Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(114)

Unified Diff: net/socket/client_socket_factory.cc

Issue 10454066: Move the core state machine of SSLClientSocketNSS into a thread-safe Core (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix win_rel by not caching the current threads task runner. See added comment Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_nss.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/client_socket_factory.cc
diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc
index 42f6d4f20cebcf90c4d82d2c1be78d6d38ed099c..ade687454a99efa329aa354f086e5ab3cc5e87c7 100644
--- a/net/socket/client_socket_factory.cc
+++ b/net/socket/client_socket_factory.cc
@@ -5,6 +5,8 @@
#include "net/socket/client_socket_factory.h"
#include "base/lazy_instance.h"
+#include "base/thread_task_runner_handle.h"
+#include "base/threading/thread.h"
#include "build/build_config.h"
#include "net/base/cert_database.h"
#include "net/socket/client_socket_handle.h"
@@ -31,14 +33,31 @@ namespace {
bool g_use_system_ssl = false;
+// ChromeOS uses a hardware TPM module that may cause NSS operations to
+// block for upwards of several seconds. To avoid blocking all network and
+// IPC activity, run NSS SSL functions on a dedicated thread.
+#if defined(OS_CHROMEOS)
+bool g_use_dedicated_nss_thread = true;
+#else
+bool g_use_dedicated_nss_thread = false;
+#endif
+
class DefaultClientSocketFactory : public ClientSocketFactory,
public CertDatabase::Observer {
public:
DefaultClientSocketFactory() {
+ if (g_use_dedicated_nss_thread) {
+ nss_thread_.reset(new base::Thread("NSS SSL Thread"));
+ if (nss_thread_->Start())
+ nss_thread_task_runner_ = nss_thread_->message_loop_proxy();
+ }
+
CertDatabase::AddObserver(this);
}
virtual ~DefaultClientSocketFactory() {
+ // Note: This code never runs, as the factory is defined as a Leaky
+ // singleton.
CertDatabase::RemoveObserver(this);
}
@@ -76,26 +95,43 @@ class DefaultClientSocketFactory : public ClientSocketFactory,
const SSLClientSocketContext& context) {
scoped_ptr<SSLHostInfo> shi(ssl_host_info);
-#if defined(OS_WIN)
+ // nss_thread_task_runner_ may be NULL if g_use_dedicated_nss_thread is
+ // false or if the dedicated NSS thread failed to start. If so, cause NSS
+ // functions to execute on the current task runner.
+ //
+ // Note: The current task runner is obtained on each call due to unit
+ // tests, which may create and tear down the current thread's TaskRunner
+ // between each test. Because the DefaultClientSocketFactory is leaky, it
+ // may span multiple tests, and thus the current task runner may change
+ // from call to call.
+ scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner(
+ nss_thread_task_runner_);
+ if (!nss_task_runner)
+ nss_task_runner = base::ThreadTaskRunnerHandle::Get();
+
+#if defined(USE_OPENSSL)
+ return new SSLClientSocketOpenSSL(transport_socket, host_and_port,
+ ssl_config, context);
+#elif defined(USE_NSS)
+ return new SSLClientSocketNSS(nss_task_runner, transport_socket,
+ host_and_port, ssl_config, shi.release(),
+ context);
+#elif defined(OS_WIN)
if (g_use_system_ssl) {
return new SSLClientSocketWin(transport_socket, host_and_port,
ssl_config, context);
}
- return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), context);
-#elif defined(USE_OPENSSL)
- return new SSLClientSocketOpenSSL(transport_socket, host_and_port,
- ssl_config, context);
-#elif defined(USE_NSS)
- return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), context);
+ return new SSLClientSocketNSS(nss_task_runner, transport_socket,
+ host_and_port, ssl_config, shi.release(),
+ context);
#elif defined(OS_MACOSX)
if (g_use_system_ssl) {
return new SSLClientSocketMac(transport_socket, host_and_port,
ssl_config, context);
}
- return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), context);
+ return new SSLClientSocketNSS(nss_task_runner, transport_socket,
+ host_and_port, ssl_config, shi.release(),
+ context);
#else
NOTIMPLEMENTED();
return NULL;
@@ -106,9 +142,12 @@ class DefaultClientSocketFactory : public ClientSocketFactory,
SSLClientSocket::ClearSessionCache();
}
+ private:
+ scoped_ptr<base::Thread> nss_thread_;
+ scoped_refptr<base::SingleThreadTaskRunner> nss_thread_task_runner_;
};
-static base::LazyInstance<DefaultClientSocketFactory>
+static base::LazyInstance<DefaultClientSocketFactory>::Leaky
g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER;
} // namespace
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_nss.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698