bug 1153212 - 1/2 revert 90d6a38931fa to make room for better fix r=backout
authorPatrick McManus <mcmanus@ducksong.com>
Thu, 07 May 2015 13:16:26 -0400
changeset 274222 c5dcb389afee0d7e9178e7c1d7fa073a4478b6e9
parent 274221 d5a70f4292a641c5e4e55e7e139e3214b16fc0ec
child 274223 2124a617b3bc9c9eb4e7145b7aa3eeec09a3f62a
push id863
push userraliiev@mozilla.com
push dateMon, 03 Aug 2015 13:22:43 +0000
treeherdermozilla-release@f6321b14228d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1153212
milestone40.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1153212 - 1/2 revert 90d6a38931fa to make room for better fix r=backout
netwerk/protocol/http/nsHttpConnectionInfo.h
netwerk/protocol/http/nsHttpConnectionMgr.cpp
security/manager/ssl/src/nsNSSIOLayer.cpp
security/manager/ssl/src/nsNSSIOLayer.h
--- a/netwerk/protocol/http/nsHttpConnectionInfo.h
+++ b/netwerk/protocol/http/nsHttpConnectionInfo.h
@@ -58,19 +58,16 @@ private:
     void BuildHashKey();
 
 public:
     const nsAFlatCString &HashKey() const { return mHashKey; }
 
     const nsCString &GetAuthenticationHost() const { return mAuthenticationHost; }
     int32_t GetAuthenticationPort() const { return mAuthenticationPort; }
 
-    const nsCString &GetOrigin() const { return mAuthenticationHost.IsEmpty() ? mHost : mAuthenticationHost; }
-    int32_t OriginPort() const { return mAuthenticationHost.IsEmpty() ? mPort : mAuthenticationPort; }
-
     // With overhead rebuilding the hash key. The initial
     // network interface is empty. So you can reduce one call
     // if there's no explicit route after ctor.
     void SetNetworkInterfaceId(const nsACString& aNetworkInterfaceId);
 
     // OK to treat these as an infalible allocation
     nsHttpConnectionInfo* Clone() const;
     void CloneAsDirectRoute(nsHttpConnectionInfo **outParam);
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
@@ -875,18 +875,18 @@ nsHttpConnectionMgr::GetSpdyPreferredEnt
     }
 
     // try all the spdy versions we support.
     const SpdyInformation *info = gHttpHandler->SpdyInfo();
     for (uint32_t index = SpdyInformation::kCount;
          NS_SUCCEEDED(rv) && index > 0; --index) {
         if (info->ProtocolEnabled(index - 1)) {
             rv = sslSocketControl->JoinConnection(info->VersionString[index - 1],
-                                                  aOriginalEntry->mConnInfo->GetOrigin(),
-                                                  aOriginalEntry->mConnInfo->OriginPort(),
+                                                  aOriginalEntry->mConnInfo->GetHost(),
+                                                  aOriginalEntry->mConnInfo->Port(),
                                                   &isJoined);
             if (NS_SUCCEEDED(rv) && isJoined) {
                 break;
             }
         }
     }
 
     if (NS_FAILED(rv) || !isJoined) {
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -189,26 +189,18 @@ nsNSSSocketInfo::GetBypassAuthentication
 {
   *arg = mBypassAuthentication;
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::SetBypassAuthentication(bool arg)
 {
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-  if (!mFd) {
-    return NS_ERROR_FAILURE;
-  }
-
   mBypassAuthentication = arg;
-  return SyncNSSNames(locker);
+  return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::GetFailedVerification(bool* arg)
 {
   *arg = mFailedVerification;
   return NS_OK;
 }
@@ -218,59 +210,29 @@ nsNSSSocketInfo::GetAuthenticationName(n
 {
   aAuthenticationName = GetHostName();
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::SetAuthenticationName(const nsACString& aAuthenticationName)
 {
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-  if (!mFd) {
-    return NS_ERROR_FAILURE;
-  }
-
-  nsCString authenticationName(aAuthenticationName);
-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-         ("[%p] nsNSSSocketInfo::SetAuthenticationName change from %s to %s\n",
-          mFd, PromiseFlatCString(GetHostName()).get(),
-          authenticationName.get()));
-
-  nsresult rv = SetHostName(authenticationName.get());
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  return SyncNSSNames(locker);
+  return SetHostName(PromiseFlatCString(aAuthenticationName).get());
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::GetAuthenticationPort(int32_t* aAuthenticationPort)
 {
   return GetPort(aAuthenticationPort);
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::SetAuthenticationPort(int32_t aAuthenticationPort)
 {
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-  if (!mFd) {
-    return NS_ERROR_FAILURE;
-  }
-
-  nsresult rv = SetPort(aAuthenticationPort);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  return SyncNSSNames(locker);
+  return SetPort(aAuthenticationPort);
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::GetRememberClientAuthCertificate(bool* aRemember)
 {
   NS_ENSURE_ARG_POINTER(aRemember);
   *aRemember = mRememberClientAuthCertificate;
   return NS_OK;
@@ -299,46 +261,16 @@ nsNSSSocketInfo::SetNotificationCallback
     return NS_OK;
   }
 
   mCallbacks = aCallbacks;
 
