QUIC - Fix QUIC enabled experiment spending significantly more time verifying certs on Android.
Get computed CertVerifier::VerifyFlags from SSLConfig from
HttpStreamFactoryImpl::Job and pass them to QUIC's
CertVerifier code. With this change, when
SSLClientSocket[NSS|OpenSSL] code tries to verify the
code, certs are already cached and we don't verify certs
twice.
BUG=502509
[email protected]
Review URL: https://codereview.chromium.org/1197823002
Cr-Commit-Position: refs/heads/master@{#335463}
diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc
index b6ce232..90543cb 100644
--- a/net/quic/crypto/proof_verifier_chromium.cc
+++ b/net/quic/crypto/proof_verifier_chromium.cc
@@ -47,6 +47,7 @@
Job(ProofVerifierChromium* proof_verifier,
CertVerifier* cert_verifier,
TransportSecurityState* transport_security_state,
+ int cert_verify_flags,
const BoundNetLog& net_log);
// Starts the proof verification. If |QUIC_PENDING| is returned, then
@@ -94,6 +95,10 @@
// X509Certificate from a chain of DER encoded certificates.
scoped_refptr<X509Certificate> cert_;
+ // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is
+ // passed to CertVerifier::Verify.
+ int cert_verify_flags_;
+
State next_state_;
BoundNetLog net_log_;
@@ -105,10 +110,12 @@
ProofVerifierChromium* proof_verifier,
CertVerifier* cert_verifier,
TransportSecurityState* transport_security_state,
+ int cert_verify_flags,
const BoundNetLog& net_log)
: proof_verifier_(proof_verifier),
verifier_(cert_verifier),
transport_security_state_(transport_security_state),
+ cert_verify_flags_(cert_verify_flags),
next_state_(STATE_NONE),
net_log_(net_log) {
}
@@ -222,13 +229,12 @@
int ProofVerifierChromium::Job::DoVerifyCert(int result) {
next_state_ = STATE_VERIFY_CERT_COMPLETE;
- int flags = 0;
- return verifier_->Verify(cert_.get(), hostname_, std::string(), flags,
- SSLConfigService::GetCRLSet().get(),
- &verify_details_->cert_verify_result,
- base::Bind(&ProofVerifierChromium::Job::OnIOComplete,
- base::Unretained(this)),
- &cert_verifier_request_, net_log_);
+ return verifier_->Verify(
+ cert_.get(), hostname_, std::string(), cert_verify_flags_,
+ SSLConfigService::GetCRLSet().get(), &verify_details_->cert_verify_result,
+ base::Bind(&ProofVerifierChromium::Job::OnIOComplete,
+ base::Unretained(this)),
+ &cert_verifier_request_, net_log_);
}
int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
@@ -380,13 +386,12 @@
}
const ProofVerifyContextChromium* chromium_context =
reinterpret_cast<const ProofVerifyContextChromium*>(verify_context);
- scoped_ptr<Job> job(new Job(this,
- cert_verifier_,
- transport_security_state_,
+ scoped_ptr<Job> job(new Job(this, cert_verifier_, transport_security_state_,
+ chromium_context->cert_verify_flags,
chromium_context->net_log));
- QuicAsyncStatus status = job->VerifyProof(hostname, server_config, certs,
- signature, error_details,
- verify_details, callback);
+ QuicAsyncStatus status =
+ job->VerifyProof(hostname, server_config, certs, signature, error_details,
+ verify_details, callback);
if (status == QUIC_PENDING) {
active_jobs_.insert(job.release());
}
