зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1223131 - Don't remove a host from the whitelist if the version fallback was needed. r=keeler
This commit is contained in:
Родитель
a844c833b5
Коммит
4b8e5ced0f
|
@ -668,6 +668,7 @@ SSL_SetStapledOCSPResponses
|
|||
SSL_SetURL
|
||||
SSL_SNISocketConfigHook
|
||||
SSL_VersionRangeGet
|
||||
SSL_VersionRangeGetDefault
|
||||
SSL_VersionRangeGetSupported
|
||||
SSL_VersionRangeSet
|
||||
SSL_VersionRangeSetDefault
|
||||
|
|
|
@ -1245,9 +1245,13 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||
} else {
|
||||
state = nsIWebProgressListener::STATE_IS_SECURE |
|
||||
nsIWebProgressListener::STATE_SECURE_HIGH;
|
||||
// we know this site no longer requires a weak cipher
|
||||
ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
|
||||
infoObject->GetPort());
|
||||
SSLVersionRange defVersion;
|
||||
rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
|
||||
if (rv == SECSuccess && versions.max >= defVersion.max) {
|
||||
// we know this site no longer requires a weak cipher
|
||||
ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
|
||||
infoObject->GetPort());
|
||||
}
|
||||
}
|
||||
infoObject->SetSecurityState(state);
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче