Backout d45ca69b67a3 (bug 767516), 4ff98d3e4d8d (bug 767512), 70cc47076115 (bug 767505), 4eca26d02c84 (bug 766929) for mochitest-plain-5 failures
authorEd Morley <emorley@mozilla.com>
Mon, 25 Jun 2012 21:38:10 +0100
changeset 97597 51cff2123f458de5011861afb4e2093afe9cafac
parent 97596 df2e726ece1f39e1d932dedf239f7219172010c3
child 97598 627c49f46421e4f83ffb7e51a89c726c3d902f2b
push id11127
push useremorley@mozilla.com
push dateMon, 25 Jun 2012 20:40:57 +0000
treeherdermozilla-inbound@51cff2123f45 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs767516, 767512, 767505, 766929
milestone16.0a1
backs outd45ca69b67a3bb9edd2f9495d8db468b384c3eff
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backout d45ca69b67a3 (bug 767516), 4ff98d3e4d8d (bug 767512), 70cc47076115 (bug 767505), 4eca26d02c84 (bug 766929) for mochitest-plain-5 failures
netwerk/protocol/http/NullHttpTransaction.cpp
netwerk/protocol/http/NullHttpTransaction.h
netwerk/protocol/http/SpdySession2.cpp
netwerk/protocol/http/SpdySession3.cpp
netwerk/protocol/http/nsAHttpTransaction.h
netwerk/protocol/http/nsHttpChannel.cpp
netwerk/protocol/http/nsHttpChannel.h
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
netwerk/protocol/http/nsHttpConnection.cpp
netwerk/protocol/http/nsHttpConnectionMgr.cpp
netwerk/protocol/http/nsHttpPipeline.cpp
netwerk/protocol/http/nsHttpTransaction.cpp
netwerk/protocol/http/nsHttpTransaction.h
netwerk/protocol/http/nsIHttpAuthManager.idl
netwerk/protocol/http/nsIHttpChannelAuthProvider.idl
--- a/netwerk/protocol/http/NullHttpTransaction.cpp
+++ b/netwerk/protocol/http/NullHttpTransaction.cpp
@@ -147,17 +147,17 @@ NullHttpTransaction::RequestHead()
 nsresult
 NullHttpTransaction::TakeSubTransactions(
   nsTArray<nsRefPtr<nsAHttpTransaction> > &outTransactions)
 {
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 void
-NullHttpTransaction::SetProxyConnectFailed()
+NullHttpTransaction::SetSSLConnectFailed()
 {
 }
 
 void
 NullHttpTransaction::Close(nsresult reason)
 {
   mStatus = reason;
   mConnection = nsnull;
--- a/netwerk/protocol/http/NullHttpTransaction.h
+++ b/netwerk/protocol/http/NullHttpTransaction.h
@@ -13,17 +13,17 @@
 #include "nsIEventTarget.h"
 #include "nsHttpConnectionInfo.h"
 #include "nsHttpRequestHead.h"
 #include "mozilla/Attributes.h"
 
 // This is the minimal nsAHttpTransaction implementation. A NullHttpTransaction
 // can be used to drive connection level semantics (such as SSL handshakes
 // tunnels) so that a nsHttpConnection becomes fully established in
-// anticipation of a real transaction needing to use it soon.
+// anticiation of a real transaction needing to use it soon.
 
 namespace mozilla { namespace net {
 
 class NullHttpTransaction MOZ_FINAL : public nsAHttpTransaction
 {
 public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSAHTTPTRANSACTION
--- a/netwerk/protocol/http/SpdySession2.cpp
+++ b/netwerk/protocol/http/SpdySession2.cpp
@@ -2156,19 +2156,19 @@ void
 SpdySession2::GetSecurityCallbacks(nsIInterfaceRequestor **,
                                   nsIEventTarget **)
 {
   // This is unexpected
   NS_ABORT_IF_FALSE(false, "SpdySession2::GetSecurityCallbacks()");
 }
 
 void
-SpdySession2::SetProxyConnectFailed()
+SpdySession2::SetSSLConnectFailed()
 {
-  NS_ABORT_IF_FALSE(false, "SpdySession2::SetProxyConnectFailed()");
+  NS_ABORT_IF_FALSE(false, "SpdySession2::SetSSLConnectFailed()");
 }
 
