| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/client_socket_factory.h" | 5 #include "net/socket/client_socket_factory.h" |
| 6 | 6 |
| 7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
| 8 #include "base/thread_task_runner_handle.h" |
| 9 #include "base/threading/thread.h" |
| 8 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 9 #include "net/base/cert_database.h" | 11 #include "net/base/cert_database.h" |
| 10 #include "net/socket/client_socket_handle.h" | 12 #include "net/socket/client_socket_handle.h" |
| 11 #if defined(OS_WIN) | 13 #if defined(OS_WIN) |
| 12 #include "net/socket/ssl_client_socket_nss.h" | 14 #include "net/socket/ssl_client_socket_nss.h" |
| 13 #include "net/socket/ssl_client_socket_win.h" | 15 #include "net/socket/ssl_client_socket_win.h" |
| 14 #elif defined(USE_OPENSSL) | 16 #elif defined(USE_OPENSSL) |
| 15 #include "net/socket/ssl_client_socket_openssl.h" | 17 #include "net/socket/ssl_client_socket_openssl.h" |
| 16 #elif defined(USE_NSS) | 18 #elif defined(USE_NSS) |
| 17 #include "net/socket/ssl_client_socket_nss.h" | 19 #include "net/socket/ssl_client_socket_nss.h" |
| 18 #elif defined(OS_MACOSX) | 20 #elif defined(OS_MACOSX) |
| 19 #include "net/socket/ssl_client_socket_mac.h" | 21 #include "net/socket/ssl_client_socket_mac.h" |
| 20 #include "net/socket/ssl_client_socket_nss.h" | 22 #include "net/socket/ssl_client_socket_nss.h" |
| 21 #endif | 23 #endif |
| 22 #include "net/socket/ssl_host_info.h" | 24 #include "net/socket/ssl_host_info.h" |
| 23 #include "net/socket/tcp_client_socket.h" | 25 #include "net/socket/tcp_client_socket.h" |
| 24 #include "net/udp/udp_client_socket.h" | 26 #include "net/udp/udp_client_socket.h" |
| 25 | 27 |
| 26 namespace net { | 28 namespace net { |
| 27 | 29 |
| 28 class X509Certificate; | 30 class X509Certificate; |
| 29 | 31 |
| 30 namespace { | 32 namespace { |
| 31 | 33 |
| 32 bool g_use_system_ssl = false; | 34 bool g_use_system_ssl = false; |
| 33 | 35 |
| 36 // ChromeOS uses a hardware TPM module that may cause NSS operations to |
| 37 // block for upwards of several seconds. To avoid blocking all network and |
| 38 // IPC activity, run NSS SSL functions on a dedicated thread. |
| 39 #if defined(OS_CHROMEOS) |
| 40 bool g_use_dedicated_nss_thread = true; |
| 41 #else |
| 42 bool g_use_dedicated_nss_thread = false; |
| 43 #endif |
| 44 |
| 34 class DefaultClientSocketFactory : public ClientSocketFactory, | 45 class DefaultClientSocketFactory : public ClientSocketFactory, |
| 35 public CertDatabase::Observer { | 46 public CertDatabase::Observer { |
| 36 public: | 47 public: |
| 37 DefaultClientSocketFactory() { | 48 DefaultClientSocketFactory() { |
| 49 if (g_use_dedicated_nss_thread) { |
| 50 nss_thread_.reset(new base::Thread("NSS SSL Thread")); |
| 51 if (nss_thread_->Start()) |
| 52 nss_thread_task_runner_ = nss_thread_->message_loop_proxy(); |
| 53 } |
| 54 |
| 38 CertDatabase::AddObserver(this); | 55 CertDatabase::AddObserver(this); |
| 39 } | 56 } |
| 40 | 57 |
| 41 virtual ~DefaultClientSocketFactory() { | 58 virtual ~DefaultClientSocketFactory() { |
| 59 // Note: This code never runs, as the factory is defined as a Leaky |
| 60 // singleton. |
| 42 CertDatabase::RemoveObserver(this); | 61 CertDatabase::RemoveObserver(this); |
| 43 } | 62 } |
| 44 | 63 |
| 45 virtual void OnUserCertAdded(const X509Certificate* cert) { | 64 virtual void OnUserCertAdded(const X509Certificate* cert) { |
| 46 ClearSSLSessionCache(); | 65 ClearSSLSessionCache(); |
| 47 } | 66 } |
| 48 | 67 |
| 49 virtual void OnCertTrustChanged(const X509Certificate* cert) { | 68 virtual void OnCertTrustChanged(const X509Certificate* cert) { |
| 50 // Per wtc, we actually only need to flush when trust is reduced. | 69 // Per wtc, we actually only need to flush when trust is reduced. |
| 51 // Always flush now because OnCertTrustChanged does not tell us this. | 70 // Always flush now because OnCertTrustChanged does not tell us this. |
| (...skipping 17 matching lines...) Expand all Loading... |
| 69 } | 88 } |
| 70 | 89 |
| 71 virtual SSLClientSocket* CreateSSLClientSocket( | 90 virtual SSLClientSocket* CreateSSLClientSocket( |
| 72 ClientSocketHandle* transport_socket, | 91 ClientSocketHandle* transport_socket, |
| 73 const HostPortPair& host_and_port, | 92 const HostPortPair& host_and_port, |
| 74 const SSLConfig& ssl_config, | 93 const SSLConfig& ssl_config, |
| 75 SSLHostInfo* ssl_host_info, | 94 SSLHostInfo* ssl_host_info, |
| 76 const SSLClientSocketContext& context) { | 95 const SSLClientSocketContext& context) { |
| 77 scoped_ptr<SSLHostInfo> shi(ssl_host_info); | 96 scoped_ptr<SSLHostInfo> shi(ssl_host_info); |
| 78 | 97 |
| 79 #if defined(OS_WIN) | 98 // nss_thread_task_runner_ may be NULL if g_use_dedicated_nss_thread is |
