summaryrefslogtreecommitdiff
path: root/chromium/net/socket
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/socket')
-rw-r--r--chromium/net/socket/client_socket_handle.h2
-rw-r--r--chromium/net/socket/client_socket_pool_base_unittest.cc6
-rw-r--r--chromium/net/socket/socket_posix.cc8
-rw-r--r--chromium/net/socket/socket_test_util.h2
-rw-r--r--chromium/net/socket/ssl_client_socket_impl.cc22
-rw-r--r--chromium/net/socket/ssl_client_socket_unittest.cc65
-rw-r--r--chromium/net/socket/transport_client_socket_pool.cc7
-rw-r--r--chromium/net/socket/udp_socket_posix.cc26
-rw-r--r--chromium/net/socket/udp_socket_posix.h3
-rw-r--r--chromium/net/socket/websocket_endpoint_lock_manager.h1
10 files changed, 76 insertions, 66 deletions
diff --git a/chromium/net/socket/client_socket_handle.h b/chromium/net/socket/client_socket_handle.h
index 727972d7de4..9282dae7dd8 100644
--- a/chromium/net/socket/client_socket_handle.h
+++ b/chromium/net/socket/client_socket_handle.h
@@ -10,7 +10,7 @@
#include <utility>
#include "base/bind.h"
-#include "base/logging.h"
+#include "base/check.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/optional.h"
diff --git a/chromium/net/socket/client_socket_pool_base_unittest.cc b/chromium/net/socket/client_socket_pool_base_unittest.cc
index be3196e53bc..29e27ab3e7d 100644
--- a/chromium/net/socket/client_socket_pool_base_unittest.cc
+++ b/chromium/net/socket/client_socket_pool_base_unittest.cc
@@ -4224,11 +4224,11 @@ TEST_F(ClientSocketPoolBaseTest, PreconnectWithoutBackupJob) {
// Verify the backup timer doesn't create a backup job, by making
// the backup job a pending job instead of a waiting job, so it
// *would* complete if it were created.
+ base::RunLoop loop;
connect_job_factory_->set_job_type(TestConnectJob::kMockPendingJob);
base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
- FROM_HERE, base::RunLoop::QuitCurrentWhenIdleClosureDeprecated(),
- base::TimeDelta::FromSeconds(1));
- base::RunLoop().Run();
+ FROM_HERE, loop.QuitClosure(), base::TimeDelta::FromSeconds(1));
+ loop.Run();
EXPECT_FALSE(pool_->HasGroupForTesting(TestGroupId("a")));
}
diff --git a/chromium/net/socket/socket_posix.cc b/chromium/net/socket/socket_posix.cc
index 61cc75851ca..807ef26f78b 100644
--- a/chromium/net/socket/socket_posix.cc
+++ b/chromium/net/socket/socket_posix.cc
@@ -384,7 +384,7 @@ int SocketPosix::GetPeerAddress(SockaddrStorage* address) const {
void SocketPosix::SetPeerAddress(const SockaddrStorage& address) {
DCHECK(thread_checker_.CalledOnValidThread());
- // |peer_address_| will be non-NULL if Connect() has been called. Unless
+ // |peer_address_| will be non-nullptr if Connect() has been called. Unless
// Close() is called to reset the internal state, a second call to Connect()
// is not allowed.
// Please note that we don't allow a second Connect() even if the previous
@@ -397,7 +397,7 @@ void SocketPosix::SetPeerAddress(const SockaddrStorage& address) {
bool SocketPosix::HasPeerAddress() const {
DCHECK(thread_checker_.CalledOnValidThread());
- return peer_address_ != NULL;
+ return peer_address_ != nullptr;
}
void SocketPosix::Close() {
@@ -455,7 +455,7 @@ void SocketPosix::AcceptCompleted() {
bool ok = accept_socket_watcher_.StopWatchingFileDescriptor();
DCHECK(ok);
- accept_socket_ = NULL;
+ accept_socket_ = nullptr;
std::move(accept_callback_).Run(rv);
}
@@ -560,7 +560,7 @@ void SocketPosix::StopWatchingAndCleanUp(bool close_socket) {
}
if (!accept_callback_.is_null()) {
- accept_socket_ = NULL;
+ accept_socket_ = nullptr;
accept_callback_.Reset();
}
diff --git a/chromium/net/socket/socket_test_util.h b/chromium/net/socket/socket_test_util.h
index fee1b1f7aa2..8cc3aeedef4 100644
--- a/chromium/net/socket/socket_test_util.h
+++ b/chromium/net/socket/socket_test_util.h
@@ -16,8 +16,8 @@
#include "base/bind.h"
#include "base/callback.h"
+#include "base/check_op.h"
#include "base/containers/span.h"
-#include "base/logging.h"
#include "base/macros.h"
#include "base/memory/ptr_util.h"
#include "base/memory/ref_counted.h"
diff --git a/chromium/net/socket/ssl_client_socket_impl.cc b/chromium/net/socket/ssl_client_socket_impl.cc
index 12fb37570a5..fcada6e3420 100644
--- a/chromium/net/socket/ssl_client_socket_impl.cc
+++ b/chromium/net/socket/ssl_client_socket_impl.cc
@@ -900,8 +900,12 @@ int SSLClientSocketImpl::Init() {
// TODO(https://crbug.com/775438), if |ssl_config_.privacy_mode| is enabled,
// this should always continue with no client certificate.