 bool
 SpdySession2::IsDone()
 {
   return !mStreamTransactionHash.Count();
 }
 
--- a/netwerk/protocol/http/SpdySession3.cpp
+++ b/netwerk/protocol/http/SpdySession3.cpp
@@ -2213,19 +2213,19 @@ void
 SpdySession3::GetSecurityCallbacks(nsIInterfaceRequestor **,
                                   nsIEventTarget **)
 {
   // This is unexpected
   NS_ABORT_IF_FALSE(false, "SpdySession3::GetSecurityCallbacks()");
 }
 
 void
-SpdySession3::SetProxyConnectFailed()
+SpdySession3::SetSSLConnectFailed()
 {
-  NS_ABORT_IF_FALSE(false, "SpdySession3::SetProxyConnectFailed()");
+  NS_ABORT_IF_FALSE(false, "SpdySession3::SetSSLConnectFailed()");
 }
 
 bool
 SpdySession3::IsDone()
 {
   return !mStreamTransactionHash.Count();
 }
 
--- a/netwerk/protocol/http/nsAHttpTransaction.h
+++ b/netwerk/protocol/http/nsAHttpTransaction.h
@@ -58,18 +58,18 @@ public:
 
     // called to write response data to the transaction.
     virtual nsresult WriteSegments(nsAHttpSegmentWriter *writer,
                                    PRUint32 count, PRUint32 *countWritten) = 0;
 
     // called to close the transaction
     virtual void Close(nsresult reason) = 0;
 
-    // called to indicate a failure with proxy CONNECT
-    virtual void SetProxyConnectFailed() = 0;
+    // called to indicate a failure at the SSL setup level
+    virtual void SetSSLConnectFailed() = 0;
     
     // called to retrieve the request headers of the transaction
     virtual nsHttpRequestHead *RequestHead() = 0;
 
     // determine the number of real http/1.x transactions on this
     // abstract object. Pipelines may have multiple, SPDY has 0,
     // normal http transactions have 1.
     virtual PRUint32 Http1xTransactionCount() = 0;
@@ -144,17 +144,17 @@ public:
                            nsresult status, PRUint64 progress); \
     bool     IsDone(); \
     nsresult Status(); \
     PRUint8  Caps();   \
     PRUint32 Available(); \
     nsresult ReadSegments(nsAHttpSegmentReader *, PRUint32, PRUint32 *); \
     nsresult WriteSegments(nsAHttpSegmentWriter *, PRUint32, PRUint32 *); \
     void     Close(nsresult reason);                                    \
-    void     SetProxyConnectFailed();                                   \
+    void     SetSSLConnectFailed();                                     \
     nsHttpRequestHead *RequestHead();                                   \
     PRUint32 Http1xTransactionCount();                                  \
     nsresult TakeSubTransactions(nsTArray<nsRefPtr<nsAHttpTransaction> > &outTransactions); \
     nsresult AddTransaction(nsAHttpTransaction *);                      \
     PRUint32 PipelineDepth();                                           \
     nsresult SetPipelinePosition(PRInt32);                              \
     PRInt32  PipelinePosition();
 
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -704,18 +704,18 @@ nsHttpChannel::SetupTransaction()
             LOG(("  pipelining disallowed\n"));
             mCaps &= ~NS_HTTP_ALLOW_PIPELINING;
         }
     }
 
     if (!mAllowSpdy)
         mCaps |= NS_HTTP_DISALLOW_SPDY;
 
-    // Use the URI path if not proxying (transparent proxying such as proxy
-    // CONNECT does not count here). Also figure out what HTTP version to use.
+    // use the URI path if not proxying (transparent proxying such as SSL proxy
+    // does not count here). also, figure out what version we should be speaking.
     nsCAutoString buf, path;
     nsCString* requestURI;
     if (mConnectionInfo->UsingConnect() ||
         !mConnectionInfo->UsingHttpProxy()) {
         rv = mURI->GetPath(path);
         if (NS_FAILED(rv)) return rv;
         // path may contain UTF-8 characters, so ensure that they're escaped.
         if (NS_EscapeURL(path.get(), path.Length(), esc_OnlyNonASCII, buf))
@@ -981,31 +981,31 @@ nsHttpChannel::CallOnStartRequest()
             CloseOfflineCacheEntry();
         }
     }
 
