author | Patrick McManus <mcmanus@ducksong.com> |
Thu, 07 May 2015 13:16:26 -0400 | |
changeset 242857 | c5dcb389afee0d7e9178e7c1d7fa073a4478b6e9 |
parent 242856 | d5a70f4292a641c5e4e55e7e139e3214b16fc0ec |
child 242858 | 2124a617b3bc9c9eb4e7145b7aa3eeec09a3f62a |
push id | 28713 |
push user | kwierso@gmail.com |
push date | Fri, 08 May 2015 17:06:43 +0000 |
treeherder | mozilla-central@fd5e9b7eec13 [default view] [failures only] |
perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
reviewers | backout |
bugs | 1153212 |
milestone | 40.0a1 |
first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/netwerk/protocol/http/nsHttpConnectionInfo.h +++ b/netwerk/protocol/http/nsHttpConnectionInfo.h @@ -58,19 +58,16 @@ private: void BuildHashKey(); public: const nsAFlatCString &HashKey() const { return mHashKey; } const nsCString &GetAuthenticationHost() const { return mAuthenticationHost; } int32_t GetAuthenticationPort() const { return mAuthenticationPort; } - const nsCString &GetOrigin() const { return mAuthenticationHost.IsEmpty() ? mHost : mAuthenticationHost; } - int32_t OriginPort() const { return mAuthenticationHost.IsEmpty() ? mPort : mAuthenticationPort; } - // With overhead rebuilding the hash key. The initial // network interface is empty. So you can reduce one call // if there's no explicit route after ctor. void SetNetworkInterfaceId(const nsACString& aNetworkInterfaceId); // OK to treat these as an infalible allocation nsHttpConnectionInfo* Clone() const; void CloneAsDirectRoute(nsHttpConnectionInfo **outParam);
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -875,18 +875,18 @@ nsHttpConnectionMgr::GetSpdyPreferredEnt } // try all the spdy versions we support. const SpdyInformation *info = gHttpHandler->SpdyInfo(); for (uint32_t index = SpdyInformation::kCount; NS_SUCCEEDED(rv) && index > 0; --index) { if (info->ProtocolEnabled(index - 1)) { rv = sslSocketControl->JoinConnection(info->VersionString[index - 1], - aOriginalEntry->mConnInfo->GetOrigin(), - aOriginalEntry->mConnInfo->OriginPort(), + aOriginalEntry->mConnInfo->GetHost(), + aOriginalEntry->mConnInfo->Port(), &isJoined); if (NS_SUCCEEDED(rv) && isJoined) { break; } } } if (NS_FAILED(rv) || !isJoined) {
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp +++ b/security/manager/ssl/src/nsNSSIOLayer.cpp @@ -189,26 +189,18 @@ nsNSSSocketInfo::GetBypassAuthentication { *arg = mBypassAuthentication; return NS_OK; } NS_IMETHODIMP nsNSSSocketInfo::SetBypassAuthentication(bool arg) { - nsNSSShutDownPreventionLock locker; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mFd) { - return NS_ERROR_FAILURE; - } - mBypassAuthentication = arg; - return SyncNSSNames(locker); + return NS_OK; } NS_IMETHODIMP nsNSSSocketInfo::GetFailedVerification(bool* arg) { *arg = mFailedVerification; return NS_OK; } @@ -218,59 +210,29 @@ nsNSSSocketInfo::GetAuthenticationName(n { aAuthenticationName = GetHostName(); return NS_OK; } NS_IMETHODIMP nsNSSSocketInfo::SetAuthenticationName(const nsACString& aAuthenticationName) { - nsNSSShutDownPreventionLock locker; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mFd) { - return NS_ERROR_FAILURE; - } - - nsCString authenticationName(aAuthenticationName); - PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, - ("[%p] nsNSSSocketInfo::SetAuthenticationName change from %s to %s\n", - mFd, PromiseFlatCString(GetHostName()).get(), - authenticationName.get())); - - nsresult rv = SetHostName(authenticationName.get()); - if (NS_FAILED(rv)) { - return rv; - } - return SyncNSSNames(locker); + return SetHostName(PromiseFlatCString(aAuthenticationName).get()); } NS_IMETHODIMP nsNSSSocketInfo::GetAuthenticationPort(int32_t* aAuthenticationPort) { return GetPort(aAuthenticationPort); } NS_IMETHODIMP nsNSSSocketInfo::SetAuthenticationPort(int32_t aAuthenticationPort) { - nsNSSShutDownPreventionLock locker; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mFd) { - return NS_ERROR_FAILURE; - } - - nsresult rv = SetPort(aAuthenticationPort); - if (NS_FAILED(rv)) { - return rv; - } - return SyncNSSNames(locker); + return SetPort(aAuthenticationPort); } NS_IMETHODIMP nsNSSSocketInfo::GetRememberClientAuthCertificate(bool* aRemember) { NS_ENSURE_ARG_POINTER(aRemember); *aRemember = mRememberClientAuthCertificate; return NS_OK; @@ -299,46 +261,16 @@ nsNSSSocketInfo::SetNotificationCallback return NS_OK; } mCallbacks = aCallbacks; return NS_OK; } -// forward declare this for SyncNSSNames() -static nsresult -nsSSLIOLayerSetPeerName(PRFileDesc* fd, nsNSSSocketInfo* infoObject, - const char* host, int32_t port, - const nsNSSShutDownPreventionLock& /* proofOfLock */); - -nsresult -nsNSSSocketInfo::SyncNSSNames(const