Unlike the cache of the entire stats report which is time limited, this
certificate cache is valid for an unlimited amount of time, but is
cleared at ClearCachedStatsReport() which is already called on each
SLD/SRD call. Since certificates can only change by negotiation, this
cache is ensured to always be invalidated when certificates change.
Since ClearCachedStatsReport() can happen for other reasons than
certificates changing we may clear the cache more often then is
necessary, but arguably this is seldom enough that we don't have to
create a separate "ClearCertificateStats()" method. Keep it simple?
The cache specifically avoids rtc::SSLCertChain::GetStats which
trigger rtc::SSLCertificate::GetStats and rtc::Base64::EncodeFromArray.
Bug: webrtc:14458
Change-Id: I5f95a4a5eb51cc4462147270fdae7bb9fb7bc822
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/276602
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Henrik Boström <hbos@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38205}
This is part of a large-scale effort to increase adoption of
absl::string_view across the WebRTC code base.
This CL converts the majority of "const std::string&"s in function
parameters under rtc_base/ to absl::string_view.
Bug: webrtc:13579
Change-Id: I2b1e3776aa42326aa405f76bb324a2d233b21dca
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254081
Reviewed-by: Niels Moller <nisse@webrtc.org>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Xavier Lepaul <xalep@webrtc.org>
Reviewed-by: Anders Lilienthal <andersc@webrtc.org>
Reviewed-by: Per Kjellander <perkj@webrtc.org>
Commit-Queue: Ali Tofigh <alito@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#36239}
Using CRYPTO_BUFFERs instead of legacy X509 objects offers memory and
security gains, and will provide binary size improvements as well once
the default list of built-in certificates can be removed; the code
dealing with them still depends on the X509 API.
Implemented by splitting openssl_identity and openssl_certificate
into BoringSSL and vanilla OpenSSL implementations.
No-Try: True
Bug: webrtc:11410
Change-Id: I86ddb361b94ad85b15ebb8743490de83632ca53f
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/196941
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#32818}
This reverts commit 72f638a9a2.
Reason for revert: downstream build failures
Original change's description:
> Use CRYPTO_BUFFER APIs instead of X509 when building with BoringSSL.
>
> Using CRYPTO_BUFFERs instead of legacy X509 objects offers memory and
> security gains, and will provide binary size improvements as well once
> the default list of built-in certificates can be removed; the code
> dealing with them still depends on the X509 API.
>
> Implemented by splitting openssl_identity and openssl_certificate
> into BoringSSL and vanilla OpenSSL implementations.
>
> Bug: webrtc:11410
> Change-Id: Idc043462faac5e4ab1b75bedab2057197f80aba6
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/174120
> Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
> Reviewed-by: David Benjamin <davidben@webrtc.org>
> Reviewed-by: Harald Alvestrand <hta@webrtc.org>
> Commit-Queue: Taylor <deadbeef@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#32811}
TBR=deadbeef@webrtc.org,mbonadei@webrtc.org,davidben@webrtc.org,hta@webrtc.org
Change-Id: Ib5e55cb5798a2f3d25a4460f5311d2e650d3fa82
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: webrtc:11410
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/196742
Reviewed-by: Sam Zackrisson <saza@webrtc.org>
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#32812}
Using CRYPTO_BUFFERs instead of legacy X509 objects offers memory and
security gains, and will provide binary size improvements as well once
the default list of built-in certificates can be removed; the code
dealing with them still depends on the X509 API.
Implemented by splitting openssl_identity and openssl_certificate
into BoringSSL and vanilla OpenSSL implementations.
Bug: webrtc:11410
Change-Id: Idc043462faac5e4ab1b75bedab2057197f80aba6
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/174120
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: David Benjamin <davidben@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#32811}
