| author | Ed Morley <emorley@mozilla.com> |
| Mon, 25 Jun 2012 21:38:10 +0100 | |
| changeset 97597 | 51cff2123f458de5011861afb4e2093afe9cafac |
| parent 97596 | df2e726ece1f39e1d932dedf239f7219172010c3 |
| child 97598 | 627c49f46421e4f83ffb7e51a89c726c3d902f2b |
| push id | 11127 |
| push user | emorley@mozilla.com |
| push date | Mon, 25 Jun 2012 20:40:57 +0000 |
| treeherder | mozilla-inbound@51cff2123f45 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| bugs | 767516, 767512, 767505, 766929 |
| milestone | 16.0a1 |
| backs out | d45ca69b67a3bb9edd2f9495d8db468b384c3eff |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/netwerk/protocol/http/NullHttpTransaction.cpp +++ b/netwerk/protocol/http/NullHttpTransaction.cpp @@ -147,17 +147,17 @@ NullHttpTransaction::RequestHead() nsresult NullHttpTransaction::TakeSubTransactions( nsTArray<nsRefPtr<nsAHttpTransaction> > &outTransactions) { return NS_ERROR_NOT_IMPLEMENTED; } void -NullHttpTransaction::SetProxyConnectFailed() +NullHttpTransaction::SetSSLConnectFailed() { } void NullHttpTransaction::Close(nsresult reason) { mStatus = reason; mConnection = nsnull;
--- a/netwerk/protocol/http/NullHttpTransaction.h +++ b/netwerk/protocol/http/NullHttpTransaction.h @@ -13,17 +13,17 @@ #include "nsIEventTarget.h" #include "nsHttpConnectionInfo.h" #include "nsHttpRequestHead.h" #include "mozilla/Attributes.h" // This is the minimal nsAHttpTransaction implementation. A NullHttpTransaction // can be used to drive connection level semantics (such as SSL handshakes // tunnels) so that a nsHttpConnection becomes fully established in -// anticipation of a real transaction needing to use it soon. +// anticiation of a real transaction needing to use it soon. namespace mozilla { namespace net { class NullHttpTransaction MOZ_FINAL : public nsAHttpTransaction { public: NS_DECL_ISUPPORTS NS_DECL_NSAHTTPTRANSACTION
--- a/netwerk/protocol/http/SpdySession2.cpp +++ b/netwerk/protocol/http/SpdySession2.cpp @@ -2156,19 +2156,19 @@ void SpdySession2::GetSecurityCallbacks(nsIInterfaceRequestor **, nsIEventTarget **) { // This is unexpected NS_ABORT_IF_FALSE(false, "SpdySession2::GetSecurityCallbacks()"); } void -SpdySession2::SetProxyConnectFailed() +SpdySession2::SetSSLConnectFailed() { - NS_ABORT_IF_FALSE(false, "SpdySession2::SetProxyConnectFailed()"); + NS_ABORT_IF_FALSE(false, "SpdySession2::SetSSLConnectFailed()"); } bool SpdySession2::IsDone() { return !mStreamTransactionHash.Count(); }
--- a/netwerk/protocol/http/SpdySession3.cpp +++ b/netwerk/protocol/http/SpdySession3.cpp @@ -2213,19 +2213,19 @@ void SpdySession3::GetSecurityCallbacks(nsIInterfaceRequestor **, nsIEventTarget **) { // This is unexpected NS_ABORT_IF_FALSE(false, "SpdySession3::GetSecurityCallbacks()"); } void -SpdySession3::SetProxyConnectFailed() +SpdySession3::SetSSLConnectFailed() { - NS_ABORT_IF_FALSE(false, "SpdySession3::SetProxyConnectFailed()"); + NS_ABORT_IF_FALSE(false, "SpdySession3::SetSSLConnectFailed()"); } bool SpdySession3::IsDone() { return !mStreamTransactionHash.Count(); }
--- a/netwerk/protocol/http/nsAHttpTransaction.h +++ b/netwerk/protocol/http/nsAHttpTransaction.h @@ -58,18 +58,18 @@ public: // called to write response data to the transaction. virtual nsresult WriteSegments(nsAHttpSegmentWriter *writer, PRUint32 count, PRUint32 *countWritten) = 0; // called to close the transaction virtual void Close(nsresult reason) = 0; - // called to indicate a failure with proxy CONNECT - virtual void SetProxyConnectFailed() = 0; + // called to indicate a failure at the SSL setup level + virtual void SetSSLConnectFailed() = 0; // called to retrieve the request headers of the transaction virtual nsHttpRequestHead *RequestHead() = 0; // determine the number of real http/1.x transactions on this // abstract object. Pipelines may have multiple, SPDY has 0, // normal http transactions have 1. virtual PRUint32 Http1xTransactionCount() = 