     return NS_OK;
 }
 
 nsresult
-nsHttpChannel::ProcessFailedProxyConnect(PRUint32 httpStatus)
+nsHttpChannel::ProcessFailedSSLConnect(PRUint32 httpStatus)
 {
-    // Failure to set up a proxy tunnel via CONNECT means one of the following:
+    // Failure to set up SSL proxy tunnel means one of the following:
     // 1) Proxy wants authorization, or forbids.
     // 2) DNS at proxy couldn't resolve target URL.
     // 3) Proxy connection to target failed or timed out.
-    // 4) Eve intercepted our CONNECT, and is replying with malicious HTML.
-    //
-    // Our current architecture would parse the proxy's response content with
-    // the permission of the target URL.  Given #4, we must avoid rendering the
-    // body of the reply, and instead give the user a (hopefully helpful)
+    // 4) Eve noticed our proxy CONNECT, and is replying with malicious HTML.
+    // 
+    // Our current architecture will parse response content with the
+    // permission of the target URL!  Given #4, we must avoid rendering the
+    // body of the reply, and instead give the user a (hopefully helpful) 
     // boilerplate error page, based on just the HTTP status of the reply.
 
-    NS_ABORT_IF_FALSE(mConnectionInfo->UsingConnect(),
-                      "proxy connect failed but not using CONNECT?");
+    NS_ABORT_IF_FALSE(mConnectionInfo->UsingSSL(),
+                      "SSL connect failed but not using SSL?");
     nsresult rv;
     switch (httpStatus) 
     {
     case 300: case 301: case 302: case 303: case 307: case 308:
         // Bad redirect: not top-level, or it's a POST, bad/missing Location,
         // or ProcessRedirect() failed for some other reason.  Legal
         // redirects that fail because site not available, etc., are handled
         // elsewhere, in the regular codepath.
@@ -1046,23 +1046,31 @@ nsHttpChannel::ProcessFailedProxyConnect
         //              is taking too long to respond."
         rv = NS_ERROR_NET_TIMEOUT;
         break;
     // Confused proxy server or malicious response
     default:
         rv = NS_ERROR_PROXY_CONNECTION_REFUSED; 
         break;
     }
-    LOG(("Cancelling failed proxy CONNECT [this=%p httpStatus=%u]\n",
+    LOG(("Cancelling failed SSL proxy connection [this=%p httpStatus=%u]\n",
          this, httpStatus)); 
     Cancel(rv);
     CallOnStartRequest();
     return rv;
 }
 
+bool
+nsHttpChannel::ShouldSSLProxyResponseContinue(PRUint32 httpStatus)
+{
+    // When SSL connect has failed, allow proxy reply to continue only if it's
+    // a 407 (proxy authentication required) response
+    return (httpStatus == 407);
+}
+
 /**
  * Decide whether or not to remember Strict-Transport-Security, and whether
  * or not to enforce channel integrity.
  *
  * @return NS_ERROR_FAILURE if there's security information missing even though
  *             it's an HTTPS connection.
  */
 nsresult
@@ -1150,21 +1158,20 @@ nsresult
 nsHttpChannel::ProcessResponse()
 {
     nsresult rv;
     PRUint32 httpStatus = mResponseHead->Status();
 
     LOG(("nsHttpChannel::ProcessResponse [this=%p httpStatus=%u]\n",
         this, httpStatus));
 
-    if (mTransaction->ProxyConnectFailed()) {
-        // Only allow 407 (authentication required) to continue
-        if (httpStatus != 407)
-            return ProcessFailedProxyConnect(httpStatus);
-        // If proxy CONNECT response needs to complete, wait to process connection
+    if (mTransaction->SSLConnectFailed()) {
+        if (!ShouldSSLProxyResponseContinue(httpStatus))
+            return ProcessFailedSSLConnect(httpStatus);
+        // If SSL proxy response needs to complete, wait to process connection
         // for Strict-Transport-Security.
     } else {
         // Given a successful connection, process any STS data that's relevant.
         rv = ProcessSTSHeader();
         NS_ASSERTION(NS_SUCCEEDED(rv), "ProcessSTSHeader failed, continuing load.");
     }
 
