wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Backed out changeset 03bc3379822a

Browse Source
This commit is contained in:
Jonas Sicking 2009-01-14 00:59:52 -08:00
parent bd9db67c3e
commit 2fe71d8086
13 changed files with 21 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
netwerk/base/public/nsISocketTransport.idl
View File

@ -150,14 +150,6 @@ interface nsISocketTransport : nsITransport
*/
const unsigned long BYPASS_CACHE = (1 << 0);
/**
* When setting this flag, the socket will not apply any
* credentials when establishing a connection. For example,
* an SSL connection would not send any client-certificates
* if this flag is set.
*/
const unsigned long ANONYMOUS_CONNECT = (1 << 1);
};
%{C++

5
netwerk/base/src/nsSocketTransport2.cpp
View File

@ -1002,9 +1002,6 @@ nsSocketTransport::BuildSocket(PRFileDesc *&fd, PRBool &proxyTransparent, PRBool
if (mProxyTransparentResolvesHost)
proxyFlags |= nsISocketProvider::PROXY_RESOLVES_HOST;
if (mConnectionFlags & nsISocketTransport::ANONYMOUS_CONNECT)
proxyFlags |= nsISocketProvider::ANONYMOUS_CONNECT;
nsCOMPtr<nsISupports> secinfo;
if (i == 0) {
@ -1029,7 +1026,7 @@ nsSocketTransport::BuildSocket(PRFileDesc *&fd, PRBool &proxyTransparent, PRBool
proxyFlags, fd,
getter_AddRefs(secinfo));
}
// proxyFlags = 0; not used below this point...
proxyFlags = 0;
if (NS_FAILED(rv))
break;

4
netwerk/protocol/http/src/nsHttp.h
View File

@ -108,10 +108,6 @@ typedef PRUint8 nsHttpVersion;
// bypass the local DNS cache
#define NS_HTTP_REFRESH_DNS (1<<3)
// a transaction with this caps flag will not pass SSL client-certificates
// to the server (see bug #466080), but is may also be used for other things
#define NS_HTTP_LOAD_ANONYMOUS (1<<4)
//-----------------------------------------------------------------------------
// some default values
//-----------------------------------------------------------------------------

5
netwerk/protocol/http/src/nsHttpChannel.cpp
View File

@ -657,11 +657,6 @@ nsHttpChannel::SetupTransaction()
return NS_ERROR_OUT_OF_MEMORY;
NS_ADDREF(mTransaction);
// See bug #466080. Transfer LOAD_ANONYMOUS flag to socket-layer.
if (mLoadFlags & LOAD_ANONYMOUS) {
mCaps |= NS_HTTP_LOAD_ANONYMOUS;
}
nsCOMPtr<nsIAsyncInputStream> responseStream;
rv = mTransaction->Init(mCaps, mConnectionInfo, &mRequestHead,
mUploadStream, mUploadStreamHasHeaders,

8
netwerk/protocol/http/src/nsHttpConnection.cpp
View File

@ -452,14 +452,8 @@ nsHttpConnection::CreateTransport(PRUint8 caps)
getter_AddRefs(strans));
if (NS_FAILED(rv)) return rv;
PRUint32 tmpFlags = 0;
if (caps & NS_HTTP_REFRESH_DNS)
tmpFlags = nsISocketTransport::BYPASS_CACHE;
if (caps & NS_HTTP_LOAD_ANONYMOUS)
tmpFlags |= nsISocketTransport::ANONYMOUS_CONNECT;
strans->SetConnectionFlags(tmpFlags);
strans->SetConnectionFlags(nsISocketTransport::BYPASS_CACHE);
// NOTE: these create cyclical references, which we break inside
// nsHttpConnection::Close

9
netwerk/socket/base/nsISocketProvider.idl
View File

@ -106,15 +106,6 @@ interface nsISocketProvider : nsISupports
* later connect et al. request.
*/
const long PROXY_RESOLVES_HOST = 1 << 0;
/**
* When setting this flag, the socket will not apply any
* credentials when establishing a connection. For example,
* an SSL connection would not send any client-certificates
* if this flag is set.
*/
const long ANONYMOUS_CONNECT = 1 << 1;
};
%{C++