| 99 // false or if the dedicated NSS thread failed to start. If so, cause NSS |
| 100 // functions to execute on the current task runner. |
| 101 // |
| 102 // Note: The current task runner is obtained on each call due to unit |
| 103 // tests, which may create and tear down the current thread's TaskRunner |
| 104 // between each test. Because the DefaultClientSocketFactory is leaky, it |
| 105 // may span multiple tests, and thus the current task runner may change |
| 106 // from call to call. |
| 107 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner( |
| 108 nss_thread_task_runner_); |
| 109 if (!nss_task_runner) |
| 110 nss_task_runner = base::ThreadTaskRunnerHandle::Get(); |
| 111 |
| 112 #if defined(USE_OPENSSL) |
| 113 return new SSLClientSocketOpenSSL(transport_socket, host_and_port, |
| 114 ssl_config, context); |
| 115 #elif defined(USE_NSS) |
| 116 return new SSLClientSocketNSS(nss_task_runner, transport_socket, |
| 117 host_and_port, ssl_config, shi.release(), |
| 118 context); |
| 119 #elif defined(OS_WIN) |
| 80 if (g_use_system_ssl) { | 120 if (g_use_system_ssl) { |
| 81 return new SSLClientSocketWin(transport_socket, host_and_port, | 121 return new SSLClientSocketWin(transport_socket, host_and_port, |
| 82 ssl_config, context); | 122 ssl_config, context); |
| 83 } | 123 } |
| 84 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | 124 return new SSLClientSocketNSS(nss_task_runner, transport_socket, |
| 85 shi.release(), context); | 125 host_and_port, ssl_config, shi.release(), |
| 86 #elif defined(USE_OPENSSL) | 126 context); |
| 87 return new SSLClientSocketOpenSSL(transport_socket, host_and_port, | |
| 88 ssl_config, context); | |
| 89 #elif defined(USE_NSS) | |
| 90 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | |
| 91 shi.release(), context); | |
| 92 #elif defined(OS_MACOSX) | 127 #elif defined(OS_MACOSX) |
| 93 if (g_use_system_ssl) { | 128 if (g_use_system_ssl) { |
| 94 return new SSLClientSocketMac(transport_socket, host_and_port, | 129 return new SSLClientSocketMac(transport_socket, host_and_port, |
| 95 ssl_config, context); | 130 ssl_config, context); |
| 96 } | 131 } |
| 97 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config, | 132 return new SSLClientSocketNSS(nss_task_runner, transport_socket, |
| 98 shi.release(), context); | 133 host_and_port, ssl_config, shi.release(), |
| 134 context); |
| 99 #else | 135 #else |
| 100 NOTIMPLEMENTED(); | 136 NOTIMPLEMENTED(); |
| 101 return NULL; | 137 return NULL; |
| 102 #endif | 138 #endif |
| 103 } | 139 } |
| 104 | 140 |
| 105 void ClearSSLSessionCache() { | 141 void ClearSSLSessionCache() { |
| 106 SSLClientSocket::ClearSessionCache(); | 142 SSLClientSocket::ClearSessionCache(); |
| 107 } | 143 } |
| 108 | 144 |
| 145 private: |
| 146 scoped_ptr<base::Thread> nss_thread_; |
| 147 scoped_refptr<base::SingleThreadTaskRunner> nss_thread_task_runner_; |
| 109 }; | 148 }; |
| 110 | 149 |
| 111 static base::LazyInstance<DefaultClientSocketFactory> | 150 static base::LazyInstance<DefaultClientSocketFactory>::Leaky |
| 112 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER; | 151 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER; |
| 113 | 152 |
| 114 } // namespace | 153 } // namespace |
| 115 | 154 |
| 116 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. | 155 // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. |
| 117 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( | 156 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( |
| 118 StreamSocket* transport_socket, | 157 StreamSocket* transport_socket, |
| 119 const HostPortPair& host_and_port, | 158 const HostPortPair& host_and_port, |
| 120 const SSLConfig& ssl_config, | 159 const SSLConfig& ssl_config, |
| 121 SSLHostInfo* ssl_host_info, | 160 SSLHostInfo* ssl_host_info, |
| (...skipping 16 matching lines...) Expand all Loading... |
| 138 #if defined(OS_WIN) | 177 #if defined(OS_WIN) |
| 139 // Reflect the capability of SSLClientSocketWin. | 178 // Reflect the capability of SSLClientSocketWin. |
| 140 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); | 179 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); |
| 141 #elif defined(OS_MACOSX) | 180 #elif defined(OS_MACOSX) |
| 142 // Reflect the capability of SSLClientSocketMac. | 181 // Reflect the capability of SSLClientSocketMac. |
| 143 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); | 182 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1); |
| 144 #endif | 183 #endif |
| 145 } | 184 } |
| 146 | 185 |
| 147 } // namespace net | 186 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10454066:
Move the core state machine of SSLClientSocketNSS into a thread-safe Core (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src