Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Wed, 11 Nov 2015 23:13:34 +0900
changeset 272078 fc4a5bfc904e3fe1e35804de8663e5bb26aad1b4
parent 272077 2fc4d36aa30665f3d9bcb0fec4c48e045f2b4907
child 272079 52dc9d73dcd3fc033ea01137377c82fd1240a4f9
push idunknown
push userunknown
push dateunknown
reviewerskeeler
bugs1219088
milestone45.0a1
Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler
security/manager/ssl/WeakCryptoOverride.cpp
--- a/security/manager/ssl/WeakCryptoOverride.cpp
+++ b/security/manager/ssl/WeakCryptoOverride.cpp
@@ -3,16 +3,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "WeakCryptoOverride.h"
 
 #include "MainThreadUtils.h"
 #include "SharedSSLState.h"
+#include "nss.h"
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
 NS_IMPL_ISUPPORTS(WeakCryptoOverride,
                   nsIWeakCryptoOverride)
 
 WeakCryptoOverride::WeakCryptoOverride()
@@ -53,10 +54,14 @@ WeakCryptoOverride::RemoveWeakCryptoOver
   SharedSSLState* sharedState = aPrivate ? PrivateSSLState()
                                          : PublicSSLState();
   if (!sharedState) {
     return NS_ERROR_NOT_AVAILABLE;
   }
   const nsPromiseFlatCString& host = PromiseFlatCString(aHostName);
   sharedState->IOLayerHelpers().removeInsecureFallbackSite(host, aPort);
 
+  // Some servers will fail with SSL_ERROR_ILLEGAL_PARAMETER_ALERT
+  // unless the session cache is cleared.
+  SSL_ClearSessionCache();
+
   return NS_OK;
 }