1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker
5*6777b538SAndroid Build Coastguard Worker #include "net/socket/ssl_client_socket.h"
6*6777b538SAndroid Build Coastguard Worker
7*6777b538SAndroid Build Coastguard Worker #include <string>
8*6777b538SAndroid Build Coastguard Worker
9*6777b538SAndroid Build Coastguard Worker #include "base/containers/flat_tree.h"
10*6777b538SAndroid Build Coastguard Worker #include "base/logging.h"
11*6777b538SAndroid Build Coastguard Worker #include "base/observer_list.h"
12*6777b538SAndroid Build Coastguard Worker #include "base/values.h"
13*6777b538SAndroid Build Coastguard Worker #include "net/cert/x509_certificate_net_log_param.h"
14*6777b538SAndroid Build Coastguard Worker #include "net/log/net_log.h"
15*6777b538SAndroid Build Coastguard Worker #include "net/log/net_log_event_type.h"
16*6777b538SAndroid Build Coastguard Worker #include "net/socket/ssl_client_socket_impl.h"
17*6777b538SAndroid Build Coastguard Worker #include "net/socket/stream_socket.h"
18*6777b538SAndroid Build Coastguard Worker #include "net/ssl/ssl_client_session_cache.h"
19*6777b538SAndroid Build Coastguard Worker #include "net/ssl/ssl_key_logger.h"
20*6777b538SAndroid Build Coastguard Worker
21*6777b538SAndroid Build Coastguard Worker namespace net {
22*6777b538SAndroid Build Coastguard Worker
23*6777b538SAndroid Build Coastguard Worker namespace {
24*6777b538SAndroid Build Coastguard Worker
25*6777b538SAndroid Build Coastguard Worker // Returns true if |first_cert| and |second_cert| represent the same certificate
26*6777b538SAndroid Build Coastguard Worker // (with the same chain), or if they're both NULL.
AreCertificatesEqual(const scoped_refptr<X509Certificate> & first_cert,const scoped_refptr<X509Certificate> & second_cert,bool include_chain=true)27*6777b538SAndroid Build Coastguard Worker bool AreCertificatesEqual(const scoped_refptr<X509Certificate>& first_cert,
28*6777b538SAndroid Build Coastguard Worker const scoped_refptr<X509Certificate>& second_cert,
29*6777b538SAndroid Build Coastguard Worker bool include_chain = true) {
30*6777b538SAndroid Build Coastguard Worker return (!first_cert && !second_cert) ||
31*6777b538SAndroid Build Coastguard Worker (first_cert && second_cert &&
32*6777b538SAndroid Build Coastguard Worker (include_chain
33*6777b538SAndroid Build Coastguard Worker ? first_cert->EqualsIncludingChain(second_cert.get())
34*6777b538SAndroid Build Coastguard Worker : first_cert->EqualsExcludingChain(second_cert.get())));
35*6777b538SAndroid Build Coastguard Worker }
36*6777b538SAndroid Build Coastguard Worker
37*6777b538SAndroid Build Coastguard Worker // Returns a base::Value::Dict value NetLog parameter with the expected format
38*6777b538SAndroid Build Coastguard Worker // for events of type CLEAR_CACHED_CLIENT_CERT.
NetLogClearCachedClientCertParams(const net::HostPortPair & host,const scoped_refptr<net::X509Certificate> & cert,bool is_cleared)39*6777b538SAndroid Build Coastguard Worker base::Value::Dict NetLogClearCachedClientCertParams(
40*6777b538SAndroid Build Coastguard Worker const net::HostPortPair& host,
41*6777b538SAndroid Build Coastguard Worker const scoped_refptr<net::X509Certificate>& cert,
42*6777b538SAndroid Build Coastguard Worker bool is_cleared) {
43*6777b538SAndroid Build Coastguard Worker return base::Value::Dict()
44*6777b538SAndroid Build Coastguard Worker .Set("host", host.ToString())
45*6777b538SAndroid Build Coastguard Worker .Set("certificates", cert ? net::NetLogX509CertificateList(cert.get())
46*6777b538SAndroid Build Coastguard Worker : base::Value(base::Value::List()))
47*6777b538SAndroid Build Coastguard Worker .Set("is_cleared", is_cleared);
48*6777b538SAndroid Build Coastguard Worker }
49*6777b538SAndroid Build Coastguard Worker
50*6777b538SAndroid Build Coastguard Worker // Returns a base::Value::Dict value NetLog parameter with the expected format
51*6777b538SAndroid Build Coastguard Worker // for events of type CLEAR_MATCHING_CACHED_CLIENT_CERT.
