Bug 767516 - Rename: s/SSLConnect/ProxyConnect/ r=mcmanus

netwerk/protocol/http/NullHttpTransaction.cpp

@@ -152,7 +152,7 @@ NullHttpTransaction::TakeSubTransactions(
 }
 
 void
-NullHttpTransaction::SetSSLConnectFailed()
+NullHttpTransaction::SetProxyConnectFailed()
 {
 }
 

netwerk/protocol/http/NullHttpTransaction.h

@@ -18,7 +18,7 @@
 // This is the minimal nsAHttpTransaction implementation. A NullHttpTransaction
 // can be used to drive connection level semantics (such as SSL handshakes
 // tunnels) so that a nsHttpConnection becomes fully established in
-// anticiation of a real transaction needing to use it soon.
+// anticipation of a real transaction needing to use it soon.
 
 namespace mozilla { namespace net {
 

netwerk/protocol/http/SpdySession2.cpp

@@ -2176,9 +2176,9 @@ SpdySession2::GetSecurityCallbacks(nsIInterfaceRequestor **,
 }
 
 void
-SpdySession2::SetSSLConnectFailed()
+SpdySession2::SetProxyConnectFailed()
 {
-  NS_ABORT_IF_FALSE(false, "SpdySession2::SetSSLConnectFailed()");
+  NS_ABORT_IF_FALSE(false, "SpdySession2::SetProxyConnectFailed()");
 }
 
 bool

netwerk/protocol/http/SpdySession3.cpp

@@ -2233,9 +2233,9 @@ SpdySession3::GetSecurityCallbacks(nsIInterfaceRequestor **,
 }
 
 void
-SpdySession3::SetSSLConnectFailed()
+SpdySession3::SetProxyConnectFailed()
 {
-  NS_ABORT_IF_FALSE(false, "SpdySession3::SetSSLConnectFailed()");
+  NS_ABORT_IF_FALSE(false, "SpdySession3::SetProxyConnectFailed()");
 }
 
 bool

netwerk/protocol/http/nsAHttpTransaction.h

@@ -63,8 +63,8 @@ public:
     // called to close the transaction
     virtual void Close(nsresult reason) = 0;
 
-    // called to indicate a failure at the SSL setup level
-    virtual void SetSSLConnectFailed() = 0;
+    // called to indicate a failure with proxy CONNECT
+    virtual void SetProxyConnectFailed() = 0;
     
     // called to retrieve the request headers of the transaction
     virtual nsHttpRequestHead *RequestHead() = 0;
@@ -149,7 +149,7 @@ public:
     nsresult ReadSegments(nsAHttpSegmentReader *, uint32_t, uint32_t *); \
     nsresult WriteSegments(nsAHttpSegmentWriter *, uint32_t, uint32_t *); \
     void     Close(nsresult reason);                                    \
-    void     SetSSLConnectFailed();                                     \
+    void     SetProxyConnectFailed();                                   \
     nsHttpRequestHead *RequestHead();                                   \
     uint32_t Http1xTransactionCount();                                  \
     nsresult TakeSubTransactions(nsTArray<nsRefPtr<nsAHttpTransaction> > &outTransactions); \

netwerk/protocol/http/nsHttpChannel.cpp

@@ -722,8 +722,8 @@ nsHttpChannel::SetupTransaction()
     if (!mAllowSpdy)
         mCaps |= NS_HTTP_DISALLOW_SPDY;
 
-    // use the URI path if not proxying (transparent proxying such as SSL proxy
-    // does not count here). also, figure out what version we should be speaking.
+    // Use the URI path if not proxying (transparent proxying such as proxy
+    // CONNECT does not count here). Also figure out what HTTP version to use.
     nsCAutoString buf, path;
     nsCString* requestURI;
     if (mConnectionInfo->UsingConnect() ||
@@ -1005,21 +1005,21 @@ nsHttpChannel::CallOnStartRequest()
 }
 
 nsresult
-nsHttpChannel::ProcessFailedSSLConnect(uint32_t httpStatus)
+nsHttpChannel::ProcessFailedProxyConnect(uint32_t httpStatus)
 {
-    // Failure to set up SSL proxy tunnel means one of the following:
+    // Failure to set up a proxy tunnel via CONNECT means one of the following:
     // 1) Proxy wants authorization, or forbids.
     // 2) DNS at proxy couldn't resolve target URL.
     // 3) Proxy connection to target failed or timed out.
-    // 4) Eve noticed our proxy CONNECT, and is replying with malicious HTML.
-    // 
-    // Our current architecture will parse response content with the
-    // permission of the target URL!  Given #4, we must avoid rendering the
-    // body of the reply, and instead give the user a (hopefully helpful) 
+    // 4) Eve intercepted our CONNECT, and is replying with malicious HTML.
+    //
+    // Our current architecture would parse the proxy's response content with
+    // the permission of the target URL.  Given #4, we must avoid rendering the
+    // body of the reply, and instead give the user a (hopefully helpful)
     // boilerplate error page, based on just the HTTP status of the reply.
 