   return NS_OK;
 }
 
-// forward declare this for SyncNSSNames()
-static nsresult
-nsSSLIOLayerSetPeerName(PRFileDesc* fd, nsNSSSocketInfo* infoObject,
-                        const char* host, int32_t port,
-                        const nsNSSShutDownPreventionLock& /* proofOfLock */);
-
-nsresult
-nsNSSSocketInfo::SyncNSSNames(const nsNSSShutDownPreventionLock& proofOfLock)
-{
-  // I don't know why any of these calls would fail, but if they do
-  // we need to call SetCanceled to avoid non-determinstic results
-
-  const char* hostName = GetHostNameRaw();
-  if (SECSuccess != SSL_SetURL(mFd, hostName)) {
-    PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("[%p] SyncNSSNames SSL_SetURL error: %d\n",
-                                      (void*) mFd, PR_GetError()));
-    SetCanceled(PR_INVALID_STATE_ERROR, PlainErrorMessage);
-    return NS_ERROR_FAILURE;
-  }
-
-  int32_t port = GetPort();
-  if (NS_FAILED(nsSSLIOLayerSetPeerName(mFd, this, hostName, port, proofOfLock))) {
-    PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("[%p] SyncNSSNames SetPeerName error: %d\n",
-                                      (void*) mFd, PR_GetError()));
-    SetCanceled(PR_INVALID_STATE_ERROR, PlainErrorMessage);
-    return NS_ERROR_FAILURE;
-  }
-  return NS_OK;
-}
-
 void
 nsNSSSocketInfo::NoteTimeUntilReady()
 {
   if (mNotedTimeUntilReady)
     return;
 
   mNotedTimeUntilReady = true;
 
@@ -508,22 +440,16 @@ nsNSSSocketInfo::JoinConnection(const ns
   // Different ports may not be joined together
   if (port != GetPort())
     return NS_OK;
 
   // Make sure NPN has been completed and matches requested npnProtocol
   if (!mNPNCompleted || !mNegotiatedNPN.Equals(npnProtocol))
     return NS_OK;
 
-  if (mBypassAuthentication) {
-    // An unauthenticated connection does not know whether or not it
-    // is acceptable for a particular hostname
-    return NS_OK;
-  }
-
   IsAcceptableForHost(hostname, _retval);
 
   if (*_retval) {
     // All tests pass - this is joinable
     mJoined = true;
   }
   return NS_OK;
 }
@@ -2590,54 +2516,21 @@ nsSSLIOLayerImportFD(PRFileDesc* fd,
 loser:
   if (sslSock) {
     PR_Close(sslSock);
   }
   return nullptr;
 }
 
 static nsresult
-nsSSLIOLayerSetPeerName(PRFileDesc* fd, nsNSSSocketInfo* infoObject,
-                        const char* host, int32_t port,
-                        const nsNSSShutDownPreventionLock& /*proofOfLock*/)
-{
-  // Set the Peer ID so that SSL proxy connections work properly and to
-  // separate anonymous and/or private browsing connections.
-  uint32_t flags = infoObject->GetProviderFlags();
-  nsAutoCString peerId;
-  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
-    peerId.AppendLiteral("anon:");
-  }
-  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
-    peerId.AppendLiteral("private:");
-  }
-  if (infoObject->GetBypassAuthentication()) {
-    peerId.AppendLiteral("bypassAuth:");
-  }
-  peerId.Append(host);
-  peerId.Append(':');
-  peerId.AppendInt(port);
-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-         ("[%p] nsSSLIOLayerSetPeerName to %s\n", fd, peerId.get()));
-  if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
-    return NS_ERROR_FAILURE;
-  }
-  return NS_OK;
-}
-
-static nsresult
 nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
                        const char* proxyHost, const char* host, int32_t port,
                        nsNSSSocketInfo* infoObject)
 {
   nsNSSShutDownPreventionLock locker;
-  if (infoObject->isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
   if (forSTARTTLS || proxyHost) {
     if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) {
       return NS_ERROR_FAILURE;
     }
   }
 
   SSLVersionRange range;
   if (SSL_VersionRangeGet(fd, &range) != SECSuccess) {
@@ -2678,17 +2571,34 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
   if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) {
     return NS_ERROR_FAILURE;
   }
 
   if (SECSuccess != SSL_OptionSet(fd, SSL_HANDSHAKE_AS_CLIENT, true)) {
     return NS_ERROR_FAILURE;
   }
 
-  return nsSSLIOLayerSetPeerName(fd, infoObject, host, port, locker);
+  // Set the Peer ID so that SSL proxy connections work properly and to
+  // separate anonymous and/or private browsing connections.
+  uint32_t flags = infoObject->GetProviderFlags();
+  nsAutoCString peerId;
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
+    peerId.AppendLiteral("anon:");
+  }
+  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    peerId.AppendLiteral("private:");
+  }
+  peerId.Append(host);
+  peerId.Append(':');
+  peerId.AppendInt(port);
+  if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
 }
 
 nsresult
 nsSSLIOLayerAddToSocket(int32_t family,
                         const char* host,
                         int32_t port,
                         const char* proxyHost,
                         int32_t proxyPort,
--- a/security/manager/ssl/src/nsNSSIOLayer.h
+++ b/security/manager/ssl/src/nsNSSIOLayer.h
@@ -131,17 +131,16 @@ private:
   mozilla::psm::SharedSSLState& mSharedState;
   bool mForSTARTTLS;
   SSLVersionRange mTLSVersionRange;
   bool mHandshakePending;
   bool mRememberClientAuthCertificate;
   bool mPreliminaryHandshakeDone; // after false start items are complete
 
   nsresult ActivateSSL();
-  nsresult SyncNSSNames(const nsNSSShutDownPreventionLock& proofOfLock);
 
   nsCString mNegotiatedNPN;
   bool      mNPNCompleted;
   bool      mFalseStartCallbackCalled;
   bool      mFalseStarted;
   bool      mIsFullHandshake;
   bool      mHandshakeCompleted;
   bool      mJoined;