecker* dns_cert_checker); void set_fraudulent_certificate_reporter( FraudulentCertificateReporter* fraudulent_certificate_reporter); @@ -80,7 +78,6 @@ class NET_EXPORT URLRequestContextStorage { scoped_ptr<HostResolver> host_resolver_; scoped_ptr<CertVerifier> cert_verifier_; scoped_ptr<OriginBoundCertService> origin_bound_cert_service_; - scoped_ptr<DnsRRResolver> dnsrr_resolver_; scoped_ptr<DnsCertProvenanceChecker> dns_cert_checker_; scoped_ptr<FraudulentCertificateReporter> fraudulent_certificate_reporter_; scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_; |