     MOZ_ASSERT(!mCachedContentIsValid);
@@ -1258,33 +1265,34 @@ nsHttpChannel::ProcessResponse()
         }
         else {
             successfulReval = true;
         }
         break;
     case 401:
     case 407:
         rv = mAuthProvider->ProcessAuthentication(
-            httpStatus, mTransaction->ProxyConnectFailed());
+            httpStatus, mConnectionInfo->UsingSSL() &&
+                        mTransaction->SSLConnectFailed());
         if (rv == NS_ERROR_IN_PROGRESS)  {
             // authentication prompt has been invoked and result
             // is expected asynchronously
             mAuthRetryPending = true;
             // suspend the transaction pump to stop receiving the
             // unauthenticated content data. We will throw that data
             // away when user provides credentials or resume the pump
             // when user refuses to authenticate.
             LOG(("Suspending the transaction, asynchronously prompting for credentials"));
             mTransactionPump->Suspend();
             rv = NS_OK;
         }
         else if (NS_FAILED(rv)) {
             LOG(("ProcessAuthentication failed [rv=%x]\n", rv));
-           if (mTransaction->ProxyConnectFailed())
-               return ProcessFailedProxyConnect(httpStatus);
+            if (mTransaction->SSLConnectFailed())
+                return ProcessFailedSSLConnect(httpStatus);
             if (!mAuthRetryPending)
                 mAuthProvider->CheckForSuperfluousAuth();
             rv = ProcessNormal();
         }
         else
             mAuthRetryPending = true; // see DoAuthRetry
         break;
     default:
@@ -1345,18 +1353,18 @@ nsHttpChannel::ContinueProcessResponse(n
             // Store response in the offline cache
             InitOfflineCacheEntry();
             CloseOfflineCacheEntry();
         }
         return NS_OK;
     }
 
     LOG(("ContinueProcessResponse got failure result [rv=%x]\n", rv));
-    if (mTransaction->ProxyConnectFailed()) {
-        return ProcessFailedProxyConnect(mRedirectType);
+    if (mTransaction->SSLConnectFailed()) {
+        return ProcessFailedSSLConnect(mRedirectType);
     }
     return ProcessNormal();
 }
 
 nsresult
 nsHttpChannel::ProcessNormal()
 {
     nsresult rv;
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -167,17 +167,18 @@ private:
     nsresult ProcessResponse();
     nsresult ContinueProcessResponse(nsresult);
     nsresult ProcessNormal();
     nsresult ContinueProcessNormal(nsresult);
     nsresult ProcessNotModified();
     nsresult AsyncProcessRedirection(PRUint32 httpStatus);
     nsresult ContinueProcessRedirection(nsresult);
     nsresult ContinueProcessRedirectionAfterFallback(nsresult);
-    nsresult ProcessFailedProxyConnect(PRUint32 httpStatus);
+    bool     ShouldSSLProxyResponseContinue(PRUint32 httpStatus);
+    nsresult ProcessFailedSSLConnect(PRUint32 httpStatus);
     nsresult ProcessFallback(bool *waitingForRedirectCallback);
     nsresult ContinueProcessFallback(nsresult);
     void     HandleAsyncAbort();
     nsresult EnsureAssocReq();
 
     nsresult ContinueOnStartRequest1(nsresult);
     nsresult ContinueOnStartRequest2(nsresult);
     nsresult ContinueOnStartRequest3(nsresult);
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -63,21 +63,21 @@ nsHttpChannelAuthProvider::Init(nsIHttpA
     rv = mURI->GetPort(&mPort);
     if (NS_FAILED(rv)) return rv;
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsHttpChannelAuthProvider::ProcessAuthentication(PRUint32 httpStatus,
-                                                 bool     ProxyConnectFailed)
+                                                 bool     SSLConnectFailed)
 {
     LOG(("nsHttpChannelAuthProvider::ProcessAuthentication "
-         "[this=%p channel=%p code=%u ProxyConnectFailed=%d]\n",
-         this, mAuthChannel, httpStatus, ProxyConnectFailed));
+         "[this=%p channel=%p code=%u SSLConnectFailed=%d]\n",
+         this, mAuthChannel, httpStatus, SSLConnectFailed));
 
