Bug 1219935 - Skip OCSP request if PAC download is in progress r=keeler,bagder
authorKershaw Chang <kershaw@mozilla.com>
Mon, 22 Oct 2018 09:07:51 +0000
changeset 442298 28403444666ca113c31b269dd55d31159ac2fe6b
parent 442297 5d7093d30ed3cb97eb09034826bfb64f4f080e0a
child 442299 d7ba5883b259d3ba647894b7e0bf53587331df9f
push id34904
push userarchaeopteryx@coole-files.de
push dateMon, 22 Oct 2018 17:25:25 +0000
treeherdermozilla-central@af3fd0a2c2e6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, bagder
bugs1219935
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1219935 - Skip OCSP request if PAC download is in progress r=keeler,bagder This is a straightforward patch. Just add a new attribute in nsIProtocolProxyService to indicate whether PAC is still loading. If yes, fail the OCSP request. Differential Revision: https://phabricator.services.mozilla.com/D9154
netwerk/base/nsIProtocolProxyService.idl
netwerk/base/nsProtocolProxyService.cpp
security/manager/ssl/nsNSSCallbacks.cpp
--- a/netwerk/base/nsIProtocolProxyService.idl
+++ b/netwerk/base/nsIProtocolProxyService.idl
@@ -277,9 +277,14 @@ interface nsIProtocolProxyService : nsIS
      const unsigned long PROXYCONFIG_PAC      = 2;
      const unsigned long PROXYCONFIG_WPAD     = 4;
      const unsigned long PROXYCONFIG_SYSTEM   = 5;
 
      /**
       * This attribute specifies the current type of proxy configuration.
       */
      readonly attribute unsigned long proxyConfigType;
+
+     /**
+      * True if there is a PAC download in progress.
+      */
+    [noscript] readonly attribute boolean isPACLoading;
 };
--- a/netwerk/base/nsProtocolProxyService.cpp
+++ b/netwerk/base/nsProtocolProxyService.cpp
@@ -2542,10 +2542,22 @@ nsProtocolProxyService::PruneProxyInfo(c
     if (head && !head->mNext && head->mType == kProxyType_DIRECT)
         NS_RELEASE(head);
 
     *list = head;  // Transfer ownership
 
     LOG(("nsProtocolProxyService::PruneProxyInfo LEAVE list=%p", *list));
 }
 
+NS_IMETHODIMP
+nsProtocolProxyService::GetIsPACLoading(bool *aResult)
+{
+    NS_ENSURE_ARG_POINTER(aResult);
+
+    *aResult = false;
+    if (mPACMan && mPACMan->IsLoading()) {
+        *aResult = true;
+    }
+    return NS_OK;
+}
+
 } // namespace net
 } // namespace mozilla
\ No newline at end of file
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -15,16 +15,17 @@
 #include "mozilla/Casting.h"
 #include "mozilla/RefPtr.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/Unused.h"
 #include "nsContentUtils.h"
 #include "nsICertOverrideService.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsIPrompt.h"
+#include "nsIProtocolProxyService.h"
 #include "nsISupportsPriority.h"
 #include "nsIStreamLoader.h"
 #include "nsITokenDialogs.h"
 #include "nsIUploadChannel.h"
 #include "nsIWebProgressListener.h"
 #include "nsNSSCertHelper.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSComponent.h"
@@ -231,16 +232,34 @@ OCSPRequest::Run()
   rv = uri->GetScheme(scheme);
   if (NS_FAILED(rv)) {
     return NotifyDone(rv, lock);
   }
   if (!scheme.LowerCaseEqualsLiteral("http")) {
     return NotifyDone(NS_ERROR_MALFORMED_URI, lock);
   }
 
+  // See bug 1219935.
+  // We should not send OCSP request if the PAC is still loading.
+  nsCOMPtr<nsIProtocolProxyService> pps =
+    do_GetService(NS_PROTOCOLPROXYSERVICE_CONTRACTID, &rv);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  bool isPACLoading = false;
+  rv = pps->GetIsPACLoading(&isPACLoading);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  if (isPACLoading) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+
   nsCOMPtr<nsIChannel> channel;
   rv = ios->NewChannel2(mAIALocation,
                         nullptr,
                         nullptr,
                         nullptr, // aLoadingNode
                         nsContentUtils::GetSystemPrincipal(),
                         nullptr, // aTriggeringPrincipal
                         nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,