0; @@ -144,17 +144,17 @@ public: nsresult status, PRUint64 progress); \ bool IsDone(); \ nsresult Status(); \ PRUint8 Caps(); \ PRUint32 Available(); \ nsresult ReadSegments(nsAHttpSegmentReader *, PRUint32, PRUint32 *); \ nsresult WriteSegments(nsAHttpSegmentWriter *, PRUint32, PRUint32 *); \ void Close(nsresult reason); \ - void SetProxyConnectFailed(); \ + void SetSSLConnectFailed(); \ nsHttpRequestHead *RequestHead(); \ PRUint32 Http1xTransactionCount(); \ nsresult TakeSubTransactions(nsTArray<nsRefPtr<nsAHttpTransaction> > &outTransactions); \ nsresult AddTransaction(nsAHttpTransaction *); \ PRUint32 PipelineDepth(); \ nsresult SetPipelinePosition(PRInt32); \ PRInt32 PipelinePosition();
--- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -704,18 +704,18 @@ nsHttpChannel::SetupTransaction() LOG((" pipelining disallowed\n")); mCaps &= ~NS_HTTP_ALLOW_PIPELINING; } } if (!mAllowSpdy) mCaps |= NS_HTTP_DISALLOW_SPDY; - // Use the URI path if not proxying (transparent proxying such as proxy - // CONNECT does not count here). Also figure out what HTTP version to use. + // use the URI path if not proxying (transparent proxying such as SSL proxy + // does not count here). also, figure out what version we should be speaking. nsCAutoString buf, path; nsCString* requestURI; if (mConnectionInfo->UsingConnect() || !mConnectionInfo->UsingHttpProxy()) { rv = mURI->GetPath(path); if (NS_FAILED(rv)) return rv; // path may contain UTF-8 characters, so ensure that they're escaped. if (NS_EscapeURL(path.get(), path.Length(), esc_OnlyNonASCII, buf)) @@ -981,31 +981,31 @@ nsHttpChannel::CallOnStartRequest() CloseOfflineCacheEntry(); } } return NS_OK; } nsresult -nsHttpChannel::ProcessFailedProxyConnect(PRUint32 httpStatus) +nsHttpChannel::ProcessFailedSSLConnect(PRUint32 httpStatus) { - // Failure to set up a proxy tunnel via CONNECT means one of the following: + // Failure to set up SSL proxy tunnel means one of the following: // 1) Proxy wants authorization, or forbids. // 2) DNS at proxy couldn't resolve target URL. // 3) Proxy connection to target failed or timed out. - // 4) Eve intercepted our CONNECT, and is replying with malicious HTML. - // - // Our current architecture would parse the proxy's response content with - // the permission of the target URL. Given #4, we must avoid rendering the - // body of the reply, and instead give the user a (hopefully helpful) + // 4) Eve noticed our proxy CONNECT, and is replying with malicious HTML. + // + // Our current architecture will parse response content with the + // permission of the target URL! Given #4, we must avoid rendering the + // body of the reply, and instead give the user a (hopefully helpful) // boilerplate error page, based on just the HTTP status of the reply. - NS_ABORT_IF_FALSE(mConnectionInfo->UsingConnect(), - "proxy connect failed but not using CONNECT?"); + NS_ABORT_IF_FALSE(mConnectionInfo->UsingSSL(), + "SSL connect failed but not using SSL?"); nsresult rv; switch (httpStatus) { case 300: case 301: case 302: case 303: case 307: case 308: // Bad redirect: not top-level, or it's a POST, bad/missing Location, // or ProcessRedirect() failed for some other reason. Legal // redirects that fail because site not available, etc., are handled // elsewhere, in the regular codepath. @@ -1046,23 +1046,31 @@ nsHttpChannel::ProcessFailedProxyConnect // is taking too long to respond." rv = NS_ERROR_NET_TIMEOUT; break; // Confused proxy server or malicious response default: rv = NS_ERROR_PROXY_CONNECTION_REFUSED; break; } - LOG(("Cancelling failed proxy CONNECT [this=%p httpStatus=%u]\n", + LOG(("Cancelling failed SSL proxy connection [this=%p httpStatus=%u]\n", this, httpStatus)); Cancel(rv); CallOnStartRequest(); return rv; } +bool +nsHttpChannel::ShouldSSLProxyResponseContinue(PRUint32 httpStatus) +{ + // When SSL connect has failed, allow proxy reply to continue only if it's + // a 407 (proxy authentication required) response + return (httpStatus == 407); +} + /** * Decide whether or not to remember Strict-Transport-Security, and whether * or not to enforce channel integrity. * * @return NS_ERROR_FAILURE if there's security information missing even though * it's an HTTPS connection. */ nsresult @@ -1150,21 +1158,20 @@ nsresult nsHttpChannel::ProcessResponse() { nsresult rv; PRUint32 httpStatus = mResponseHead->Status(); LOG(("nsHttpChannel::ProcessResponse [this=%p httpStatus=%u]\n", this, httpStatus)); - if (mTransaction->ProxyConnectFailed()) { - // Only allow 407 (authentication required) to continue - if (httpStatus != 407) - return ProcessFailedProxyConnect(httpStatus); - // If proxy CONNECT response needs to complete, wait to process connection + if (mTransaction->SSLConnectFailed()) { + if (!ShouldSSLProxyResponseContinue(httpStatus)) + return ProcessFailedSSLConnect(httpStatus); + // If SSL proxy response needs to complete, wait to process connection // for Strict-Transport-Security. } else { // Given a successful connection, process any STS data that's relevant. rv = ProcessSTSHeader(); NS_ASSERTION(NS_SUCCEEDED(rv), "ProcessSTSHeader failed, continuing load."); } MOZ_ASSERT(!mCachedContentIsValid); @@ -1258,33 +1265,34 @@ nsHttpChannel::ProcessResponse() } else { successfulReval = true; } break; case 401: case 407: rv = mAuthProvider->ProcessAuthentication( - httpStatus, mTransaction->ProxyConnectFailed()); + httpStatus, mConnectionInfo->UsingSSL() && + mTransaction->SSLConnectFailed()); if (rv == NS_ERROR_IN_PROGRESS) { // authentication prompt has been invoked and result // is expected asynchronously mAuthRetryPending = true; // suspend the transaction pump to stop receiving the // unauthenticated content data. We will throw that data // away when user provides credentials or resume the pump // when user refuses to authenticate. LOG(("Suspending the transaction, asynchronously prompting for credentials")); mTransactionPump->Suspend(); rv = NS_OK; } else if (NS_FAILED(rv)) { LOG(("ProcessAuthentication failed [rv=%x]\n", rv)); - if (mTransaction->ProxyConnectFailed()) - return ProcessFailedProxyConnect(httpStatus); + if (mTransaction->SSLConnectFailed()) + return ProcessFailedSSLConnect(httpStatus); if (!mAuthRetryPending) mAuthProvider->CheckForSuperfluousAuth(); rv = ProcessNormal(); } else mAuthRetryPending = true; // see DoAuthRetry break; default: @@ -1345,18 +1353,18 @@ nsHttpChannel::ContinueProcessResponse(n // Store response in the offline cache InitOfflineCacheEntry(); CloseOfflineCacheEntry(); } return NS_OK; } LOG(("ContinueProcessResponse got failure result [rv=%x]\n", rv)); - if (mTransaction->ProxyConnectFailed()) { - return ProcessFailedProxyConnect(mRedirectType); + if (mTransaction->SSLConnectFailed()) { + return ProcessFailedSSLConnect(mRedirectType); } return ProcessNormal(); } nsresult nsHttpChannel::ProcessNormal() { nsresult rv;
--- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h @@ -167,17 +167,18 @@ private: nsresult ProcessResponse(); nsresult ContinueProcessResponse(nsresult); nsresult ProcessNormal(); nsresult ContinueProcessNormal(nsresult); nsresult ProcessNotModified(); nsresult AsyncProcessRedirection(PRUint32 httpStatus); nsresult ContinueProcessRedirection(nsresult); nsresult ContinueProcessRedirectionAfterFallback(nsresult); - nsresult ProcessFailedProxyConnect(PRUint32 httpStatus); + bool ShouldSSLProxyResponseContinue(PRUint32 httpStatus); + nsresult ProcessFailedSSLConnect(PRUint32 httpStatus); nsresult ProcessFallback(bool *waitingForRedirectCallback); nsresult ContinueProcessFallback(nsresult); void HandleAsyncAbort(); nsresult EnsureAssocReq(); nsresult ContinueOnStartRequest1(nsresult); nsresult ContinueOnStartRequest2(nsresult); nsresult ContinueOnStartRequest3(nsresult);