     NS_ASSERTION(mAuthChannel, "Channel not initialized");
 
     nsCOMPtr<nsIProxyInfo> proxyInfo;
     nsresult rv = mAuthChannel->GetProxyInfo(getter_AddRefs(proxyInfo));
     if (NS_FAILED(rv)) return rv;
     if (proxyInfo) {
         mProxyInfo = do_QueryInterface(proxyInfo);
@@ -108,17 +108,17 @@ nsHttpChannelAuthProvider::ProcessAuthen
         // credentials to an origin server.  We could attempt to proceed as
         // if we had received a 401 from the server, but why risk flirting
         // with trouble?  IE similarly rejects 407s when a proxy server is
         // not configured, so there's no reason not to do the same.
         if (!UsingHttpProxy()) {
             LOG(("rejecting 407 when proxy server not configured!\n"));
             return NS_ERROR_UNEXPECTED;
         }
-        if (!ProxyConnectFailed) {
+        if (UsingSSL() && !SSLConnectFailed) {
             // we need to verify that this challenge came from the proxy
             // server itself, and not some server on the other side of the
             // SSL tunnel.
             LOG(("rejecting 407 from origin server!\n"));
             return NS_ERROR_UNEXPECTED;
         }
         rv = mAuthChannel->GetProxyChallenges(challenges);
     }
--- a/netwerk/protocol/http/nsHttpConnection.cpp
+++ b/netwerk/protocol/http/nsHttpConnection.cpp
@@ -823,19 +823,19 @@ nsHttpConnection::OnHeadersAvailable(nsA
     }
 
     if (!foundKeepAliveMax && mRemainingConnectionUses && !mUsingSpdyVersion)
         --mRemainingConnectionUses;
 
     if (!mProxyConnectStream)
         HandleAlternateProtocol(responseHead);
 
-    // If we're doing a proxy connect, we need to check whether or not
-    // it was successful.  If so, we have to reset the transaction and step-up
-    // the socket connection if using SSL. Finally, we have to wake up the
+    // if we're doing an SSL proxy connect, then we need to check whether or not
+    // the connect was successful.  if so, then we have to reset the transaction
+    // and step-up the socket connection to SSL. finally, we have to wake up the
     // socket write request.
     if (mProxyConnectStream) {
         NS_ABORT_IF_FALSE(!mUsingSpdyVersion,
                           "SPDY NPN Complete while using proxy connect stream");
         mProxyConnectStream = 0;
         if (responseHead->Status() == 200) {
             LOG(("proxy CONNECT succeeded! ssl=%s\n",
                  mConnInfo->UsingSSL() ? "true" :"false"));
@@ -850,17 +850,17 @@ nsHttpConnection::OnHeadersAvailable(nsA
             mProxyConnectInProgress = false;
             rv = mSocketOut->AsyncWait(this, 0, 0, nsnull);
             // XXX what if this fails -- need to handle this error
             NS_ASSERTION(NS_SUCCEEDED(rv), "mSocketOut->AsyncWait failed");
         }
         else {
             LOG(("proxy CONNECT failed! ssl=%s\n",
                  mConnInfo->UsingSSL() ? "true" :"false"));
-            mTransaction->SetProxyConnectFailed();
+            mTransaction->SetSSLConnectFailed();
         }
     }
     
     const char *upgradeReq = requestHead->PeekHeader(nsHttp::Upgrade);
     if (upgradeReq) {
         LOG(("HTTP Upgrade in play - disable keepalive\n"));
         DontReuse();
     }
@@ -1190,18 +1190,18 @@ nsHttpConnection::OnSocketWritable()
 
     nsresult rv;
     PRUint32 n;
     bool again = true;
 
     do {
         mSocketOutCondition = NS_OK;
 
-        // If we're doing a proxy connect, then we need to bypass calling into
-        // the transaction.
+        // if we're doing an SSL proxy connect, then we need to bypass calling
+        // into the transaction.
         //
         // NOTE: this code path can't be shared since the transaction doesn't
         // implement nsIInputStream.  doing so is not worth the added cost of
         // extra indirections during normal reading.
         //
         if (mProxyConnectStream) {
             LOG(("  writing CONNECT request stream\n"));
             rv = mProxyConnectStream->ReadSegments(ReadFromStream, this,
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
@@ -1374,27 +1374,27 @@ bool
 nsHttpConnectionMgr::IsUnderPressure(nsConnectionEntry *ent,
                                    nsHttpTransaction::Classifier classification)
 {
     // A connection entry is declared to be "under pressure" if most of the 
     // allowed parallel connections are already used up. In that case we want to
     // favor existing pipelines over more parallelism so as to reserve any
     // unused parallel connections for types that don't have existing pipelines.
     //
-    // The definition of connection pressure is a pretty liberal one here - that
+    // The defintion of connection pressure is a pretty liberal one here - that
     // is why we are using the more restrictive maxPersist* counters.
     //
     // Pipelines are also favored when the requested classification is already
     // using 3 or more of the connections. Failure to do this could result in
     // one class (e.g. images) establishing self replenishing queues on all the
     // connections that would starve the other transaction types.
     
