Google Git
Sign in
chromium / chromium / src / 3b819c4fdcd71c81060717ead95156eb82c86c1e^! / . / net / socket / ssl_client_socket_impl.cc
commit3b819c4fdcd71c81060717ead95156eb82c86c1e[log] [tgz]
authorDavid Benjamin <[email protected]>Thu May 14 18:20:05 2020
committerCommit Bot <[email protected]>Thu May 14 18:20:05 2020
treeafbd1a42b41faaa5f2257f7e6315fe4e9c0299e6
parenta6161cdac6f21c3599af78e10bc0136daebca0d2 [diff] [blame]
Clear 0-RTT on existing sessions when 0-RTT is rejected

Bug: 1066623
Change-Id: I3925e1d9e394983f6d6ecb8dc97b31222a333ca1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2182567
Reviewed-by: Steven Valdez <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Cr-Commit-Position: refs/heads/master@{#768858}

diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 568b2db..12fb375 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc

@@ -1490,19 +1490,19 @@
 }
 
 void SSLClientSocketImpl::DoPeek() {
-  if (ssl_config_.disable_post_handshake_peek_for_testing ||
-      !completed_connect_ || peek_complete_) {
+  if (!completed_connect_) {
     return;
   }
 
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
-  if (ssl_config_.early_data_enabled && !recorded_early_data_result_) {
+  if (ssl_config_.early_data_enabled && !handled_early_data_result_) {
     // |SSL_peek| will implicitly run |SSL_do_handshake| if needed, but run it
     // manually to pick up the reject reason.
     int rv = SSL_do_handshake(ssl_.get());
     int ssl_err = SSL_get_error(ssl_.get(), rv);
-    if (ssl_err == SSL_ERROR_WANT_READ || ssl_err == SSL_ERROR_WANT_WRITE) {
+    int err = rv > 0 ? OK : MapOpenSSLError(ssl_err, err_tracer);
+    if (err == ERR_IO_PENDING) {
       return;
     }
 
@@ -1513,13 +1513,28 @@
     UMA_HISTOGRAM_ENUMERATION("Net.SSLHandshakeEarlyDataReason",
                               SSL_get_early_data_reason(ssl_.get()),
                               ssl_early_data_reason_max_value + 1);
-    recorded_early_data_result_ = true;
-    if (ssl_err != SSL_ERROR_NONE) {
+
+    // On early data reject, clear early data on any other sessions in the
+    // cache, so retries do not get stuck attempting 0-RTT. See
+    // https://crbug.com/1066623.
+    if (err == ERR_EARLY_DATA_REJECTED ||
+        err == ERR_WRONG_VERSION_ON_EARLY_DATA) {
+      context_->ssl_client_session_cache()->ClearEarlyData(
+          GetSessionCacheKey(base::nullopt));
+    }
+
+    handled_early_data_result_ = true;
+
+    if (err != OK) {
       peek_complete_ = true;
       return;
     }
   }
 
+  if (ssl_config_.disable_post_handshake_peek_for_testing || peek_complete_) {
+    return;
+  }
+
   char byte;
   int rv = SSL_peek(ssl_.get(), &byte, 1);
   int ssl_err = SSL_get_error(ssl_.get(), rv);