bug 1153212 - 1/2 revert 90d6a38931fa to make room for better fix r=backout

2024-09-13 09:24:08 -07:00 · 2015-05-07 13:16:26 -04:00 · 2015-05-07 13:16:26 -04:00 · a2982caa07
commit a2982caa07
parent 8ead5d21f1
4 changed files with 23 additions and 117 deletions
--- a/netwerk/protocol/http/nsHttpConnectionInfo.h
+++ b/netwerk/protocol/http/nsHttpConnectionInfo.h
@ -63,9 +63,6 @@ public:
    const nsCString &GetAuthenticationHost() const { return mAuthenticationHost; }
    int32_t GetAuthenticationPort() const { return mAuthenticationPort; }

-    const nsCString &GetOrigin() const { return mAuthenticationHost.IsEmpty() ? mHost : mAuthenticationHost; }
-    int32_t OriginPort() const { return mAuthenticationHost.IsEmpty() ? mPort : mAuthenticationPort; }
-
    // With overhead rebuilding the hash key. The initial
    // network interface is empty. So you can reduce one call
    // if there's no explicit route after ctor.
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
@ -880,8 +880,8 @@ nsHttpConnectionMgr::GetSpdyPreferredEnt(nsConnectionEntry *aOriginalEntry)
         NS_SUCCEEDED(rv) && index > 0; --index) {
        if (info->ProtocolEnabled(index - 1)) {
            rv = sslSocketControl->JoinConnection(info->VersionString[index - 1],
-                                                  aOriginalEntry->mConnInfo->GetOrigin(),
-                                                  aOriginalEntry->mConnInfo->OriginPort(),
+                                                  aOriginalEntry->mConnInfo->GetHost(),
+                                                  aOriginalEntry->mConnInfo->Port(),
                                                  &isJoined);
            if (NS_SUCCEEDED(rv) && isJoined) {
                break;
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@ -194,16 +194,8 @@ nsNSSSocketInfo::GetBypassAuthentication(bool* arg)
 NS_IMETHODIMP
 nsNSSSocketInfo::SetBypassAuthentication(bool arg)
 {
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-  if (!mFd) {
-    return NS_ERROR_FAILURE;
-  }
-
  mBypassAuthentication = arg;
-  return SyncNSSNames(locker);
+  return NS_OK;
 }

 NS_IMETHODIMP
@ -223,25 +215,7 @@ nsNSSSocketInfo::GetAuthenticationName(nsACString& aAuthenticationName)
 NS_IMETHODIMP
 nsNSSSocketInfo::SetAuthenticationName(const nsACString& aAuthenticationName)
 {
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-  if (!mFd) {
-    return NS_ERROR_FAILURE;
-  }
-
-  nsCString authenticationName(aAuthenticationName);
-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-         ("[%p] nsNSSSocketInfo::SetAuthenticationName change from %s to %s\n",
-          mFd, PromiseFlatCString(GetHostName()).get(),
-          authenticationName.get()));
-
-  nsresult rv = SetHostName(authenticationName.get());
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  return SyncNSSNames(locker);
+  return SetHostName(PromiseFlatCString(aAuthenticationName).get());
 }

 NS_IMETHODIMP
@ -253,19 +227,7 @@ nsNSSSocketInfo::GetAuthenticationPort(int32_t* aAuthenticationPort)
 NS_IMETHODIMP
 nsNSSSocketInfo::SetAuthenticationPort(int32_t aAuthenticationPort)
 {
-  nsNSSShutDownPreventionLock locker;
-  if (isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-  if (!mFd) {
-    return NS_ERROR_FAILURE;
-  }
-
-  nsresult rv = SetPort(aAuthenticationPort);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  return SyncNSSNames(locker);
+  return SetPort(aAuthenticationPort);
 }

 NS_IMETHODIMP
@ -304,36 +266,6 @@ nsNSSSocketInfo::SetNotificationCallbacks(nsIInterfaceRequestor* aCallbacks)
  return NS_OK;
 }