nsNSSShutDownPreventionLock& proofOfLock) -{ - // I don't know why any of these calls would fail, but if they do - // we need to call SetCanceled to avoid non-determinstic results - - const char* hostName = GetHostNameRaw(); - if (SECSuccess != SSL_SetURL(mFd, hostName)) { - PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("[%p] SyncNSSNames SSL_SetURL error: %d\n", - (void*) mFd, PR_GetError())); - SetCanceled(PR_INVALID_STATE_ERROR, PlainErrorMessage); - return NS_ERROR_FAILURE; - } - - int32_t port = GetPort(); - if (NS_FAILED(nsSSLIOLayerSetPeerName(mFd, this, hostName, port, proofOfLock))) { - PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("[%p] SyncNSSNames SetPeerName error: %d\n", - (void*) mFd, PR_GetError())); - SetCanceled(PR_INVALID_STATE_ERROR, PlainErrorMessage); - return NS_ERROR_FAILURE; - } - return NS_OK; -} - void nsNSSSocketInfo::NoteTimeUntilReady() { if (mNotedTimeUntilReady) return; mNotedTimeUntilReady = true; @@ -508,22 +440,16 @@ nsNSSSocketInfo::JoinConnection(const ns // Different ports may not be joined together if (port != GetPort()) return NS_OK; // Make sure NPN has been completed and matches requested npnProtocol if (!mNPNCompleted || !mNegotiatedNPN.Equals(npnProtocol)) return NS_OK; - if (mBypassAuthentication) { - // An unauthenticated connection does not know whether or not it - // is acceptable for a particular hostname - return NS_OK; - } - IsAcceptableForHost(hostname, _retval); if (*_retval) { // All tests pass - this is joinable mJoined = true; } return NS_OK; } @@ -2590,54 +2516,21 @@ nsSSLIOLayerImportFD(PRFileDesc* fd, loser: if (sslSock) { PR_Close(sslSock); } return nullptr; } static nsresult -nsSSLIOLayerSetPeerName(PRFileDesc* fd, nsNSSSocketInfo* infoObject, - const char* host, int32_t port, - const nsNSSShutDownPreventionLock& /*proofOfLock*/) -{ - // Set the Peer ID so that SSL proxy connections work properly and to - // separate anonymous and/or private browsing connections. - uint32_t flags = infoObject->GetProviderFlags(); - nsAutoCString peerId; - if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080 - peerId.AppendLiteral("anon:"); - } - if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) { - peerId.AppendLiteral("private:"); - } - if (infoObject->GetBypassAuthentication()) { - peerId.AppendLiteral("bypassAuth:"); - } - peerId.Append(host); - peerId.Append(':'); - peerId.AppendInt(port); - PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, - ("[%p] nsSSLIOLayerSetPeerName to %s\n", fd, peerId.get())); - if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) { - return NS_ERROR_FAILURE; - } - return NS_OK; -} - -static nsresult nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS, const char* proxyHost, const char* host, int32_t port, nsNSSSocketInfo* infoObject) { nsNSSShutDownPreventionLock locker; - if (infoObject->isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (forSTARTTLS || proxyHost) { if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) { return NS_ERROR_FAILURE; } } SSLVersionRange range; if (SSL_VersionRangeGet(fd, &range) != SECSuccess) { @@ -2678,17 +2571,34 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) { return NS_ERROR_FAILURE; } if (SECSuccess != SSL_OptionSet(fd, SSL_HANDSHAKE_AS_CLIENT, true)) { return NS_ERROR_FAILURE; } - return nsSSLIOLayerSetPeerName(fd, infoObject, host, port, locker); + // Set the Peer ID so that SSL proxy connections work properly and to + // separate anonymous and/or private browsing connections. + uint32_t flags = infoObject->GetProviderFlags(); + nsAutoCString peerId; + if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080 + peerId.AppendLiteral("anon:"); + } + if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) { + peerId.AppendLiteral("private:"); + } + peerId.Append(host); + peerId.Append(':'); + peerId.AppendInt(port); + if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) { + return NS_ERROR_FAILURE; + } + + return NS_OK; } nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port, const char* proxyHost, int32_t proxyPort,
--- a/security/manager/ssl/src/nsNSSIOLayer.h +++ b/security/manager/ssl/src/nsNSSIOLayer.h @@ -131,17 +131,16 @@ private: mozilla::psm::SharedSSLState& mSharedState; bool mForSTARTTLS; SSLVersionRange mTLSVersionRange; bool mHandshakePending; bool mRememberClientAuthCertificate; bool mPreliminaryHandshakeDone; // after false start items are complete nsresult ActivateSSL(); - nsresult SyncNSSNames(const nsNSSShutDownPreventionLock& proofOfLock); nsCString mNegotiatedNPN; bool mNPNCompleted; bool mFalseStartCallbackCalled; bool mFalseStarted; bool mIsFullHandshake; bool mHandshakeCompleted; bool mJoined;