Fixup ChromeOS enrollment and renderer p2p sockets

Both of these codepaths mint new SSL socket pools from existing URLRequestContexts, which is already buggy and error prone (improperly handling channel ID and TLS session caches). However, ensure they also copy over the Certificate Transparency state, so that the socket does not crash when it tries to verify the Certificate Transparency information. BUG=623463, 623619 Review-Url: https://codereview.chromium.org/2104493002 Cr-Commit-Position: refs/heads/master@{#402285}
crosswalk-project · Jun 27, 2016 · 0364ad9 · 0364ad9
1 parent 7122e19
commit 0364ad9
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 14 deletions.
diff --git a/content/browser/renderer_host/p2p/socket_host_tcp.cc b/content/browser/renderer_host/p2p/socket_host_tcp.cc
@@ -183,11 +183,15 @@ void P2PSocketHostTcpBase::StartTls() {
       new net::ClientSocketHandle());
   socket_handle->SetSocket(std::move(socket_));
 
-  net::SSLClientSocketContext context;
-  context.cert_verifier = url_context_->GetURLRequestContext()->cert_verifier();
-  context.transport_security_state =
-      url_context_->GetURLRequestContext()->transport_security_state();
-  DCHECK(context.transport_security_state);
+  const net::URLRequestContext* url_request_context =
+      url_context_->GetURLRequestContext();
+  net::SSLClientSocketContext context(
+      url_request_context->cert_verifier(),
+      nullptr, /* TODO(rkn): ChannelIDService is not thread safe. */
+      url_request_context->transport_security_state(),
+      url_request_context->cert_transparency_verifier(),
+      url_request_context->ct_policy_enforcer(),
+      std::string() /* TODO(rsleevi): Ensure a proper unique shard. */);
 
   // Default ssl config.
   const net::SSLConfig ssl_config;
@@ -196,7 +200,7 @@ void P2PSocketHostTcpBase::StartTls() {
   // Calling net::HostPortPair::FromIPEndPoint will crash if the IP address is
   // empty.
   if (!remote_address_.ip_address.address().empty()) {
-      net::HostPortPair::FromIPEndPoint(remote_address_.ip_address);
+    net::HostPortPair::FromIPEndPoint(remote_address_.ip_address);
   } else {
     dest_host_port_pair.set_port(remote_address_.ip_address.port());
   }

diff --git a/jingle/glue/xmpp_client_socket_factory.cc b/jingle/glue/xmpp_client_socket_factory.cc
@@ -48,14 +48,15 @@ std::unique_ptr<net::SSLClientSocket>
 XmppClientSocketFactory::CreateSSLClientSocket(
     std::unique_ptr<net::ClientSocketHandle> transport_socket,
     const net::HostPortPair& host_and_port) {
-  net::SSLClientSocketContext context;
-  context.cert_verifier =
-      request_context_getter_->GetURLRequestContext()->cert_verifier();
-  context.transport_security_state = request_context_getter_->
-      GetURLRequestContext()->transport_security_state();
-  DCHECK(context.transport_security_state);
-  // TODO(rkn): context.channel_id_service is NULL because the
-  // ChannelIDService class is not thread safe.
+  const net::URLRequestContext* url_context =
+      request_context_getter_->GetURLRequestContext();
+  net::SSLClientSocketContext context(
+      url_context->cert_verifier(),
+      nullptr, /* TODO(rkn): ChannelIDService is not thread safe. */
+      url_context->transport_security_state(),
+      url_context->cert_transparency_verifier(),
+      url_context->ct_policy_enforcer(),
+      std::string() /* TODO(rsleevi): Ensure a proper unique shard. */);
   return client_socket_factory_->CreateSSLClientSocket(
       std::move(transport_socket), host_and_port, ssl_config_, context);
 }