- send_client_cert_ = context_->GetClientCertificate(
- host_and_port_, &client_cert_, &client_private_key_);
+ if (ssl_config_.privacy_mode == PRIVACY_MODE_ENABLED_WITHOUT_CLIENT_CERTS) {
+ send_client_cert_ = true;
+ } else {
+ send_client_cert_ = context_->GetClientCertificate(
+ host_and_port_, &client_cert_, &client_private_key_);
+ }
return OK;
}
@@ -1012,13 +1016,10 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) {
// See how feasible enforcing RSA key usage would be. See
// https://crbug.com/795089.
- RSAKeyUsage rsa_key_usage =
- CheckRSAKeyUsage(server_cert_.get(), SSL_get_current_cipher(ssl_.get()));
- if (rsa_key_usage != RSAKeyUsage::kNotRSA) {
- if (server_cert_verify_result_.is_issued_by_known_root) {
- UMA_HISTOGRAM_ENUMERATION("Net.SSLRSAKeyUsage.KnownRoot", rsa_key_usage,
- static_cast<int>(RSAKeyUsage::kLastValue) + 1);
- } else {
+ if (!server_cert_verify_result_.is_issued_by_known_root) {
+ RSAKeyUsage rsa_key_usage = CheckRSAKeyUsage(
+ server_cert_.get(), SSL_get_current_cipher(ssl_.get()));
+ if (rsa_key_usage != RSAKeyUsage::kNotRSA) {
UMA_HISTOGRAM_ENUMERATION("Net.SSLRSAKeyUsage.UnknownRoot", rsa_key_usage,
static_cast<int>(RSAKeyUsage::kLastValue) + 1);
}
@@ -1648,7 +1649,8 @@ int SSLClientSocketImpl::VerifyCT() {
server_cert_verify_result_.verified_cert.get(), server_cert_.get(),
ct_verify_result_.scts,
TransportSecurityState::ENABLE_EXPECT_CT_REPORTS,
- ct_verify_result_.policy_compliance);
+ ct_verify_result_.policy_compliance,
+ ssl_config_.network_isolation_key);
if (ct_requirement_status != TransportSecurityState::CT_NOT_REQUIRED) {
ct_verify_result_.policy_compliance_required = true;
if (server_cert_verify_result_.is_issued_by_known_root) {
diff --git a/chromium/net/socket/ssl_client_socket_unittest.cc b/chromium/net/socket/ssl_client_socket_unittest.cc
index 41aea1c8951..31e4179058c 100644
--- a/chromium/net/socket/ssl_client_socket_unittest.cc
+++ b/chromium/net/socket/ssl_client_socket_unittest.cc
@@ -563,34 +563,40 @@ class MockExpectCTReporter : public TransportSecurityState::ExpectCTReporter {
MockExpectCTReporter() : num_failures_(0) {}
~MockExpectCTReporter() override = default;
- void OnExpectCTFailed(const HostPortPair& host_port_pair,
- const GURL& report_uri,
- base::Time expiration,
- const X509Certificate* validated_certificate_chain,
- const X509Certificate* served_certificate_chain,
- const SignedCertificateTimestampAndStatusList&
- signed_certificate_timestamps) override {
+ void OnExpectCTFailed(
+ const HostPortPair& host_port_pair,
+ const GURL& report_uri,
+ base::Time expiration,
+ const X509Certificate* validated_certificate_chain,
+ const X509Certificate* served_certificate_chain,
+ const SignedCertificateTimestampAndStatusList&
+ signed_certificate_timestamps,
+ const NetworkIsolationKey& network_isolation_key) override {
num_failures_++;
host_port_pair_ = host_port_pair;
report_uri_ = report_uri;
served_certificate_chain_ = served_certificate_chain;
validated_certificate_chain_ = validated_certificate_chain;
signed_certificate_timestamps_ = signed_certificate_timestamps;
+ network_isolation_key_ = network_isolation_key;
}
- const HostPortPair& host_port_pair() { return host_port_pair_; }
- const GURL& report_uri() { return report_uri_; }
- uint32_t num_failures() { return num_failures_; }
