Bug 1219935 - Skip OCSP request if PAC download is in progress r=keeler,bagder
authorKershaw Chang <kershaw@mozilla.com>
Mon, 22 Oct 2018 09:07:51 +0000
changeset 490666 28403444666ca113c31b269dd55d31159ac2fe6b
parent 490665 5d7093d30ed3cb97eb09034826bfb64f4f080e0a
child 490667 d7ba5883b259d3ba647894b7e0bf53587331df9f
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewerskeeler, bagder
bugs1219935
milestone64.0a1
Bug 1219935 - Skip OCSP request if PAC download is in progress r=keeler,bagder This is a straightforward patch. Just add a new attribute in nsIProtocolProxyService to indicate whether PAC is still loading. If yes, fail the OCSP request. Differential Revision: https://phabricator.services.mozilla.com/D9154
netwerk/base/nsIProtocolProxyService.idl
netwerk/base/nsProtocolProxyService.cpp
security/manager/ssl/nsNSSCallbacks.cpp
--- a/netwerk/base/nsIProtocolProxyService.idl
+++ b/netwerk/base/nsIProtocolProxyService.idl
@@ -277,9 +277,14 @@ interface nsIProtocolProxyService : nsIS
      const unsigned long PROXYCONFIG_PAC      = 2;
      const unsigned long PROXYCONFIG_WPAD     = 4;
      const unsigned long PROXYCONFIG_SYSTEM   = 5;
 
      /**
       * This attribute specifies the current type of proxy configuration.
       */
      readonly attribute unsigned long proxyConfigType;
+
+     /**
+      * True if there is a PAC download in progress.
+      */
+    [noscript] readonly attribute boolean isPACLoading;
 };
--- a/netwerk/base/nsProtocolProxyService.cpp
+++ b/netwerk/base/nsProtocolProxyService.cpp
@@ -2542,10 +2542,22 @@ nsProtocolProxyService::PruneProxyInfo(c
     if (head && !head->mNext && head->mType == kProxyType_DIRECT)
         NS_RELEASE(head);
 
     *list = head;  // Transfer ownership
 
     LOG(("nsProtocolProxyService::PruneProxyInfo LEAVE list=%p", *list));
 }
 
+NS_IMETHODIMP
+nsProtocolProxyService::GetIsPACLoading(bool *aResult)
+{
+    NS_ENSURE_ARG_POINTER(aResult);
+
+    *aResult = false;
+    if (mPACMan && mPACMan->IsLoading()) {
+        *aResult = true;
+    }
+    return NS_OK;
+}
+
 } // namespace net
 } // namespace mozilla
\ No newline at end of file
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -15,16 +15,17 @@
 #include "mozilla/Casting.h"
 #include "mozilla/RefPtr.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/Unused.h"
 #include "nsContentUtils.h"
 #include "nsICertOverrideService.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsIPrompt.h"
+#include "nsIProtocolProxyService.h"
 #include "nsISupportsPriority.h"
 #include "nsIStreamLoader.h"
 #include "nsITokenDialogs.h"
 #include "nsIUploadChannel.h"
 #include "nsIWebProgressListener.h"
 #include "nsNSSCertHelper.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSComponent.h"
@@ -231,16 +232,34 @@ OCSPRequest::Run()
   rv = uri->GetScheme(scheme);
   if (NS_FAILED(rv)) {
     return NotifyDone(rv, lock);
   }
   if (!scheme.LowerCaseEqualsLiteral("http")) {
     return NotifyDone(NS_ERROR_MALFORMED_URI, lock);
   }
 
+  // See bug 1219935.
+  // We should not send OCSP request if the PAC is still loading.
+  nsCOMPtr<nsIProtocolProxyService> pps =
+    do_GetService(NS_PROTOCOLPROXYSERVICE_CONTRACTID, &rv);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  bool isPACLoading = false;
+  rv = pps->GetIsPACLoading(&isPACLoading);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  if (isPACLoading) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+
   nsCOMPtr<nsIChannel> channel;
   rv = ios->NewChannel2(mAIALocation,
                         nullptr,
                         nullptr,
                         nullptr, // aLoadingNode
                         nsContentUtils::GetSystemPrincipal(),
                         nullptr, // aTriggeringPrincipal
                         nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,