Refactor OpenSSLSessionCache out of OpenSSLAdapterFactory.
This changeset refactors the OpenSSLSessionCache out of the Factory. Instead of directly injecting a pointer to the factory to each OpenSSLAdapter instead just a pointer to the OpenSSLSessionCache is submitted which the Factory is the sole owner of. This provides a cleaner dependency injection interface and allows the OpenSSLSessionCache to be tested independently of the factory that uses it. It also allows for the factories role to be more clearly defined allowing for additional dependency injection in future updates. This change also removes the habit of having OpenSSL typedefs around certain functions and instead uses the standardised ossl_typ.h header which contains these typedefs. This makes the headers more directly tied to just what they are responsible for doing. Bug: webrtc:9085 Change-Id: I7938178b70acc613856139d387a1b46928dca6ad Reviewed-on: https://webrtc-review.googlesource.com/66941 Commit-Queue: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org> Cr-Commit-Position: refs/heads/master@{#22758}
This commit is contained in:
Benjamin Wright
committed by
Commit Bot
Commit Bot
parent
fd350d74ee
commit
19aab2ee7c
@ -11,30 +11,29 @@
|
||||
#ifndef RTC_BASE_OPENSSLADAPTER_H_
|
||||
#define RTC_BASE_OPENSSLADAPTER_H_
|
||||
|
||||
#include <openssl/ossl_typ.h>
|
||||
|
||||
#include <map>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "rtc_base/buffer.h"
|
||||
#include "rtc_base/messagehandler.h"
|
||||
#include "rtc_base/messagequeue.h"
|
||||
#include "rtc_base/opensslidentity.h"
|
||||
#include "rtc_base/opensslsessioncache.h"
|
||||
#include "rtc_base/ssladapter.h"
|
||||
|
||||
typedef struct ssl_st SSL;
|
||||
typedef struct ssl_ctx_st SSL_CTX;
|
||||
typedef struct x509_store_ctx_st X509_STORE_CTX;
|
||||
typedef struct ssl_session_st SSL_SESSION;
|
||||
|
||||
namespace rtc {
|
||||
|
||||
class OpenSSLAdapterFactory;
|
||||
|
||||
class OpenSSLAdapter : public SSLAdapter, public MessageHandler {
|
||||
public:
|
||||
static bool InitializeSSL(VerificationCallback callback);
|
||||
static bool CleanupSSL();
|
||||
|
||||
explicit OpenSSLAdapter(AsyncSocket* socket,
|
||||
OpenSSLAdapterFactory* factory = nullptr);
|
||||
OpenSSLSessionCache* ssl_session_cache = nullptr);
|
||||
~OpenSSLAdapter() override;
|
||||
|
||||
void SetIgnoreBadCert(bool ignore) override;
|
||||
@ -110,7 +109,7 @@ class OpenSSLAdapter : public SSLAdapter, public MessageHandler {
|
||||
|
||||
// Parent object that maintains shared state.
|
||||
// Can be null if state sharing is not needed.
|
||||
OpenSSLAdapterFactory* factory_;
|
||||
OpenSSLSessionCache* ssl_session_cache_ = nullptr;
|
||||
|
||||
SSLState state_;
|
||||
std::unique_ptr<OpenSSLIdentity> identity_;
|
||||
@ -144,31 +143,32 @@ class OpenSSLAdapter : public SSLAdapter, public MessageHandler {
|
||||
std::string TransformAlpnProtocols(const std::vector<std::string>& protos);
|
||||
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// The OpenSSLAdapterFactory is responsbile for creating multiple new
|
||||
// OpenSSLAdapters with a shared SSL_CTX and a shared SSL_SESSION cache. The
|
||||
// SSL_SESSION cache allows existing SSL_SESSIONS to be reused instead of
|
||||
// recreating them leading to a significant performance improvement.
|
||||
class OpenSSLAdapterFactory : public SSLAdapterFactory {
|
||||
public:
|
||||
OpenSSLAdapterFactory();
|
||||
~OpenSSLAdapterFactory() override;
|
||||
|
||||
// Set the SSL Mode to use with this factory. This should only be set before
|
||||
// the first adapter is created with the factory. If it is called after it
|
||||
// will DCHECK.
|
||||
void SetMode(SSLMode mode) override;
|
||||
// Constructs a new socket using the shared OpenSSLSessionCache. This means
|
||||
// existing SSLSessions already in the cache will be reused instead of
|
||||
// re-created for improved performance.
|
||||
OpenSSLAdapter* CreateAdapter(AsyncSocket* socket) override;
|
||||
static OpenSSLAdapterFactory* Create();
|
||||
|
||||
private:
|
||||
SSL_CTX* ssl_ctx() { return ssl_ctx_; }
|
||||
// Looks up a session by hostname. The returned SSL_SESSION is not up_refed.
|
||||
SSL_SESSION* LookupSession(const std::string& hostname);
|
||||
// Adds a session to the cache, and up_refs it. Any existing session with the
|
||||
// same hostname is replaced.
|
||||
void AddSession(const std::string& hostname, SSL_SESSION* session);
|
||||
// Holds the SSLMode (DTLS,TLS) that will be used to set the session cache.
|
||||
SSLMode ssl_mode_ = SSL_MODE_TLS;
|
||||
// Holds a cache of existing SSL Sessions.
|
||||
std::unique_ptr<OpenSSLSessionCache> ssl_session_cache_;
|
||||
// TODO(benwright): Remove this when context is moved to OpenSSLCommon.
|
||||
// Hold a friend class to the OpenSSLAdapter to retrieve the context.
|
||||
friend class OpenSSLAdapter;
|
||||
|
||||
SSLMode ssl_mode_;
|
||||
// Holds the shared SSL_CTX for all created adapters.
|
||||
SSL_CTX* ssl_ctx_;
|
||||
// Map of hostnames to SSL_SESSIONs; holds references to the SSL_SESSIONs,
|
||||
// which are cleaned up when the factory is destroyed.
|
||||
// TODO(juberti): Add LRU eviction to keep the cache from growing forever.
|
||||
std::map<std::string, SSL_SESSION*> sessions_;
|
||||
};
|
||||
|
||||
} // namespace rtc
|
||||
|
||||
Reference in New Issue
Block a user