34
security/manager/ssl/src/nsNSSIOLayer.cpp
View File

@ -1996,15 +1996,14 @@ nsSSLIOLayerNewSocket(PRInt32 family,
PRInt32 proxyPort,
PRFileDesc **fd,
nsISupports** info,
PRBool forSTARTTLS,
PRBool anonymousLoad)
PRBool forSTARTTLS)
{
PRFileDesc* sock = PR_OpenTCPSocket(family);
if (!sock) return NS_ERROR_OUT_OF_MEMORY;
nsresult rv = nsSSLIOLayerAddToSocket(family, host, port, proxyHost, proxyPort,
sock, info, forSTARTTLS, anonymousLoad);
sock, info, forSTARTTLS);
if (NS_FAILED(rv)) {
PR_Close(sock);
return rv;
@ -3111,8 +3110,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
static PRFileDesc*
nsSSLIOLayerImportFD(PRFileDesc *fd,
nsNSSSocketInfo *infoObject,
const char *host,
PRBool anonymousLoad)
const char *host)
{
nsNSSShutDownPreventionLock locker;
PRFileDesc* sslSock = SSL_ImportFD(nsnull, fd);
@ -3122,15 +3120,9 @@ nsSSLIOLayerImportFD(PRFileDesc *fd,
}
SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*)infoObject);
SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject);
// Disable this hook if we connect anonymously. See bug 466080.
if (anonymousLoad) {
SSL_GetClientAuthDataHook(sslSock, NULL, infoObject);
} else {
SSL_GetClientAuthDataHook(sslSock,
SSL_GetClientAuthDataHook(sslSock,
(SSLGetClientAuthData)nsNSS_SSLGetClientAuthData,
infoObject);
}
SSL_AuthCertificateHook(sslSock, AuthCertificateCallback, 0);
PRInt32 ret = SSL_SetURL(sslSock, host);
@ -3149,7 +3141,7 @@ loser:
static nsresult
nsSSLIOLayerSetOptions(PRFileDesc *fd, PRBool forSTARTTLS,
const char *proxyHost, const char *host, PRInt32 port,
PRBool anonymousLoad, nsNSSSocketInfo *infoObject)
nsNSSSocketInfo *infoObject)
{
nsNSSShutDownPreventionLock locker;
if (forSTARTTLS || proxyHost) {
@ -3200,13 +3192,7 @@ nsSSLIOLayerSetOptions(PRFileDesc *fd, PRBool forSTARTTLS,
}
// Set the Peer ID so that SSL proxy connections work properly.
char *peerId;
if (anonymousLoad) { // See bug #466080. Separate the caches.
peerId = PR_smprintf("anon:%s:%d", host, port);
} else {
peerId = PR_smprintf("%s:%d", host, port);
}
char *peerId = PR_smprintf("%s:%d", host, port);
if (SECSuccess != SSL_SetSockPeerID(fd, peerId)) {
PR_smprintf_free(peerId);
return NS_ERROR_FAILURE;
@ -3224,8 +3210,7 @@ nsSSLIOLayerAddToSocket(PRInt32 family,
PRInt32 proxyPort,
PRFileDesc* fd,
nsISupports** info,
PRBool forSTARTTLS,
PRBool anonymousLoad)
PRBool forSTARTTLS)
{
nsNSSShutDownPreventionLock locker;
PRFileDesc* layer = nsnull;
@ -3239,7 +3224,7 @@ nsSSLIOLayerAddToSocket(PRInt32 family,
infoObject->SetHostName(host);
infoObject->SetPort(port);
PRFileDesc *sslSock = nsSSLIOLayerImportFD(fd, infoObject, host, anonymousLoad);
PRFileDesc *sslSock = nsSSLIOLayerImportFD(fd, infoObject, host);
if (!sslSock) {
NS_ASSERTION(PR_FALSE, "NSS: Error importing socket");
goto loser;
@ -3247,8 +3232,7 @@ nsSSLIOLayerAddToSocket(PRInt32 family,
infoObject->SetFileDescPtr(sslSock);
rv = nsSSLIOLayerSetOptions(sslSock,
forSTARTTLS, proxyHost, host, port, anonymousLoad,
rv = nsSSLIOLayerSetOptions(sslSock, forSTARTTLS, proxyHost, host, port,
infoObject);
if (NS_FAILED(rv))

6
security/manager/ssl/src/nsNSSIOLayer.h
View File

@ -272,8 +272,7 @@ nsresult nsSSLIOLayerNewSocket(PRInt32 family,
PRInt32 proxyPort,
PRFileDesc **fd,
nsISupports **securityInfo,
PRBool forSTARTTLS,
PRBool anonymousLoad);
PRBool forSTARTTLS);
nsresult nsSSLIOLayerAddToSocket(PRInt32 family,
const char *host,
@ -282,8 +281,7 @@ nsresult nsSSLIOLayerAddToSocket(PRInt32 family,
PRInt32 proxyPort,
PRFileDesc *fd,
nsISupports **securityInfo,
PRBool forSTARTTLS,
PRBool anonymousLoad);
PRBool forSTARTTLS);
nsresult nsSSLIOLayerFreeTLSIntolerantSites();
nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo *infoObject, int error);

6
security/manager/ssl/src/nsSSLSocketProvider.cpp
View File

@ -68,8 +68,7 @@ nsSSLSocketProvider::NewSocket(PRInt32 family,
proxyPort,
_result,
securityInfo,
PR_FALSE,
flags & ANONYMOUS_CONNECT);
PR_FALSE);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}
@ -91,8 +90,7 @@ nsSSLSocketProvider::AddToSocket(PRInt32 family,
proxyPort,
aSocket,
securityInfo,
PR_FALSE,
flags & ANONYMOUS_CONNECT);
PR_FALSE);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}

