Backed out changeset 329da1081148
authorBrian Smith <bsmith@mozilla.com>
Fri, 30 Nov 2012 19:36:08 -0800
changeset 114686 ede38378e5705bd09df444013c47442a5e8ee601
parent 114685 29c8aceb7068571b18e77a1c5c9e8273e7350f2a
child 114687 d6ff6c02ef7481f28155402addb2fff19d650018
push id23926
push userryanvm@gmail.com
push dateSat, 01 Dec 2012 15:27:30 +0000
treeherdermozilla-central@ecdf0e332f17 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
milestone20.0a1
backs out329da10811489b6adc5435ec65f8081cd3ab7516
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 329da1081148
security/manager/ssl/src/ScopedNSSTypes.h
testing/mochitest/ssltunnel/ssltunnel.cpp
--- a/security/manager/ssl/src/ScopedNSSTypes.h
+++ b/security/manager/ssl/src/ScopedNSSTypes.h
@@ -5,18 +5,17 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef mozilla_ScopedNSSTypes_h
 #define mozilla_ScopedNSSTypes_h
 
 #include "mozilla/Likely.h"
 #include "mozilla/mozalloc_oom.h"
 #include "mozilla/Scoped.h"
-#include "nsError.h"
-#include "nsDebug.h"
+
 #include "prio.h"
 #include "cert.h"
 #include "cms.h"
 #include "keyhi.h"
 #include "pk11pub.h"
 #include "sechash.h"
 #include "secpkcs7.h"
 #include "prerror.h"
--- a/testing/mochitest/ssltunnel/ssltunnel.cpp
+++ b/testing/mochitest/ssltunnel/ssltunnel.cpp
@@ -7,37 +7,37 @@
  * WARNING: DO NOT USE THIS CODE IN PRODUCTION SYSTEMS.  It is highly likely to
  *          be plagued with the usual problems endemic to C (buffer overflows
  *          and the like).  We don't especially care here (but would accept
  *          patches!) because this is only intended for use in our test
  *          harnesses in controlled situations where input is guaranteed not to
  *          be malicious.
  */
 
-#include "ScopedNSSTypes.h"
 #include <assert.h>
 #include <stdio.h>
 #include <string>
 #include <vector>
 #include <algorithm>
 #include <stdarg.h>
 #include "prinit.h"
 #include "prerror.h"
 #include "prenv.h"
+#include "prio.h"
 #include "prnetdb.h"
 #include "prtpool.h"
 #include "prtypes.h"
 #include "nsAlgorithm.h"
 #include "nss.h"
+#include "pk11func.h"
 #include "key.h"
+#include "keyt.h"
 #include "ssl.h"
 #include "plhash.h"
 
-using namespace mozilla;
-using namespace mozilla::psm;
 using std::string;
 using std::vector;
 
 #define IS_DELIM(m, c)          ((m)[(c) >> 3] & (1 << ((c) & 7)))
 #define SET_DELIM(m, c)         ((m)[(c) >> 3] |= (1 << ((c) & 7)))
 #define DELIM_TABLE_SIZE        32
 
 // You can set the level of logging by env var SSLTUNNEL_LOG_LEVEL=n, where n
@@ -199,16 +199,54 @@ struct relayBuffer
   }
 
   bool empty() { return bufferhead == buffertail; }
   size_t areafree() { return bufferend - buffertail; }
   size_t margin() { return areafree() + BUF_MARGIN; }
   size_t present() { return buffertail - bufferhead; }
 };
 