NetLogClearMatchingCachedClientCertParams(const base::flat_set<net::HostPortPair> & hosts,const scoped_refptr<net::X509Certificate> & cert)52*6777b538SAndroid Build Coastguard Worker base::Value::Dict NetLogClearMatchingCachedClientCertParams(
53*6777b538SAndroid Build Coastguard Worker const base::flat_set<net::HostPortPair>& hosts,
54*6777b538SAndroid Build Coastguard Worker const scoped_refptr<net::X509Certificate>& cert) {
55*6777b538SAndroid Build Coastguard Worker base::Value::List hosts_values;
56*6777b538SAndroid Build Coastguard Worker for (const auto& host : hosts) {
57*6777b538SAndroid Build Coastguard Worker hosts_values.Append(host.ToString());
58*6777b538SAndroid Build Coastguard Worker }
59*6777b538SAndroid Build Coastguard Worker
60*6777b538SAndroid Build Coastguard Worker return base::Value::Dict()
61*6777b538SAndroid Build Coastguard Worker .Set("hosts", base::Value(std::move(hosts_values)))
62*6777b538SAndroid Build Coastguard Worker .Set("certificates", cert ? net::NetLogX509CertificateList(cert.get())
63*6777b538SAndroid Build Coastguard Worker : base::Value(base::Value::List()));
64*6777b538SAndroid Build Coastguard Worker }
65*6777b538SAndroid Build Coastguard Worker
66*6777b538SAndroid Build Coastguard Worker } // namespace
67*6777b538SAndroid Build Coastguard Worker
68*6777b538SAndroid Build Coastguard Worker SSLClientSocket::SSLClientSocket() = default;
69*6777b538SAndroid Build Coastguard Worker
70*6777b538SAndroid Build Coastguard Worker // static
SetSSLKeyLogger(std::unique_ptr<SSLKeyLogger> logger)71*6777b538SAndroid Build Coastguard Worker void SSLClientSocket::SetSSLKeyLogger(std::unique_ptr<SSLKeyLogger> logger) {
72*6777b538SAndroid Build Coastguard Worker SSLClientSocketImpl::SetSSLKeyLogger(std::move(logger));
73*6777b538SAndroid Build Coastguard Worker }
74*6777b538SAndroid Build Coastguard Worker
75*6777b538SAndroid Build Coastguard Worker // static
SerializeNextProtos(const NextProtoVector & next_protos)76*6777b538SAndroid Build Coastguard Worker std::vector<uint8_t> SSLClientSocket::SerializeNextProtos(
77*6777b538SAndroid Build Coastguard Worker const NextProtoVector& next_protos) {
78*6777b538SAndroid Build Coastguard Worker std::vector<uint8_t> wire_protos;
79*6777b538SAndroid Build Coastguard Worker for (const NextProto next_proto : next_protos) {
80*6777b538SAndroid Build Coastguard Worker const std::string proto = NextProtoToString(next_proto);
81*6777b538SAndroid Build Coastguard Worker if (proto.size() > 255) {
82*6777b538SAndroid Build Coastguard Worker LOG(WARNING) << "Ignoring overlong ALPN protocol: " << proto;
83*6777b538SAndroid Build Coastguard Worker continue;
84*6777b538SAndroid Build Coastguard Worker }
85*6777b538SAndroid Build Coastguard Worker if (proto.size() == 0) {
86*6777b538SAndroid Build Coastguard Worker LOG(WARNING) << "Ignoring empty ALPN protocol";
87*6777b538SAndroid Build Coastguard Worker continue;
88*6777b538SAndroid Build Coastguard Worker }
89*6777b538SAndroid Build Coastguard Worker wire_protos.push_back(proto.size());
90*6777b538SAndroid Build Coastguard Worker for (const char ch : proto) {
91*6777b538SAndroid Build Coastguard Worker wire_protos.push_back(static_cast<uint8_t>(ch));
92*6777b538SAndroid Build Coastguard Worker }
93*6777b538SAndroid Build Coastguard Worker }
94*6777b538SAndroid Build Coastguard Worker
95*6777b538SAndroid Build Coastguard Worker return wire_protos;
96*6777b538SAndroid Build Coastguard Worker }
97*6777b538SAndroid Build Coastguard Worker
SSLClientContext(SSLConfigService * ssl_config_service,CertVerifier * cert_verifier,TransportSecurityState * transport_security_state,SSLClientSessionCache * ssl_client_session_cache,SCTAuditingDelegate * sct_auditing_delegate)98*6777b538SAndroid Build Coastguard Worker SSLClientContext::SSLClientContext(
99*6777b538SAndroid Build Coastguard Worker SSLConfigService* ssl_config_service,
100*6777b538SAndroid Build Coastguard Worker CertVerifier* cert_verifier,
101*6777b538SAndroid Build Coastguard Worker TransportSecurityState* transport_security_state,
102*6777b538SAndroid Build Coastguard Worker SSLClientSessionCache* ssl_client_session_cache,
103*6777b538SAndroid Build Coastguard Worker SCTAuditingDelegate* sct_auditing_delegate)