- const X509Certificate* served_certificate_chain() {
+ const HostPortPair& host_port_pair() const { return host_port_pair_; }
+ const GURL& report_uri() const { return report_uri_; }
+ uint32_t num_failures() const { return num_failures_; }
+ const X509Certificate* served_certificate_chain() const {
return served_certificate_chain_;
}
- const X509Certificate* validated_certificate_chain() {
+ const X509Certificate* validated_certificate_chain() const {
return validated_certificate_chain_;
}
- const SignedCertificateTimestampAndStatusList&
- signed_certificate_timestamps() {
+ const SignedCertificateTimestampAndStatusList& signed_certificate_timestamps()
+ const {
return signed_certificate_timestamps_;
}
+ const NetworkIsolationKey network_isolation_key() const {
+ return network_isolation_key_;
+ }
private:
HostPortPair host_port_pair_;
@@ -599,6 +605,7 @@ class MockExpectCTReporter : public TransportSecurityState::ExpectCTReporter {
const X509Certificate* served_certificate_chain_;
const X509Certificate* validated_certificate_chain_;
SignedCertificateTimestampAndStatusList signed_certificate_timestamps_;
+ NetworkIsolationKey network_isolation_key_;
};
// A mock CTVerifier that records every call to Verify but doesn't verify
@@ -4172,9 +4179,9 @@ TEST_P(SSLClientSocketVersionTest, CTRequiredHistogramCompliant) {
// Set up the Expect-CT opt-in.
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- transport_security_state_->AddExpectCT(host_port_pair().host(), expiry,
- true /* enforce */,
- GURL("https://example-report.test"));
+ transport_security_state_->AddExpectCT(
+ host_port_pair().host(), expiry, true /* enforce */,
+ GURL("https://example-report.test"), NetworkIsolationKey());
MockExpectCTReporter reporter;
transport_security_state_->SetExpectCTReporter(&reporter);
@@ -4257,9 +4264,9 @@ TEST_P(SSLClientSocketVersionTest, CTRequiredHistogramNonCompliant) {
// Set up the Expect-CT opt-in.
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- transport_security_state_->AddExpectCT(host_port_pair().host(), expiry,
- true /* enforce */,
- GURL("https://example-report.test"));
+ transport_security_state_->AddExpectCT(
+ host_port_pair().host(), expiry, true /* enforce */,
+ GURL("https://example-report.test"), NetworkIsolationKey());
MockExpectCTReporter reporter;
transport_security_state_->SetExpectCTReporter(&reporter);
@@ -4301,7 +4308,8 @@ TEST_P(SSLClientSocketVersionTest, CTRequirementsFlagNotMet) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
transport_security_state_->AddExpectCT(host_port_pair().host(), expiry,
- true /* enforce */, GURL());
+ true /* enforce */, GURL(),
+ NetworkIsolationKey());
EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
.WillRepeatedly(
@@ -4335,7 +4343,8 @@ TEST_P(SSLClientSocketVersionTest, CTRequirementsFlagMet) {
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
transport_security_state_->AddExpectCT(host_port_pair().host(), expiry,
- true /* enforce */, GURL());
+ true /* enforce */, GURL(),
+ NetworkIsolationKey());
EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
.WillRepeatedly(
@@ -4417,11 +4426,13 @@ TEST_P(SSLClientSocketVersionTest, CTIsRequiredByExpectCT) {
cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
// Set up the Expect-CT opt-in.