-// forward declare this for SyncNSSNames()
-static nsresult
-nsSSLIOLayerSetPeerName(PRFileDesc* fd, nsNSSSocketInfo* infoObject,
-                        const char* host, int32_t port,
-                        const nsNSSShutDownPreventionLock& /* proofOfLock */);
-
-nsresult
-nsNSSSocketInfo::SyncNSSNames(const nsNSSShutDownPreventionLock& proofOfLock)
-{
-  // I don't know why any of these calls would fail, but if they do
-  // we need to call SetCanceled to avoid non-determinstic results
-
-  const char* hostName = GetHostNameRaw();
-  if (SECSuccess != SSL_SetURL(mFd, hostName)) {
-    PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("[%p] SyncNSSNames SSL_SetURL error: %d\n",
-                                      (void*) mFd, PR_GetError()));
-    SetCanceled(PR_INVALID_STATE_ERROR, PlainErrorMessage);
-    return NS_ERROR_FAILURE;
-  }
-
-  int32_t port = GetPort();
-  if (NS_FAILED(nsSSLIOLayerSetPeerName(mFd, this, hostName, port, proofOfLock))) {
-    PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("[%p] SyncNSSNames SetPeerName error: %d\n",
-                                      (void*) mFd, PR_GetError()));
-    SetCanceled(PR_INVALID_STATE_ERROR, PlainErrorMessage);
-    return NS_ERROR_FAILURE;
-  }
-  return NS_OK;
-}
-
 void
 nsNSSSocketInfo::NoteTimeUntilReady()
 {
@ -513,12 +445,6 @@ nsNSSSocketInfo::JoinConnection(const nsACString& npnProtocol,
  if (!mNPNCompleted || !mNegotiatedNPN.Equals(npnProtocol))
    return NS_OK;

-  if (mBypassAuthentication) {
-    // An unauthenticated connection does not know whether or not it
-    // is acceptable for a particular hostname
-    return NS_OK;
-  }
-
  IsAcceptableForHost(hostname, _retval);

  if (*_retval) {
@ -2594,45 +2520,12 @@ loser:
  return nullptr;
 }

-static nsresult
-nsSSLIOLayerSetPeerName(PRFileDesc* fd, nsNSSSocketInfo* infoObject,
-                        const char* host, int32_t port,
-                        const nsNSSShutDownPreventionLock& /*proofOfLock*/)
-{
-  // Set the Peer ID so that SSL proxy connections work properly and to
-  // separate anonymous and/or private browsing connections.
-  uint32_t flags = infoObject->GetProviderFlags();
-  nsAutoCString peerId;
-  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
-    peerId.AppendLiteral("anon:");
-  }
-  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
-    peerId.AppendLiteral("private:");
-  }
-  if (infoObject->GetBypassAuthentication()) {
-    peerId.AppendLiteral("bypassAuth:");
-  }
-  peerId.Append(host);
-  peerId.Append(':');
-  peerId.AppendInt(port);
-  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-         ("[%p] nsSSLIOLayerSetPeerName to %s\n", fd, peerId.get()));
-  if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
-    return NS_ERROR_FAILURE;
-  }
-  return NS_OK;
-}
-
 static nsresult
 nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
                       const char* proxyHost, const char* host, int32_t port,
                       nsNSSSocketInfo* infoObject)
 {
  nsNSSShutDownPreventionLock locker;
-  if (infoObject->isAlreadyShutDown()) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
  if (forSTARTTLS || proxyHost) {
    if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) {
      return NS_ERROR_FAILURE;
@ -2683,7 +2576,24 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
    return NS_ERROR_FAILURE;
  }

-  return nsSSLIOLayerSetPeerName(fd, infoObject, host, port, locker);
+  // Set the Peer ID so that SSL proxy connections work properly and to
+  // separate anonymous and/or private browsing connections.
+  uint32_t flags = infoObject->GetProviderFlags();
+  nsAutoCString peerId;
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
+    peerId.AppendLiteral("anon:");
+  }
+  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    peerId.AppendLiteral("private:");
+  }
+  peerId.Append(host);
+  peerId.Append(':');
+  peerId.AppendInt(port);
+  if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
 }

 nsresult
--- a/security/manager/ssl/src/nsNSSIOLayer.h
+++ b/security/manager/ssl/src/nsNSSIOLayer.h
@ -136,7 +136,6 @@ private:
  bool mPreliminaryHandshakeDone; // after false start items are complete

  nsresult ActivateSSL();
-  nsresult SyncNSSNames(const nsNSSShutDownPreventionLock& proofOfLock);

  nsCString mNegotiatedNPN;
  bool      mNPNCompleted;