6
security/manager/ssl/src/nsTLSSocketProvider.cpp
View File

@ -68,8 +68,7 @@ nsTLSSocketProvider::NewSocket(PRInt32 family,
proxyPort,
_result,
securityInfo,
PR_TRUE,
flags & ANONYMOUS_CONNECT);
PR_TRUE);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}
@ -92,8 +91,7 @@ nsTLSSocketProvider::AddToSocket(PRInt32 family,
proxyPort,
aSocket,
securityInfo,
PR_TRUE,
flags & ANONYMOUS_CONNECT);
PR_TRUE);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}

10
security/manager/ssl/tests/mochitest/Makefile.in
View File

@ -45,11 +45,9 @@ relativesrcdir = security/ssl
include $(DEPTH)/config/autoconf.mk
include $(topsrcdir)/config/rules.mk
_CHROME_FILES = \
test_bug466080.html \
bug466080.sjs \
$(NULL)
# _CHROME_FILES = \
# $(NULL)
# test_bug413909.html \ # Leaks the world.
libs:: $(_CHROME_FILES)
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)
# libs:: $(_CHROME_FILES)
# $(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)

17
security/manager/ssl/tests/mochitest/bug466080.sjs
View File

@ -1,17 +0,0 @@
function handleRequest(request, response)
{
var body = "loaded";
var origin = "localhost";
try {
var origin = request.getHeader("Origin");
} catch(e) {}
response.setHeader("Access-Control-Allow-Origin",
origin,
false);
response.setHeader("Access-Control-Allow-Credentials", "true", false);
response.setHeader("Connection", "Keep-alive", false);
response.bodyOutputStream.write(body, body.length);
}

113
security/manager/ssl/tests/mochitest/test_bug466080.html
View File

@ -1,113 +0,0 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test bug 466080</title>
<script type="text/javascript" src="chrome://mochikit/content/MochiKit/packed.js"></script>
<script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css" />
</head>
<body onload="onWindowLoad()">
<iframe id="frame1"
src="https://requireclientcert.example.com/chrome/security/ssl/bug466080.sjs"
onload="document.iframeWasLoaded = true">
This iframe should load the resource via the src-attribute from
a secure server which requires a client-cert. Doing this is
supposed to work, but further below in the test we try to load
the resource from the same url using a XHR, which should not work.
TODO : What if we change 'src' from JS? Would/should it load?
</iframe>
<script class="testbody" type="text/javascript">
document.iframeWasLoaded = false;
var alltests = [
// load resource from a relative url - this should work
{ url:"bug466080.sjs",
status_check:"==200",
error:"XHR from relative URL"},
// TODO - load the resource from a relative url via https..?
// load a non-existing resource - should get "404 Not Found"
{ url:"bug466080-does-not.exist",
status_check:"==404",
error:"XHR loading non-existing resource"},
// load resource from cross-site non-secure server
{ url:"http://test1.example.com/chrome/security/ssl/bug466080.sjs",
status_check:"==200",
error:"XHR from cross-site plaintext server"},
// load resource from cross-site secure server - should work since no credentials are needed
{ url:"https://test1.example.com/chrome/security/ssl/bug466080.sjs",
status_check:"==200",
error:"XHR from cross-site secure server"},
// load resource from cross-site secure server - should work since the server just requests certs
{ url:"https://requestclientcert.example.com/chrome/security/ssl/bug466080.sjs",
status_check:"==200",
error:"XHR from cross-site secure server requesting certificate"},
// load resource from cross-site secure server - should NOT work since the server requires cert
// note that this is the url which is used in the iframe.src above
{ url:"https://requireclientcert.example.com/chrome/security/ssl/bug466080.sjs",
status_check:"!=200",
error:"XHR from cross-site secure server requiring certificate"},
// repeat previous, - should NOT work
{ url:"https://requireclientcert.example.com/chrome/security/ssl/bug466080.sjs",
status_check:"==200",
error:"XHR w/ credentials from cross-site secure server requiring certificate",
withCredentials:"true"},
// repeat previous, but with credentials - should work
{ url:"https://requireclientcert.example.com/chrome/security/ssl/bug466080.sjs",
status_check:"==200",
error:"XHR w/ credentials from cross-site secure server requiring certificate",
withCredentials:"true"},
// repeat previous, withCredentials but using a weird method to force preflight
// should NOT work since our preflight is anonymous and will fail with our simple server
{ url:"https://requireclientcert.example.com/chrome/security/ssl/bug466080.sjs",
status_check:"!=200",
error:"XHR PREFLIGHT from cross-site secure server requiring certificate",
withCredentials:"true",
method:"XMETHOD"},
];
function onWindowLoad() {
// First, check that resource was loaded into the iframe
// This check in fact depends on bug #444165... :)
ok(document.iframeWasLoaded, "Loading resource via src-attribute");
for each (test in alltests) {
var xhr = new XMLHttpRequest();
var method = "GET";
if (test.method != null) { method = test.method; }
xhr.open(method, test.url, false);
xhr.withCredentials = test.withCredentials;
xhr.setRequestHeader("Connection", "Keep-Alive", false);
try {
xhr.send();
} catch(e) {
}
var success = eval(xhr.status + test.status_check);
ok(success, test.error);
}
SimpleTest.finish();
}
SimpleTest.waitForExplicitFinish();
</script>
</body>
</html>