     NS_ABORT_IF_FALSE(mConnectionInfo->UsingConnect(),
-                      "SSL connect failed but not using SSL?");
+                      "proxy connect failed but not using CONNECT?");
     nsresult rv;
     switch (httpStatus) 
     {
@@ -1070,21 +1070,13 @@ nsHttpChannel::ProcessFailedSSLConnect(uint32_t httpStatus)
         rv = NS_ERROR_PROXY_CONNECTION_REFUSED; 
         break;
     }
-    LOG(("Cancelling failed SSL proxy connection [this=%p httpStatus=%u]\n",
+    LOG(("Cancelling failed proxy CONNECT [this=%p httpStatus=%u]\n",
          this, httpStatus)); 
     Cancel(rv);
     CallOnStartRequest();
     return rv;
 }
 
-bool
-nsHttpChannel::ShouldSSLProxyResponseContinue(uint32_t httpStatus)
-{
-    // When SSL connect has failed, allow proxy reply to continue only if it's
-    // a 407 (proxy authentication required) response
-    return (httpStatus == 407);
-}
-
 /**
  * Decide whether or not to remember Strict-Transport-Security, and whether
  * or not to enforce channel integrity.
@@ -1182,10 +1174,11 @@ nsHttpChannel::ProcessResponse()
     LOG(("nsHttpChannel::ProcessResponse [this=%p httpStatus=%u]\n",
         this, httpStatus));
 
-    if (mTransaction->SSLConnectFailed()) {
-        if (!ShouldSSLProxyResponseContinue(httpStatus))
-            return ProcessFailedSSLConnect(httpStatus);
-        // If SSL proxy response needs to complete, wait to process connection
+    if (mTransaction->ProxyConnectFailed()) {
+        // Only allow 407 (authentication required) to continue
+        if (httpStatus != 407)
+            return ProcessFailedProxyConnect(httpStatus);
+        // If proxy CONNECT response needs to complete, wait to process connection
         // for Strict-Transport-Security.
     } else {
         // Given a successful connection, process any STS data that's relevant.
@@ -1290,7 +1283,7 @@ nsHttpChannel::ProcessResponse()
     case 407:
         rv = mAuthProvider->ProcessAuthentication(
             httpStatus, mConnectionInfo->UsingSSL() &&
-                        mTransaction->SSLConnectFailed());
+                        mTransaction->ProxyConnectFailed());
         if (rv == NS_ERROR_IN_PROGRESS)  {
             // authentication prompt has been invoked and result
             // is expected asynchronously
@@ -1305,8 +1298,8 @@ nsHttpChannel::ProcessResponse()
         }
         else if (NS_FAILED(rv)) {
             LOG(("ProcessAuthentication failed [rv=%x]\n", rv));
-            if (mTransaction->SSLConnectFailed())
-                return ProcessFailedSSLConnect(httpStatus);
+            if (mTransaction->ProxyConnectFailed())
+                return ProcessFailedProxyConnect(httpStatus);
             if (!mAuthRetryPending)
                 mAuthProvider->CheckForSuperfluousAuth();
             rv = ProcessNormal();
@@ -1376,8 +1369,8 @@ nsHttpChannel::ContinueProcessResponse(nsresult rv)
     }
 
     LOG(("ContinueProcessResponse got failure result [rv=%x]\n", rv));
-    if (mTransaction->SSLConnectFailed()) {
-        return ProcessFailedSSLConnect(mRedirectType);
+    if (mTransaction->ProxyConnectFailed()) {
+        return ProcessFailedProxyConnect(mRedirectType);
     }
     return ProcessNormal();
 }

netwerk/protocol/http/nsHttpChannel.h

@@ -163,8 +163,7 @@ private:
     nsresult AsyncProcessRedirection(uint32_t httpStatus);
     nsresult ContinueProcessRedirection(nsresult);
     nsresult ContinueProcessRedirectionAfterFallback(nsresult);
-    bool     ShouldSSLProxyResponseContinue(uint32_t httpStatus);
-    nsresult ProcessFailedSSLConnect(uint32_t httpStatus);
+    nsresult ProcessFailedProxyConnect(uint32_t httpStatus);
     nsresult ProcessFallback(bool *waitingForRedirectCallback);
     nsresult ContinueProcessFallback(nsresult);
     void     HandleAsyncAbort();

netwerk/protocol/http/nsHttpChannelAuthProvider.cpp

@@ -112,7 +112,7 @@ nsHttpChannelAuthProvider::ProcessAuthentication(uint32_t httpStatus,
 
     if (mProxyAuth) {
         // only allow a proxy challenge if we have a proxy server configured.
-        // otherwise, we could inadvertantly expose the user's proxy
+        // otherwise, we could inadvertently expose the user's proxy
         // credentials to an origin server.  We could attempt to proceed as
         // if we had received a 401 from the server, but why risk flirting
         // with trouble?  IE similarly rejects 407s when a proxy server is

netwerk/protocol/http/nsHttpConnection.cpp

@@ -833,9 +833,9 @@ nsHttpConnection::OnHeadersAvailable(nsAHttpTransaction *trans,
     if (!mProxyConnectStream)
         HandleAlternateProtocol(responseHead);
 