104*6777b538SAndroid Build Coastguard Worker : ssl_config_service_(ssl_config_service),
105*6777b538SAndroid Build Coastguard Worker cert_verifier_(cert_verifier),
106*6777b538SAndroid Build Coastguard Worker transport_security_state_(transport_security_state),
107*6777b538SAndroid Build Coastguard Worker ssl_client_session_cache_(ssl_client_session_cache),
108*6777b538SAndroid Build Coastguard Worker sct_auditing_delegate_(sct_auditing_delegate) {
109*6777b538SAndroid Build Coastguard Worker CHECK(cert_verifier_);
110*6777b538SAndroid Build Coastguard Worker CHECK(transport_security_state_);
111*6777b538SAndroid Build Coastguard Worker
112*6777b538SAndroid Build Coastguard Worker if (ssl_config_service_) {
113*6777b538SAndroid Build Coastguard Worker config_ = ssl_config_service_->GetSSLContextConfig();
114*6777b538SAndroid Build Coastguard Worker ssl_config_service_->AddObserver(this);
115*6777b538SAndroid Build Coastguard Worker }
116*6777b538SAndroid Build Coastguard Worker cert_verifier_->AddObserver(this);
117*6777b538SAndroid Build Coastguard Worker CertDatabase::GetInstance()->AddObserver(this);
118*6777b538SAndroid Build Coastguard Worker }
119*6777b538SAndroid Build Coastguard Worker
~SSLClientContext()120*6777b538SAndroid Build Coastguard Worker SSLClientContext::~SSLClientContext() {
121*6777b538SAndroid Build Coastguard Worker if (ssl_config_service_) {
122*6777b538SAndroid Build Coastguard Worker ssl_config_service_->RemoveObserver(this);
123*6777b538SAndroid Build Coastguard Worker }
124*6777b538SAndroid Build Coastguard Worker cert_verifier_->RemoveObserver(this);
125*6777b538SAndroid Build Coastguard Worker CertDatabase::GetInstance()->RemoveObserver(this);
126*6777b538SAndroid Build Coastguard Worker }
127*6777b538SAndroid Build Coastguard Worker
CreateSSLClientSocket(std::unique_ptr<StreamSocket> stream_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config)128*6777b538SAndroid Build Coastguard Worker std::unique_ptr<SSLClientSocket> SSLClientContext::CreateSSLClientSocket(
129*6777b538SAndroid Build Coastguard Worker std::unique_ptr<StreamSocket> stream_socket,
130*6777b538SAndroid Build Coastguard Worker const HostPortPair& host_and_port,
131*6777b538SAndroid Build Coastguard Worker const SSLConfig& ssl_config) {
132*6777b538SAndroid Build Coastguard Worker return std::make_unique<SSLClientSocketImpl>(this, std::move(stream_socket),
133*6777b538SAndroid Build Coastguard Worker host_and_port, ssl_config);
134*6777b538SAndroid Build Coastguard Worker }
135*6777b538SAndroid Build Coastguard Worker
GetClientCertificate(const HostPortPair & server,scoped_refptr<X509Certificate> * client_cert,scoped_refptr<SSLPrivateKey> * private_key)136*6777b538SAndroid Build Coastguard Worker bool SSLClientContext::GetClientCertificate(
137*6777b538SAndroid Build Coastguard Worker const HostPortPair& server,
138*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate>* client_cert,
139*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLPrivateKey>* private_key) {
140*6777b538SAndroid Build Coastguard Worker return ssl_client_auth_cache_.Lookup(server, client_cert, private_key);
141*6777b538SAndroid Build Coastguard Worker }
142*6777b538SAndroid Build Coastguard Worker
SetClientCertificate(const HostPortPair & server,scoped_refptr<X509Certificate> client_cert,scoped_refptr<SSLPrivateKey> private_key)143*6777b538SAndroid Build Coastguard Worker void SSLClientContext::SetClientCertificate(
144*6777b538SAndroid Build Coastguard Worker const HostPortPair& server,
145*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> client_cert,
146*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLPrivateKey> private_key) {
147*6777b538SAndroid Build Coastguard Worker ssl_client_auth_cache_.Add(server, std::move(client_cert),
148*6777b538SAndroid Build Coastguard Worker std::move(private_key));
149*6777b538SAndroid Build Coastguard Worker
150*6777b538SAndroid Build Coastguard Worker if (ssl_client_session_cache_) {
151*6777b538SAndroid Build Coastguard Worker // Session resumption bypasses client certificate negotiation, so flush all
152*6777b538SAndroid Build Coastguard Worker // associated sessions when preferences change.
