Commit 54d2a5f1 authored by Pascal Chevrel's avatar Pascal Chevrel
Browse files

Backed out changeset 3155d983a779 (bug 1813618) for causing bug 1835103 a=pascalc

parent 8ecb53e4
Loading
Loading
Loading
Loading
+37 −58
Original line number Diff line number Diff line
@@ -40,10 +40,6 @@ const clientAuthDialogs = {
    is(certList.length, 1, "should have only one client certificate available");
    selectedIndex.value = 0;
    rememberClientAuthCertificate.value = false;
    ok(
      !chooseCertificateCalled,
      "chooseCertificate should only be called once"
    );
    chooseCertificateCalled = true;
    return true;
  },
@@ -51,24 +47,31 @@ const clientAuthDialogs = {
  QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogs"]),
};

/**
 * A helper class to use with nsITLSServerConnectionInfo.setSecurityObserver.
 * Implements nsITLSServerSecurityObserver and simulates an extremely
 * rudimentary HTTP server that expects an HTTP/1.1 GET request and responds
 * with a 200 OK.
 */
class SecurityObserver {
  constructor(input, output) {
    this.input = input;
    this.output = output;
  }
function startServer(cert) {
  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
    Ci.nsITLSServerSocket
  );
  tlsServer.init(-1, true, -1);
  tlsServer.serverCert = cert;

  let input, output;

  let listener = {
    onSocketAccepted(socket, transport) {
      info("Accepted TLS client connection");
      let connectionInfo = transport.securityCallbacks.getInterface(
        Ci.nsITLSServerConnectionInfo
      );
      connectionInfo.setSecurityObserver(listener);
      input = transport.openInputStream(0, 0, 0);
      output = transport.openOutputStream(0, 0, 0);
    },

    onHandshakeDone(socket, status) {
      info("TLS handshake done");
      handshakeDone = true;

    let output = this.output;
    this.input.asyncWait(
      input.asyncWait(
        {
          onInputStreamReady(readyInput) {
            try {
@@ -85,7 +88,6 @@ class SecurityObserver {
                "Connection:Close\r\nContent-Length:2\r\n\r\nOK";
              output.write(response, response.length);
            } catch (e) {
            console.log(e.message);
              // This will fail when we close the speculative connection.
            }
          },
@@ -94,35 +96,12 @@ class SecurityObserver {
        0,
        Services.tm.currentThread
      );
  }
}

function startServer(cert) {
  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
    Ci.nsITLSServerSocket
  );
  tlsServer.init(-1, true, -1);
  tlsServer.serverCert = cert;

  let securityObservers = [];

  let listener = {
    onSocketAccepted(socket, transport) {
      info("Accepted TLS client connection");
      let connectionInfo = transport.securityCallbacks.getInterface(
        Ci.nsITLSServerConnectionInfo
      );
      let input = transport.openInputStream(0, 0, 0);
      let output = transport.openOutputStream(0, 0, 0);
      connectionInfo.setSecurityObserver(new SecurityObserver(input, output));
    },

    onStopListening() {
      info("onStopListening");
      for (let securityObserver of securityObservers) {
        securityObserver.input.close();
        securityObserver.output.close();
      }
      input.close();
      output.close();
    },
  };

+0 −2
Original line number Diff line number Diff line
@@ -179,7 +179,5 @@ FuzzySocketControl::AsyncGetSecurityInfo(JSContext* aCx,
  return NS_ERROR_NOT_IMPLEMENTED;
}

NS_IMETHODIMP FuzzySocketControl::Claim() { return NS_OK; }

}  // namespace net
}  // namespace mozilla
+6 −0
Original line number Diff line number Diff line
@@ -306,6 +306,12 @@ Predictor::GetAllow1918(bool* allow1918) {
  return NS_OK;
}

NS_IMETHODIMP
Predictor::GetIgnoreUserCertCheck(bool* ignore) {
  *ignore = false;
  return NS_OK;
}

// Predictor::nsIInterfaceRequestor

NS_IMETHODIMP
+2 −7
Original line number Diff line number Diff line
@@ -283,17 +283,12 @@ interface nsISocketTransport : nsITransport
     * only set on CORS preflight request to allowed sending client certificates
     * on a connection for an anonymous request.
     */
    const unsigned long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = (1 << 14);
    const long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = (1 << 14);

    /**
     * If set, we've retrying after a failed connection attempt.
     */
    const unsigned long IS_RETRY = (1 << 15);

    /**
     * If set, this is a speculative connection.
     */
    const unsigned long IS_SPECULATIVE_CONNECTION = (1 << 16);
    const long IS_RETRY = (1 << 15);

    /**
     * An opaque flags for non-standard behavior of the TLS system.
+8 −0
Original line number Diff line number Diff line
@@ -68,4 +68,12 @@ interface nsISpeculativeConnectionOverrider : nsISupports
     * by default speculative connections are not made to RFC 1918 addresses
     */
    [infallible] readonly attribute boolean allow1918;

    /**
     * By default the speculative connections triggered by nsISpeculativeConnect
     * should respect the user certificate checks implemented in nsHttpHandler.
     * The checks can be ignored for `Link: rel=preconnect` and is also
     * controlled by a pref.
     */
    [infallible] readonly attribute boolean ignoreUserCertCheck;
};
Loading