-    // if we're doing an SSL proxy connect, then we need to check whether or not
-    // the connect was successful.  if so, then we have to reset the transaction
-    // and step-up the socket connection to SSL. finally, we have to wake up the
+    // If we're doing a proxy connect, we need to check whether or not
+    // it was successful.  If so, we have to reset the transaction and step-up
+    // the socket connection if using SSL. Finally, we have to wake up the
     // socket write request.
     if (mProxyConnectStream) {
         NS_ABORT_IF_FALSE(!mUsingSpdyVersion,
@@ -860,7 +860,7 @@ nsHttpConnection::OnHeadersAvailable(nsAHttpTransaction *trans,
         else {
             LOG(("proxy CONNECT failed! ssl=%s\n",
                  mConnInfo->UsingSSL() ? "true" :"false"));
-            mTransaction->SetSSLConnectFailed();
+            mTransaction->SetProxyConnectFailed();
         }
     }
     
@@ -1199,8 +1199,8 @@ nsHttpConnection::OnSocketWritable()
     do {
         mSocketOutCondition = NS_OK;
 
-        // if we're doing an SSL proxy connect, then we need to bypass calling
-        // into the transaction.
+        // If we're doing a proxy connect, then we need to bypass calling into
+        // the transaction.
         //
         // NOTE: this code path can't be shared since the transaction doesn't
         // implement nsIInputStream.  doing so is not worth the added cost of

netwerk/protocol/http/nsHttpPipeline.cpp

@@ -349,12 +349,12 @@ nsHttpPipeline::Classification()
 }
 
 void
-nsHttpPipeline::SetSSLConnectFailed()
+nsHttpPipeline::SetProxyConnectFailed()
 {
     nsAHttpTransaction *trans = Request(0);
 
     if (trans)
-        trans->SetSSLConnectFailed();
+        trans->SetProxyConnectFailed();
 }
 
 nsHttpRequestHead *
@@ -652,7 +652,7 @@ nsHttpPipeline::WriteSegments(nsAHttpSegmentWriter *writer,
     trans = Response(0);
     // This code deals with the establishment of a CONNECT tunnel through
     // an HTTP proxy. It allows the connection to do the CONNECT/200
-    // HTTP transaction to establish an SSL tunnel as a precursor to the
+    // HTTP transaction to establish a tunnel as a precursor to the
     // actual pipeline of regular HTTP transactions.
     if (!trans && mRequestQ.Length() &&
         mConnection->IsProxyConnectInProgress()) {

netwerk/protocol/http/nsHttpTransaction.cpp

@@ -102,7 +102,7 @@ nsHttpTransaction::nsHttpTransaction()
     , mReceivedData(false)
     , mStatusEventPending(false)
     , mHasRequestBody(false)
-    , mSSLConnectFailed(false)
+    , mProxyConnectFailed(false)
     , mHttpResponseMatched(false)
     , mPreserveStream(false)
     , mReportedStart(false)
@@ -353,9 +353,9 @@ nsHttpTransaction::TakeResponseHead()
 }
 
 void
-nsHttpTransaction::SetSSLConnectFailed()
+nsHttpTransaction::SetProxyConnectFailed()
 {
-    mSSLConnectFailed = true;
+    mProxyConnectFailed = true;
 }
 
 nsHttpRequestHead *

netwerk/protocol/http/nsHttpTransaction.h

@@ -94,7 +94,7 @@ public:
     // Called to find out if the transaction generated a complete response.
     bool ResponseIsComplete() { return mResponseIsComplete; }
 
-    bool      SSLConnectFailed() { return mSSLConnectFailed; }
+    bool      ProxyConnectFailed() { return mProxyConnectFailed; }
 
     // SetPriority() may only be used by the connection manager.
     void    SetPriority(int32_t priority) { mPriority = priority; }
@@ -193,7 +193,7 @@ private:
     bool                            mReceivedData;
     bool                            mStatusEventPending;
     bool                            mHasRequestBody;
-    bool                            mSSLConnectFailed;
+    bool                            mProxyConnectFailed;
     bool                            mHttpResponseMatched;
     bool                            mPreserveStream;
 

netwerk/protocol/http/nsIHttpAuthManager.idl

@@ -27,7 +27,7 @@ interface nsIHttpAuthManager : nsISupports
      *
      * @param aScheme
      *        the URL scheme (e.g., "http").  NOTE: for proxy authentication,
-     *        this should be "http" (this includes authentication for SSL
+     *        this should be "http" (this includes authentication for CONNECT
      *        tunneling).
      * @param aHost
      *        the host of the server issuing a challenge (ASCII only).
@@ -61,7 +61,7 @@ interface nsIHttpAuthManager : nsISupports
      *
      * @param aScheme
      *        the URL scheme (e.g., "http").  NOTE: for proxy authentication,
-     *        this should be "http" (this includes authentication for SSL
+     *        this should be "http" (this includes authentication for CONNECT
      *        tunneling).
      * @param aHost
      *        the host of the server issuing a challenge (ASCII only).