Bug 769288 - Part 7: Use separate SSL session cache entries for private connections. r=mayhemer

2024-09-13 09:24:08 -07:00 · 2012-12-07 17:57:53 -05:00 · 2012-12-07 17:57:53 -05:00 · 7a51d111ae
commit 7a51d111ae
parent b2e2b4f5bf
2 changed files with 18 additions and 15 deletions
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@ -2448,7 +2448,7 @@ loser:
 static nsresult
 nsSSLIOLayerSetOptions(PRFileDesc *fd, bool forSTARTTLS, 
                       const char *proxyHost, const char *host, int32_t port,
-                       bool anonymousLoad, nsNSSSocketInfo *infoObject)
+                       nsNSSSocketInfo *infoObject)
 {
  nsNSSShutDownPreventionLock locker;
  if (forSTARTTLS || proxyHost) {
@ -2501,20 +2501,23 @@ nsSSLIOLayerSetOptions(PRFileDesc *fd, bool forSTARTTLS,
    }
  }

-  // Set the Peer ID so that SSL proxy connections work properly.
-  char *peerId;
-  if (anonymousLoad) {  // See bug #466080. Separate the caches.
-      peerId = PR_smprintf("anon:%s:%d", host, port);
-  } else {
-      peerId = PR_smprintf("%s:%d", host, port);
+  // Set the Peer ID so that SSL proxy connections work properly and to
+  // separate anonymous and/or private browsing connections.
+  uint32_t flags = infoObject->GetProviderFlags();
+  nsAutoCString peerId;
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
+    peerId.Append("anon:");
  }
-  
-  if (SECSuccess != SSL_SetSockPeerID(fd, peerId)) {
-    PR_smprintf_free(peerId);
+  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    peerId.Append("private:");
+  }
+  peerId.Append(host);
+  peerId.Append(':');
+  peerId.AppendInt(port);
+  if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
    return NS_ERROR_FAILURE;
  }

-  PR_smprintf_free(peerId);
  return NS_OK;
 }

@ -2544,7 +2547,6 @@ nsSSLIOLayerAddToSocket(int32_t family,
  infoObject->SetHostName(host);
  infoObject->SetPort(port);

-  bool anonymousLoad = providerFlags & nsISocketProvider::ANONYMOUS_CONNECT;
  PRFileDesc *sslSock = nsSSLIOLayerImportFD(fd, infoObject, host);
  if (!sslSock) {
    NS_ASSERTION(false, "NSS: Error importing socket");
@ -2553,8 +2555,7 @@ nsSSLIOLayerAddToSocket(int32_t family,

  infoObject->SetFileDescPtr(sslSock);

-  rv = nsSSLIOLayerSetOptions(sslSock,
-                              forSTARTTLS, proxyHost, host, port, anonymousLoad,
+  rv = nsSSLIOLayerSetOptions(sslSock, forSTARTTLS, proxyHost, host, port,
                              infoObject);

  if (NS_FAILED(rv))
--- a/security/manager/ssl/src/nsNSSIOLayer.h
+++ b/security/manager/ssl/src/nsNSSIOLayer.h
@ -63,7 +63,9 @@ public:

  bool GetJoined() { return mJoined; }
  void SetSentClientCert() { mSentClientCert = true; }
-  
+
+  uint32_t GetProviderFlags() const { return mProviderFlags; }
+
  mozilla::psm::SharedSSLState& SharedState();

  // XXX: These are only used on for diagnostic purposes