153*6777b538SAndroid Build Coastguard Worker ssl_client_session_cache_->FlushForServers({server});
154*6777b538SAndroid Build Coastguard Worker }
155*6777b538SAndroid Build Coastguard Worker NotifySSLConfigForServersChanged({server});
156*6777b538SAndroid Build Coastguard Worker }
157*6777b538SAndroid Build Coastguard Worker
ClearClientCertificate(const HostPortPair & server)158*6777b538SAndroid Build Coastguard Worker bool SSLClientContext::ClearClientCertificate(const HostPortPair& server) {
159*6777b538SAndroid Build Coastguard Worker if (!ssl_client_auth_cache_.Remove(server)) {
160*6777b538SAndroid Build Coastguard Worker return false;
161*6777b538SAndroid Build Coastguard Worker }
162*6777b538SAndroid Build Coastguard Worker
163*6777b538SAndroid Build Coastguard Worker if (ssl_client_session_cache_) {
164*6777b538SAndroid Build Coastguard Worker // Session resumption bypasses client certificate negotiation, so flush all
165*6777b538SAndroid Build Coastguard Worker // associated sessions when preferences change.
166*6777b538SAndroid Build Coastguard Worker ssl_client_session_cache_->FlushForServers({server});
167*6777b538SAndroid Build Coastguard Worker }
168*6777b538SAndroid Build Coastguard Worker NotifySSLConfigForServersChanged({server});
169*6777b538SAndroid Build Coastguard Worker return true;
170*6777b538SAndroid Build Coastguard Worker }
171*6777b538SAndroid Build Coastguard Worker
AddObserver(Observer * observer)172*6777b538SAndroid Build Coastguard Worker void SSLClientContext::AddObserver(Observer* observer) {
173*6777b538SAndroid Build Coastguard Worker observers_.AddObserver(observer);
174*6777b538SAndroid Build Coastguard Worker }
175*6777b538SAndroid Build Coastguard Worker
RemoveObserver(Observer * observer)176*6777b538SAndroid Build Coastguard Worker void SSLClientContext::RemoveObserver(Observer* observer) {
177*6777b538SAndroid Build Coastguard Worker observers_.RemoveObserver(observer);
178*6777b538SAndroid Build Coastguard Worker }
179*6777b538SAndroid Build Coastguard Worker
OnSSLContextConfigChanged()180*6777b538SAndroid Build Coastguard Worker void SSLClientContext::OnSSLContextConfigChanged() {
181*6777b538SAndroid Build Coastguard Worker config_ = ssl_config_service_->GetSSLContextConfig();
182*6777b538SAndroid Build Coastguard Worker if (ssl_client_session_cache_) {
183*6777b538SAndroid Build Coastguard Worker ssl_client_session_cache_->Flush();
184*6777b538SAndroid Build Coastguard Worker }
185*6777b538SAndroid Build Coastguard Worker NotifySSLConfigChanged(SSLConfigChangeType::kSSLConfigChanged);
186*6777b538SAndroid Build Coastguard Worker }
187*6777b538SAndroid Build Coastguard Worker
OnCertVerifierChanged()188*6777b538SAndroid Build Coastguard Worker void SSLClientContext::OnCertVerifierChanged() {
189*6777b538SAndroid Build Coastguard Worker NotifySSLConfigChanged(SSLConfigChangeType::kCertVerifierChanged);
190*6777b538SAndroid Build Coastguard Worker }
191*6777b538SAndroid Build Coastguard Worker
OnTrustStoreChanged()192*6777b538SAndroid Build Coastguard Worker void SSLClientContext::OnTrustStoreChanged() {
193*6777b538SAndroid Build Coastguard Worker NotifySSLConfigChanged(SSLConfigChangeType::kCertDatabaseChanged);
194*6777b538SAndroid Build Coastguard Worker }
195*6777b538SAndroid Build Coastguard Worker
OnClientCertStoreChanged()196*6777b538SAndroid Build Coastguard Worker void SSLClientContext::OnClientCertStoreChanged() {
197*6777b538SAndroid Build Coastguard Worker base::flat_set<HostPortPair> servers =