     PRInt32 currentConns = ent->mActiveConns.Length();
     PRInt32 maxConns =
-        (ent->mConnInfo->UsingHttpProxy() && !ent->mConnInfo->UsingConnect()) ?
+        (ent->mConnInfo->UsingHttpProxy() && !ent->mConnInfo->UsingSSL()) ?
         mMaxPersistConnsPerProxy : mMaxPersistConnsPerHost;
 
     // Leave room for at least 3 distinct types to operate concurrently,
     // this satisfies the typical {html, js/css, img} page.
     if (currentConns >= (maxConns - 2))
         return true;                           /* prefer pipeline */
 
     PRInt32 sameClass = 0;
--- a/netwerk/protocol/http/nsHttpPipeline.cpp
+++ b/netwerk/protocol/http/nsHttpPipeline.cpp
@@ -340,22 +340,22 @@ nsHttpPipeline::Classification()
         return mConnection->Classification();
 
     LOG(("nsHttpPipeline::Classification this=%p "
          "has null mConnection using CLASS_SOLO default", this));
     return nsAHttpTransaction::CLASS_SOLO;
 }
 
 void
-nsHttpPipeline::SetProxyConnectFailed()
+nsHttpPipeline::SetSSLConnectFailed()
 {
     nsAHttpTransaction *trans = Request(0);
 
     if (trans)
-        trans->SetProxyConnectFailed();
+        trans->SetSSLConnectFailed();
 }
 
 nsHttpRequestHead *
 nsHttpPipeline::RequestHead()
 {
     nsAHttpTransaction *trans = Request(0);
 
     if (trans)
@@ -642,17 +642,17 @@ nsHttpPipeline::WriteSegments(nsAHttpSeg
         return NS_SUCCEEDED(mStatus) ? NS_BASE_STREAM_CLOSED : mStatus;
 
     nsAHttpTransaction *trans; 
     nsresult rv;
 
     trans = Response(0);
     // This code deals with the establishment of a CONNECT tunnel through
     // an HTTP proxy. It allows the connection to do the CONNECT/200
-    // HTTP transaction to establish a tunnel as a precursor to the
+    // HTTP transaction to establish an SSL tunnel as a precursor to the
     // actual pipeline of regular HTTP transactions.
     if (!trans && mRequestQ.Length() &&
         mConnection->IsProxyConnectInProgress()) {
         LOG(("nsHttpPipeline::WriteSegments [this=%p] Forced Delegation\n",
              this));
         trans = Request(0);
     }
 
--- a/netwerk/protocol/http/nsHttpTransaction.cpp
+++ b/netwerk/protocol/http/nsHttpTransaction.cpp
@@ -96,17 +96,17 @@ nsHttpTransaction::nsHttpTransaction()
     , mTransactionDone(false)
     , mResponseIsComplete(false)
     , mDidContentStart(false)
     , mNoContent(false)
     , mSentData(false)
     , mReceivedData(false)
     , mStatusEventPending(false)
     , mHasRequestBody(false)
-    , mProxyConnectFailed(false)
+    , mSSLConnectFailed(false)
     , mHttpResponseMatched(false)
     , mPreserveStream(false)
     , mReportedStart(false)
     , mReportedResponseHeader(false)
     , mForTakeResponseHead(nsnull)
     , mResponseHeadTaken(false)
 {
     LOG(("Creating nsHttpTransaction @%x\n", this));
@@ -347,19 +347,19 @@ nsHttpTransaction::TakeResponseHead()
     }
 
     head = mResponseHead;
     mResponseHead = nsnull;
     return head;
 }
 
 void
-nsHttpTransaction::SetProxyConnectFailed()
+nsHttpTransaction::SetSSLConnectFailed()
 {
-    mProxyConnectFailed = true;
+    mSSLConnectFailed = true;
 }
 
 nsHttpRequestHead *
 nsHttpTransaction::RequestHead()
 {
     return mRequestHead;
 }
 
--- a/netwerk/protocol/http/nsHttpTransaction.h
+++ b/netwerk/protocol/http/nsHttpTransaction.h
@@ -89,17 +89,17 @@ public:
 
     // Called to take ownership of the response headers; the transaction
     // will drop any reference to the response headers after this call.
     nsHttpResponseHead *TakeResponseHead();
 