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp +++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp @@ -63,21 +63,21 @@ nsHttpChannelAuthProvider::Init(nsIHttpA rv = mURI->GetPort(&mPort); if (NS_FAILED(rv)) return rv; return NS_OK; } NS_IMETHODIMP nsHttpChannelAuthProvider::ProcessAuthentication(PRUint32 httpStatus, - bool ProxyConnectFailed) + bool SSLConnectFailed) { LOG(("nsHttpChannelAuthProvider::ProcessAuthentication " - "[this=%p channel=%p code=%u ProxyConnectFailed=%d]\n", - this, mAuthChannel, httpStatus, ProxyConnectFailed)); + "[this=%p channel=%p code=%u SSLConnectFailed=%d]\n", + this, mAuthChannel, httpStatus, SSLConnectFailed)); NS_ASSERTION(mAuthChannel, "Channel not initialized"); nsCOMPtr<nsIProxyInfo> proxyInfo; nsresult rv = mAuthChannel->GetProxyInfo(getter_AddRefs(proxyInfo)); if (NS_FAILED(rv)) return rv; if (proxyInfo) { mProxyInfo = do_QueryInterface(proxyInfo); @@ -108,17 +108,17 @@ nsHttpChannelAuthProvider::ProcessAuthen // credentials to an origin server. We could attempt to proceed as // if we had received a 401 from the server, but why risk flirting // with trouble? IE similarly rejects 407s when a proxy server is // not configured, so there's no reason not to do the same. if (!UsingHttpProxy()) { LOG(("rejecting 407 when proxy server not configured!\n")); return NS_ERROR_UNEXPECTED; } - if (!ProxyConnectFailed) { + if (UsingSSL() && !SSLConnectFailed) { // we need to verify that this challenge came from the proxy // server itself, and not some server on the other side of the // SSL tunnel. LOG(("rejecting 407 from origin server!\n")); return NS_ERROR_UNEXPECTED; } rv = mAuthChannel->GetProxyChallenges(challenges); }
--- a/netwerk/protocol/http/nsHttpConnection.cpp +++ b/netwerk/protocol/http/nsHttpConnection.cpp @@ -823,19 +823,19 @@ nsHttpConnection::OnHeadersAvailable(nsA } if (!foundKeepAliveMax && mRemainingConnectionUses && !mUsingSpdyVersion) --mRemainingConnectionUses; if (!mProxyConnectStream) HandleAlternateProtocol(responseHead); - // If we're doing a proxy connect, we need to check whether or not - // it was successful. If so, we have to reset the transaction and step-up - // the socket connection if using SSL. Finally, we have to wake up the + // if we're doing an SSL proxy connect, then we need to check whether or not + // the connect was successful. if so, then we have to reset the transaction + // and step-up the socket connection to SSL. finally, we have to wake up the // socket write request. if (mProxyConnectStream) { NS_ABORT_IF_FALSE(!mUsingSpdyVersion, "SPDY NPN Complete while using proxy connect stream"); mProxyConnectStream = 0; if (responseHead->Status() == 200) { LOG(("proxy CONNECT succeeded! ssl=%s\n", mConnInfo->UsingSSL() ? "true" :"false")); @@ -850,17 +850,17 @@ nsHttpConnection::OnHeadersAvailable(nsA mProxyConnectInProgress = false; rv = mSocketOut->AsyncWait(this, 0, 0, nsnull); // XXX what if this fails -- need to handle this error NS_ASSERTION(NS_SUCCEEDED(rv), "mSocketOut->AsyncWait failed"); } else { LOG(("proxy CONNECT failed! ssl=%s\n", mConnInfo->UsingSSL() ? "true" :"false")); - mTransaction->SetProxyConnectFailed(); + mTransaction->SetSSLConnectFailed(); } } const char *upgradeReq = requestHead->PeekHeader(nsHttp::Upgrade); if (upgradeReq) { LOG(("HTTP Upgrade in play - disable keepalive\n")); DontReuse(); } @@ -1190,18 +1190,18 @@ nsHttpConnection::OnSocketWritable() nsresult rv; PRUint32 n; bool again = true; do { mSocketOutCondition = NS_OK; - // If we're doing a proxy connect, then we need to bypass calling into - // the transaction. + // if we're doing an SSL proxy connect, then we need to bypass calling + // into the transaction. // // NOTE: this code path can't be shared since the transaction doesn't // implement nsIInputStream. doing so is not worth the added cost of // extra indirections during normal reading. // if (mProxyConnectStream) { LOG((" writing CONNECT request stream\n")); rv = mProxyConnectStream->ReadSegments(ReadFromStream, this,