+ NetworkIsolationKey network_isolation_key =
+ NetworkIsolationKey::CreateTransient();
const base::Time current_time(base::Time::Now());
const base::Time expiry = current_time + base::TimeDelta::FromSeconds(1000);
- transport_security_state_->AddExpectCT(host_port_pair().host(), expiry,
- true /* enforce */,
- GURL("https://example-report.test"));
+ transport_security_state_->AddExpectCT(
+ host_port_pair().host(), expiry, true /* enforce */,
+ GURL("https://example-report.test"), NetworkIsolationKey());
MockExpectCTReporter reporter;
transport_security_state_->SetExpectCTReporter(&reporter);
@@ -4430,6 +4441,7 @@ TEST_P(SSLClientSocketVersionTest, CTIsRequiredByExpectCT) {
Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
SSLConfig ssl_config;
+ ssl_config.network_isolation_key = network_isolation_key;
int rv;
ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
SSLInfo ssl_info;
@@ -4446,6 +4458,7 @@ TEST_P(SSLClientSocketVersionTest, CTIsRequiredByExpectCT) {
reporter.served_certificate_chain());
EXPECT_EQ(ssl_info.cert.get(), reporter.validated_certificate_chain());
EXPECT_EQ(0u, reporter.signed_certificate_timestamps().size());
+ EXPECT_EQ(network_isolation_key, reporter.network_isolation_key());
transport_security_state_->ClearReportCachesForTesting();
EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
@@ -4465,6 +4478,7 @@ TEST_P(SSLClientSocketVersionTest, CTIsRequiredByExpectCT) {
reporter.served_certificate_chain());
EXPECT_EQ(ssl_info.cert.get(), reporter.validated_certificate_chain());
EXPECT_EQ(0u, reporter.signed_certificate_timestamps().size());
+ EXPECT_EQ(network_isolation_key, reporter.network_isolation_key());
// If the connection is CT compliant, then there should be no socket error nor
// a report.
@@ -5586,6 +5600,7 @@ TEST_P(TLS13DowngradeMetricsTest, Metrics) {
SSLContextConfig config;
config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
+ config.tls13_hardening_for_local_anchors_enabled = false;
ssl_config_service_->UpdateSSLConfigAndNotify(config);
std::unique_ptr<SSLClientSocket> ssl_socket =
diff --git a/chromium/net/socket/transport_client_socket_pool.cc b/chromium/net/socket/transport_client_socket_pool.cc
index 3d5aff54368..6e01e7c0be5 100644
--- a/chromium/net/socket/transport_client_socket_pool.cc
+++ b/chromium/net/socket/transport_client_socket_pool.cc
@@ -1201,13 +1201,6 @@ void TransportClientSocketPool::HandOutSocket(
static_cast<int>(idle_time.InMilliseconds()));
}
- if (reuse_type != ClientSocketHandle::UNUSED) {
- // The socket being handed out is no longer considered idle, but was
- // considered idle until just before this method was called.
- UMA_HISTOGRAM_CUSTOM_COUNTS("Net.Socket.NumIdleSockets",
- idle_socket_count_ + 1, 1, 256, 50);
- }
-
net_log.AddEventReferencingSource(
NetLogEventType::SOCKET_POOL_BOUND_TO_SOCKET,
handle->socket()->NetLog().source());
diff --git a/chromium/net/socket/udp_socket_posix.cc b/chromium/net/socket/udp_socket_posix.cc
index 0b61ca9bac2..32f0f199824 100644
--- a/chromium/net/socket/udp_socket_posix.cc
+++ b/chromium/net/socket/udp_socket_posix.cc
@@ -197,7 +197,7 @@ UDPSocketPosix::UDPSocketPosix(DatagramSocket::BindType bind_type,
write_async_timer_running_(false),
write_async_outstanding_(0),
read_buf_len_(0),
- recv_from_address_(NULL),
+ recv_from_address_(nullptr),
write_buf_len_(0),
net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::UDP_SOCKET)),
bound_network_(NetworkChangeNotifier::kInvalidNetworkHandle),
@@ -220,8 +220,8 @@ int UDPSocketPosix::Open(AddressFamily address_family) {
if (socket_ == kInvalidSocket)
return MapSystemError(errno);
#if defined(OS_MACOSX) && !defined(OS_IOS)
- PCHECK(change_fdguard_np(socket_, NULL, 0, &kSocketFdGuard,
- GUARD_CLOSE | GUARD_DUP, NULL) == 0);
+ PCHECK(change_fdguard_np(socket_, nullptr, 0, &kSocketFdGuard,
+ GUARD_CLOSE | GUARD_DUP, nullptr) == 0);
#endif // defined(OS_MACOSX) && !defined(OS_IOS)
socket_hash_ = GetSocketFDHash(socket_);
if (!base::SetNonBlocking(socket_)) {