     // Called to find out if the transaction generated a complete response.
     bool ResponseIsComplete() { return mResponseIsComplete; }
 
-    bool      ProxyConnectFailed() { return mProxyConnectFailed; }
+    bool      SSLConnectFailed() { return mSSLConnectFailed; }
 
     // SetPriority() may only be used by the connection manager.
     void    SetPriority(PRInt32 priority) { mPriority = priority; }
     PRInt32    Priority()                 { return mPriority; }
 
     const TimingStruct& Timings() const { return mTimings; }
     enum Classifier Classification() { return mClassification; }
 
@@ -184,17 +184,17 @@ private:
     bool                            mTransactionDone;
     bool                            mResponseIsComplete;
     bool                            mDidContentStart;
     bool                            mNoContent; // expecting an empty entity body
     bool                            mSentData;
     bool                            mReceivedData;
     bool                            mStatusEventPending;
     bool                            mHasRequestBody;
-    bool                            mProxyConnectFailed;
+    bool                            mSSLConnectFailed;
     bool                            mHttpResponseMatched;
     bool                            mPreserveStream;
 
     // mClosed           := transaction has been explicitly closed
     // mTransactionDone  := transaction ran to completion or was interrupted
     // mResponseComplete := transaction ran to completion
 
     // For Restart-In-Progress Functionality
--- a/netwerk/protocol/http/nsIHttpAuthManager.idl
+++ b/netwerk/protocol/http/nsIHttpAuthManager.idl
@@ -22,17 +22,17 @@
 [scriptable, uuid(7ce8e9d1-8b4b-4883-a307-66fe12a50153)]
 interface nsIHttpAuthManager : nsISupports
 {
     /**
      * Lookup auth identity.
      *
      * @param aScheme
      *        the URL scheme (e.g., "http").  NOTE: for proxy authentication,
-     *        this should be "http" (this includes authentication for CONNECT
+     *        this should be "http" (this includes authentication for SSL
      *        tunneling).
      * @param aHost
      *        the host of the server issuing a challenge (ASCII only).
      * @param aPort
      *        the port of the server issuing a challenge.
      * @param aAuthType
      *        optional string identifying auth type used (e.g., "basic")
      * @param aRealm
@@ -56,17 +56,17 @@ interface nsIHttpAuthManager : nsISuppor
                          out AString aUserName,
                          out AString aUserPassword);
 
     /**
      * Store auth identity.
      *
      * @param aScheme
      *        the URL scheme (e.g., "http").  NOTE: for proxy authentication,
-     *        this should be "http" (this includes authentication for CONNECT
+     *        this should be "http" (this includes authentication for SSL
      *        tunneling).
      * @param aHost
      *        the host of the server issuing a challenge (ASCII only).
      * @param aPort
      *        the port of the server issuing a challenge.
      * @param aAuthType
      *        optional string identifying auth type used (e.g., "basic")
      * @param aRealm
--- a/netwerk/protocol/http/nsIHttpChannelAuthProvider.idl
+++ b/netwerk/protocol/http/nsIHttpChannelAuthProvider.idl
@@ -35,31 +35,31 @@ interface nsIHttpChannelAuthProvider : n
   void init(in nsIHttpAuthenticableChannel channel);
 
   /**
    * Upon receipt of a server challenge, this function is called to determine
    * the credentials to send.
    *
    * @param httpStatus
    *        the http status received.
-   * @param proxyConnectFailed
-   *        if attempt to create CONNECT tunnel via proxy failed.
+   * @param sslConnectFailed
+   *        if the last ssl tunnel connection attempt was or not successful.
    * @param callback
    *        the callback to be called when it returns NS_ERROR_IN_PROGRESS.
    *        The implementation must hold a weak reference.
    *
    * @returns NS_OK if the credentials were got and set successfully.
    *          NS_ERROR_IN_PROGRESS if the credentials are going to be asked to
    *                               the user. The channel reference must be
    *                               alive until the feedback from
    *                               nsIHttpAuthenticableChannel's methods or
    *                               until disconnect be called.
    */
   void processAuthentication(in unsigned long httpStatus,
-                             in boolean proxyConnectFailed);
+                             in boolean sslConnectFailed);
 
   /**
    * Add credentials from the http auth cache.
    */
   void addAuthorizationHeaders();
 
   /**
    * Check if an unnecessary(and maybe malicious) url authentication has been