198*6777b538SAndroid Build Coastguard Worker ssl_client_auth_cache_.GetCachedServers();
199*6777b538SAndroid Build Coastguard Worker ssl_client_auth_cache_.Clear();
200*6777b538SAndroid Build Coastguard Worker if (ssl_client_session_cache_) {
201*6777b538SAndroid Build Coastguard Worker ssl_client_session_cache_->FlushForServers(servers);
202*6777b538SAndroid Build Coastguard Worker }
203*6777b538SAndroid Build Coastguard Worker NotifySSLConfigForServersChanged(servers);
204*6777b538SAndroid Build Coastguard Worker }
205*6777b538SAndroid Build Coastguard Worker
ClearClientCertificateIfNeeded(const net::HostPortPair & host,const scoped_refptr<net::X509Certificate> & certificate)206*6777b538SAndroid Build Coastguard Worker void SSLClientContext::ClearClientCertificateIfNeeded(
207*6777b538SAndroid Build Coastguard Worker const net::HostPortPair& host,
208*6777b538SAndroid Build Coastguard Worker const scoped_refptr<net::X509Certificate>& certificate) {
209*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> cached_certificate;
210*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLPrivateKey> cached_private_key;
211*6777b538SAndroid Build Coastguard Worker if (!ssl_client_auth_cache_.Lookup(host, &cached_certificate,
212*6777b538SAndroid Build Coastguard Worker &cached_private_key) ||
213*6777b538SAndroid Build Coastguard Worker AreCertificatesEqual(cached_certificate, certificate)) {
214*6777b538SAndroid Build Coastguard Worker // No cached client certificate preference for this host.
215*6777b538SAndroid Build Coastguard Worker net::NetLog::Get()->AddGlobalEntry(
216*6777b538SAndroid Build Coastguard Worker NetLogEventType::CLEAR_CACHED_CLIENT_CERT, [&]() {
217*6777b538SAndroid Build Coastguard Worker return NetLogClearCachedClientCertParams(host, certificate,
218*6777b538SAndroid Build Coastguard Worker /*is_cleared=*/false);
219*6777b538SAndroid Build Coastguard Worker });
220*6777b538SAndroid Build Coastguard Worker return;
221*6777b538SAndroid Build Coastguard Worker }
222*6777b538SAndroid Build Coastguard Worker
223*6777b538SAndroid Build Coastguard Worker net::NetLog::Get()->AddGlobalEntry(
224*6777b538SAndroid Build Coastguard Worker NetLogEventType::CLEAR_CACHED_CLIENT_CERT, [&]() {
225*6777b538SAndroid Build Coastguard Worker return NetLogClearCachedClientCertParams(host, certificate,
226*6777b538SAndroid Build Coastguard Worker /*is_cleared=*/true);
227*6777b538SAndroid Build Coastguard Worker });
228*6777b538SAndroid Build Coastguard Worker
229*6777b538SAndroid Build Coastguard Worker ssl_client_auth_cache_.Remove(host);
230*6777b538SAndroid Build Coastguard Worker
231*6777b538SAndroid Build Coastguard Worker if (ssl_client_session_cache_) {
232*6777b538SAndroid Build Coastguard Worker ssl_client_session_cache_->FlushForServers({host});
233*6777b538SAndroid Build Coastguard Worker }
234*6777b538SAndroid Build Coastguard Worker
235*6777b538SAndroid Build Coastguard Worker NotifySSLConfigForServersChanged({host});
236*6777b538SAndroid Build Coastguard Worker }
237*6777b538SAndroid Build Coastguard Worker
ClearMatchingClientCertificate(const scoped_refptr<net::X509Certificate> & certificate)238*6777b538SAndroid Build Coastguard Worker void SSLClientContext::ClearMatchingClientCertificate(
239*6777b538SAndroid Build Coastguard Worker const scoped_refptr<net::X509Certificate>& certificate) {
240*6777b538SAndroid Build Coastguard Worker CHECK(certificate);
241*6777b538SAndroid Build Coastguard Worker