@@ -299,7 +299,7 @@ void UDPSocketPosix::Close() {
read_buf_.reset();
read_buf_len_ = 0;
read_callback_.Reset();
- recv_from_address_ = NULL;
+ recv_from_address_ = nullptr;
write_buf_.reset();
write_buf_len_ = 0;
write_callback_.Reset();
@@ -375,7 +375,7 @@ int UDPSocketPosix::GetLocalAddress(IPEndPoint* address) const {
int UDPSocketPosix::Read(IOBuffer* buf,
int buf_len,
CompletionOnceCallback callback) {
- return RecvFrom(buf, buf_len, NULL, std::move(callback));
+ return RecvFrom(buf, buf_len, nullptr, std::move(callback));
}
int UDPSocketPosix::RecvFrom(IOBuffer* buf,
@@ -398,7 +398,7 @@ int UDPSocketPosix::RecvFrom(IOBuffer* buf,
&read_socket_watcher_, &read_watcher_)) {
PLOG(ERROR) << "WatchFileDescriptor failed on read";
int result = MapSystemError(errno);
- LogRead(result, NULL, 0, NULL);
+ LogRead(result, nullptr, 0, nullptr);
return result;
}
@@ -414,7 +414,7 @@ int UDPSocketPosix::Write(
int buf_len,
CompletionOnceCallback callback,
const NetworkTrafficAnnotationTag& traffic_annotation) {
- return SendToOrWrite(buf, buf_len, NULL, std::move(callback));
+ return SendToOrWrite(buf, buf_len, nullptr, std::move(callback));
}
int UDPSocketPosix::SendTo(IOBuffer* buf,
@@ -443,7 +443,7 @@ int UDPSocketPosix::SendToOrWrite(IOBuffer* buf,
&write_socket_watcher_, &write_watcher_)) {
DVPLOG(1) << "WatchFileDescriptor failed on write";
int result = MapSystemError(errno);
- LogWrite(result, NULL, NULL);
+ LogWrite(result, nullptr, nullptr);
return result;
}
@@ -742,7 +742,7 @@ void UDPSocketPosix::DidCompleteRead() {
if (result != ERR_IO_PENDING) {
read_buf_.reset();
read_buf_len_ = 0;
- recv_from_address_ = NULL;
+ recv_from_address_ = nullptr;
bool ok = read_socket_watcher_.StopWatchingFileDescriptor();
DCHECK(ok);
DoReadCallback(result);
@@ -884,12 +884,12 @@ int UDPSocketPosix::InternalSendTo(IOBuffer* buf,
SockaddrStorage storage;
struct sockaddr* addr = storage.addr;
if (!address) {
- addr = NULL;
+ addr = nullptr;
storage.addr_len = 0;
} else {
if (!address->ToSockAddr(storage.addr, &storage.addr_len)) {
int result = ERR_ADDRESS_INVALID;
- LogWrite(result, NULL, NULL);
+ LogWrite(result, nullptr, nullptr);
return result;
}
}
@@ -1382,7 +1382,7 @@ void UDPSocketPosix::DidSendBuffers(SendResult send_result) {
it = buffers.cbegin();
for (int i = 0; i < write_count; i++, it++) {
auto& buffer = *it;
- LogWrite(buffer->length(), buffer->data(), NULL);
+ LogWrite(buffer->length(), buffer->data(), nullptr);
written_bytes_ += buffer->length();
}
// Return written buffers to pool
@@ -1413,7 +1413,7 @@ void UDPSocketPosix::DidSendBuffers(SendResult send_result) {
if (!WatchFileDescriptor()) {
DVPLOG(1) << "WatchFileDescriptor failed on write";
last_async_result_ = MapSystemError(errno);
- LogWrite(last_async_result_, NULL, NULL);
+ LogWrite(last_async_result_, nullptr, nullptr);
} else {
last_async_result_ = 0;
}
diff --git a/chromium/net/socket/udp_socket_posix.h b/chromium/net/socket/udp_socket_posix.h
index ce96046e720..df3bf9735ba 100644
--- a/chromium/net/socket/udp_socket_posix.h
+++ b/chromium/net/socket/udp_socket_posix.h
@@ -11,6 +11,7 @@
#include <memory>
+#include "base/logging.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/message_loop/message_pump_for_io.h"
@@ -493,7 +494,7 @@ class NET_EXPORT UDPSocketPosix {
// Same as SendTo(), except that address is passed by pointer
// instead of by reference. It is called from Write() with |address|
- // set to NULL.
+ // set to nullptr.
int SendToOrWrite(IOBuffer* buf,
int buf_len,
const IPEndPoint* address,
diff --git a/chromium/net/socket/websocket_endpoint_lock_manager.h b/chromium/net/socket/websocket_endpoint_lock_manager.h
index 4e96c736a10..cdd8e033b9d 100644
--- a/chromium/net/socket/websocket_endpoint_lock_manager.h
+++ b/chromium/net/socket/websocket_endpoint_lock_manager.h
@@ -11,7 +11,6 @@
#include <memory>
#include "base/containers/linked_list.h"
-#include "base/logging.h"
#include "base/macros.h"
#include "base/time/time.h"
#include "net/base/ip_endpoint.h"
View Lorry Controller Status