+// A couple of stack classes for managing NSS/NSPR resources
+class AutoCert {
+public:
+  AutoCert(CERTCertificate* cert) { cert_ = cert; }
+  ~AutoCert() { if (cert_) CERT_DestroyCertificate(cert_); }
+  operator CERTCertificate*() { return cert_; }
+private:
+  CERTCertificate* cert_;
+};
+
+class AutoKey {
+public:
+  AutoKey(SECKEYPrivateKey* key) { key_ = key; }
+  ~AutoKey() { if (key_)   SECKEY_DestroyPrivateKey(key_); }
+  operator SECKEYPrivateKey*() { return key_; }
+private:
+  SECKEYPrivateKey* key_;
+};
+
+class AutoFD {
+public:
+  AutoFD(PRFileDesc* fd) { fd_ = fd; }
+  ~AutoFD() {
+    if (fd_) {
+      PR_Shutdown(fd_, PR_SHUTDOWN_BOTH);
+      PR_Close(fd_);
+    }
+  }
+  operator PRFileDesc*() { return fd_; }
+  PRFileDesc* reset(PRFileDesc* newfd) {
+    PRFileDesc* oldfd = fd_;
+    fd_ = newfd;
+    return oldfd;
+  }
+private:
+  PRFileDesc* fd_;
+};
+
 // These numbers are multiplied by the number of listening ports (actual
 // servers running).  According the thread pool implementation there is no
 // need to limit the number of threads initially, threads are allocated
 // dynamically and stored in a linked list.  Initial number of 2 is chosen
 // to allocate a thread for socket accept and preallocate one for the first
 // connection that is with high probability expected to come.
 const uint32_t INITIAL_THREADS = 2;
 const uint32_t MAX_THREADS = 100;
@@ -318,23 +356,24 @@ bool ReadConnectRequest(server_info_t* s
   return true;
 }
 
 bool ConfigureSSLServerSocket(PRFileDesc* socket, server_info_t* si, string &certificate, client_auth_option clientAuth)
 {
   const char* certnick = certificate.empty() ?
       si->cert_nickname.c_str() : certificate.c_str();
 
-  ScopedCERTCertificate cert(PK11_FindCertFromNickname(certnick, NULL));
+  AutoCert cert(PK11_FindCertFromNickname(
+      certnick, NULL));
   if (!cert) {
     LOG_ERROR(("Failed to find cert %s\n", certnick));
     return false;
   }
 
-  ScopedSECKEYPrivateKey privKey(PK11_FindKeyByAnyCert(cert, NULL));
+  AutoKey privKey(PK11_FindKeyByAnyCert(cert, NULL));
   if (!privKey) {
     LOG_ERROR(("Failed to find private key\n"));
     return false;
   }
 
   PRFileDesc* ssl_socket = SSL_ImportFD(NULL, socket);
   if (!ssl_socket) {
     LOG_ERROR(("Error importing SSL socket\n"));
@@ -533,17 +572,17 @@ bool ConnectSocket(PRFileDesc *fd, const
  * The data parameter is a connection_info_t*, and must be deleted
  * by this function.
  */
 void HandleConnection(void* data)
 {
   connection_info_t* ci = static_cast<connection_info_t*>(data);
   PRIntervalTime connect_timeout = PR_SecondsToInterval(30);
 
-  ScopedPRFileDesc other_sock(PR_NewTCPSocket());
+  AutoFD other_sock(PR_NewTCPSocket());
   bool client_done = false;
   bool client_error = false;
   bool connect_accepted = !do_http_proxy;
   bool ssl_updated = !do_http_proxy;
   bool expect_request_start = do_http_proxy;
   string certificateToUse;
   string locationHeader;
   client_auth_option clientAuth;
@@ -873,17 +912,17 @@ void HandleConnection(void* data)
  * The data parameter is a server_info_t*, owned by the calling
  * function.
  */
 void StartServer(void* data)
 {
   server_info_t* si = static_cast<server_info_t*>(data);
 
   //TODO: select ciphers?
-  ScopedPRFileDesc listen_socket(PR_NewTCPSocket());
+  AutoFD listen_socket(PR_NewTCPSocket());
   if (!listen_socket) {
     LOG_ERROR(("failed to create socket\n"));
     SignalShutdown();
     return;
   }
 
   // In case the socket is still open in the TIME_WAIT state from a previous
   // instance of ssltunnel we ask to reuse the port.