242*6777b538SAndroid Build Coastguard Worker base::flat_set<HostPortPair> cleared_servers;
243*6777b538SAndroid Build Coastguard Worker for (const auto& server : ssl_client_auth_cache_.GetCachedServers()) {
244*6777b538SAndroid Build Coastguard Worker scoped_refptr<X509Certificate> cached_certificate;
245*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLPrivateKey> cached_private_key;
246*6777b538SAndroid Build Coastguard Worker if (ssl_client_auth_cache_.Lookup(server, &cached_certificate,
247*6777b538SAndroid Build Coastguard Worker &cached_private_key) &&
248*6777b538SAndroid Build Coastguard Worker AreCertificatesEqual(cached_certificate, certificate,
249*6777b538SAndroid Build Coastguard Worker /*include_chain=*/false)) {
250*6777b538SAndroid Build Coastguard Worker cleared_servers.insert(cleared_servers.end(), server);
251*6777b538SAndroid Build Coastguard Worker }
252*6777b538SAndroid Build Coastguard Worker }
253*6777b538SAndroid Build Coastguard Worker
254*6777b538SAndroid Build Coastguard Worker net::NetLog::Get()->AddGlobalEntry(
255*6777b538SAndroid Build Coastguard Worker NetLogEventType::CLEAR_MATCHING_CACHED_CLIENT_CERT, [&]() {
256*6777b538SAndroid Build Coastguard Worker return NetLogClearMatchingCachedClientCertParams(cleared_servers,
257*6777b538SAndroid Build Coastguard Worker certificate);
258*6777b538SAndroid Build Coastguard Worker });
259*6777b538SAndroid Build Coastguard Worker
260*6777b538SAndroid Build Coastguard Worker if (cleared_servers.empty()) {
261*6777b538SAndroid Build Coastguard Worker return;
262*6777b538SAndroid Build Coastguard Worker }
263*6777b538SAndroid Build Coastguard Worker
264*6777b538SAndroid Build Coastguard Worker for (const auto& server_to_clear : cleared_servers) {
265*6777b538SAndroid Build Coastguard Worker ssl_client_auth_cache_.Remove(server_to_clear);
266*6777b538SAndroid Build Coastguard Worker }
267*6777b538SAndroid Build Coastguard Worker
268*6777b538SAndroid Build Coastguard Worker if (ssl_client_session_cache_) {
269*6777b538SAndroid Build Coastguard Worker ssl_client_session_cache_->FlushForServers(cleared_servers);
270*6777b538SAndroid Build Coastguard Worker }
271*6777b538SAndroid Build Coastguard Worker
272*6777b538SAndroid Build Coastguard Worker NotifySSLConfigForServersChanged(cleared_servers);
273*6777b538SAndroid Build Coastguard Worker }
274*6777b538SAndroid Build Coastguard Worker
NotifySSLConfigChanged(SSLConfigChangeType change_type)275*6777b538SAndroid Build Coastguard Worker void SSLClientContext::NotifySSLConfigChanged(SSLConfigChangeType change_type) {
276*6777b538SAndroid Build Coastguard Worker for (Observer& observer : observers_) {
277*6777b538SAndroid Build Coastguard Worker observer.OnSSLConfigChanged(change_type);
278*6777b538SAndroid Build Coastguard Worker }
279*6777b538SAndroid Build Coastguard Worker }
280*6777b538SAndroid Build Coastguard Worker
NotifySSLConfigForServersChanged(const base::flat_set<HostPortPair> & servers)281*6777b538SAndroid Build Coastguard Worker void SSLClientContext::NotifySSLConfigForServersChanged(
282*6777b538SAndroid Build Coastguard Worker const base::flat_set<HostPortPair>& servers) {
283*6777b538SAndroid Build Coastguard Worker for (Observer& observer : observers_) {
284*6777b538SAndroid Build Coastguard Worker observer.OnSSLConfigForServersChanged(servers);
285*6777b538SAndroid Build Coastguard Worker }
286*6777b538SAndroid Build Coastguard Worker }
287*6777b538SAndroid Build Coastguard Worker
288*6777b538SAndroid Build Coastguard Worker } // namespace net
289