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -1374,27 +1374,27 @@ bool nsHttpConnectionMgr::IsUnderPressure(nsConnectionEntry *ent, nsHttpTransaction::Classifier classification) { // A connection entry is declared to be "under pressure" if most of the // allowed parallel connections are already used up. In that case we want to // favor existing pipelines over more parallelism so as to reserve any // unused parallel connections for types that don't have existing pipelines. // - // The definition of connection pressure is a pretty liberal one here - that + // The defintion of connection pressure is a pretty liberal one here - that // is why we are using the more restrictive maxPersist* counters. // // Pipelines are also favored when the requested classification is already // using 3 or more of the connections. Failure to do this could result in // one class (e.g. images) establishing self replenishing queues on all the // connections that would starve the other transaction types. PRInt32 currentConns = ent->mActiveConns.Length(); PRInt32 maxConns = - (ent->mConnInfo->UsingHttpProxy() && !ent->mConnInfo->UsingConnect()) ? + (ent->mConnInfo->UsingHttpProxy() && !ent->mConnInfo->UsingSSL()) ? mMaxPersistConnsPerProxy : mMaxPersistConnsPerHost; // Leave room for at least 3 distinct types to operate concurrently, // this satisfies the typical {html, js/css, img} page. if (currentConns >= (maxConns - 2)) return true; /* prefer pipeline */ PRInt32 sameClass = 0;
--- a/netwerk/protocol/http/nsHttpPipeline.cpp +++ b/netwerk/protocol/http/nsHttpPipeline.cpp @@ -340,22 +340,22 @@ nsHttpPipeline::Classification() return mConnection->Classification(); LOG(("nsHttpPipeline::Classification this=%p " "has null mConnection using CLASS_SOLO default", this)); return nsAHttpTransaction::CLASS_SOLO; } void -nsHttpPipeline::SetProxyConnectFailed() +nsHttpPipeline::SetSSLConnectFailed() { nsAHttpTransaction *trans = Request(0); if (trans) - trans->SetProxyConnectFailed(); + trans->SetSSLConnectFailed(); } nsHttpRequestHead * nsHttpPipeline::RequestHead() { nsAHttpTransaction *trans = Request(0); if (trans) @@ -642,17 +642,17 @@ nsHttpPipeline::WriteSegments(nsAHttpSeg return NS_SUCCEEDED(mStatus) ? NS_BASE_STREAM_CLOSED : mStatus; nsAHttpTransaction *trans; nsresult rv; trans = Response(0); // This code deals with the establishment of a CONNECT tunnel through // an HTTP proxy. It allows the connection to do the CONNECT/200 - // HTTP transaction to establish a tunnel as a precursor to the + // HTTP transaction to establish an SSL tunnel as a precursor to the // actual pipeline of regular HTTP transactions. if (!trans && mRequestQ.Length() && mConnection->IsProxyConnectInProgress()) { LOG(("nsHttpPipeline::WriteSegments [this=%p] Forced Delegation\n", this)); trans = Request(0); }
--- a/netwerk/protocol/http/nsHttpTransaction.cpp +++ b/netwerk/protocol/http/nsHttpTransaction.cpp @@ -96,17 +96,17 @@ nsHttpTransaction::nsHttpTransaction() , mTransactionDone(false) , mResponseIsComplete(false) , mDidContentStart(false) , mNoContent(false) , mSentData(false) , mReceivedData(false) , mStatusEventPending(false) , mHasRequestBody(false) - , mProxyConnectFailed(false) + , mSSLConnectFailed(false) , mHttpResponseMatched(false) , mPreserveStream(false) , mReportedStart(false) , mReportedResponseHeader(false) , mForTakeResponseHead(nsnull) , mResponseHeadTaken(false) { LOG(("Creating nsHttpTransaction @%x\n", this)); @@ -347,19 +347,19 @@ nsHttpTransaction::TakeResponseHead() } head = mResponseHead; mResponseHead = nsnull; return head; } void -nsHttpTransaction::SetProxyConnectFailed() +nsHttpTransaction::SetSSLConnectFailed() { - mProxyConnectFailed = true; + mSSLConnectFailed = true; } nsHttpRequestHead * nsHttpTransaction::RequestHead() { return mRequestHead; }
--- a/netwerk/protocol/http/nsHttpTransaction.h +++ b/netwerk/protocol/http/nsHttpTransaction.h @@ -89,17 +89,17 @@ public: // Called to take ownership of the response headers; the transaction // will drop any reference to the response headers after this call. nsHttpResponseHead *TakeResponseHead(); // Called to find out if the transaction generated a complete response. bool ResponseIsComplete() { return mResponseIsComplete; } - bool ProxyConnectFailed() { return mProxyConnectFailed; } + bool SSLConnectFailed() { return mSSLConnectFailed; } // SetPriority() may only be used by the connection manager. void SetPriority(PRInt32 priority) { mPriority = priority; } PRInt32 Priority() { return mPriority; } const TimingStruct& Timings() const { return mTimings; } enum Classifier Classification() { return mClassification; } @@ -184,17 +184,17 @@ private: bool mTransactionDone; bool mResponseIsComplete; bool mDidContentStart; bool mNoContent; // expecting an empty entity body bool mSentData; bool mReceivedData; bool mStatusEventPending; bool mHasRequestBody; - bool mProxyConnectFailed; + bool mSSLConnectFailed; bool mHttpResponseMatched; bool mPreserveStream; // mClosed := transaction has been explicitly closed // mTransactionDone := transaction ran to completion or was interrupted // mResponseComplete := transaction ran to completion // For Restart-In-Progress Functionality
--- a/netwerk/protocol/http/nsIHttpAuthManager.idl +++ b/netwerk/protocol/http/nsIHttpAuthManager.idl @@ -22,17 +22,17 @@ [scriptable, uuid(7ce8e9d1-8b4b-4883-a307-66fe12a50153)] interface nsIHttpAuthManager : nsISupports { /** * Lookup auth identity. * * @param aScheme * the URL scheme (e.g., "http"). NOTE: for proxy authentication, - * this should be "http" (this includes authentication for CONNECT + * this should be "http" (this includes authentication for SSL * tunneling). * @param aHost * the host of the server issuing a challenge (ASCII only). * @param aPort * the port of the server issuing a challenge. * @param aAuthType * optional string identifying auth type used (e.g., "basic") * @param aRealm @@ -56,17 +56,17 @@ interface nsIHttpAuthManager : nsISuppor out AString aUserName, out AString aUserPassword); /** * Store auth identity. * * @param aScheme * the URL scheme (e.g., "http"). NOTE: for proxy authentication, - * this should be "http" (this includes authentication for CONNECT + * this should be "http" (this includes authentication for SSL * tunneling). * @param aHost * the host of the server issuing a challenge (ASCII only). * @param aPort * the port of the server issuing a challenge. * @param aAuthType * optional string identifying auth type used (e.g., "basic") * @param aRealm
--- a/netwerk/protocol/http/nsIHttpChannelAuthProvider.idl +++ b/netwerk/protocol/http/nsIHttpChannelAuthProvider.idl @@ -35,31 +35,31 @@ interface nsIHttpChannelAuthProvider : n void init(in nsIHttpAuthenticableChannel channel); /** * Upon receipt of a server challenge, this function is called to determine * the credentials to send. * * @param httpStatus * the http status received. - * @param proxyConnectFailed - * if attempt to create CONNECT tunnel via proxy failed. + * @param sslConnectFailed + * if the last ssl tunnel connection attempt was or not successful. * @param callback * the callback to be called when it returns NS_ERROR_IN_PROGRESS. * The implementation must hold a weak reference. * * @returns NS_OK if the credentials were got and set successfully. * NS_ERROR_IN_PROGRESS if the credentials are going to be asked to * the user. The channel reference must be * alive until the feedback from * nsIHttpAuthenticableChannel's methods or * until disconnect be called. */ void processAuthentication(in unsigned long httpStatus, - in boolean proxyConnectFailed); + in boolean sslConnectFailed); /** * Add credentials from the http auth cache. */ void addAuthorizationHeaders(); /** * Check if an unnecessary(and maybe malicious) url authentication has been