mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset 06f87ee5bbbb (bug 1231203) for xpcshell and TV failures on security/manager/ssl/tests/unit/test_ocsp_private_caching.js on a CLOSED TREE

This commit is contained in:
Dorel Luca 2018-02-10 05:34:40 +02:00
Родитель 668b05feb3
Коммит 5642ca2d02
4 изменённых файлов: 4 добавлений и 105 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

12
security/manager/ssl/nsNSSCallbacks.cpp
Просмотреть файл

@ -119,19 +119,13 @@ nsHTTPDownloadEvent::Run()
chan->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS |
nsIChannel::LOAD_BYPASS_SERVICE_WORKER);
// For OCSP requests, only the first party domain and private browsing id
// aspects of origin attributes are used. This means that:
// a) if first party isolation is enabled, OCSP requests will be isolated
// according to the first party domain of the original https request
// b) OCSP requests are shared across different containers as long as first
// party isolation is not enabled and none of the containers are in private
// browsing mode.
// For OCSP requests, only the first party domain aspect of origin attributes
// is used. This means that OCSP requests are shared across different
// containers.
if (mRequestSession->mOriginAttributes != OriginAttributes()) {
OriginAttributes attrs;
attrs.mFirstPartyDomain =
mRequestSession->mOriginAttributes.mFirstPartyDomain;
attrs.mPrivateBrowsingId =
mRequestSession->mOriginAttributes.mPrivateBrowsingId;
nsCOMPtr<nsILoadInfo> loadInfo = chan->GetLoadInfo();
if (loadInfo) {

8
security/manager/ssl/tests/unit/head_psm.js
Просмотреть файл

@ -607,12 +607,9 @@ function getFailingHttpServer(serverPort, serverIdentities) {
// by which HTTP method the server is expected to be queried.
// expectedResponseTypes is an optional array of OCSP response types to use (see
// GenerateOCSPResponse.cpp).
// responseHeaderPairs is an optional array of HTTP header (name, value) pairs
// to set in each response.
function startOCSPResponder(serverPort, identity, nssDBLocation,
expectedCertNames, expectedBasePaths,
expectedMethods, expectedResponseTypes,
responseHeaderPairs = []) {
expectedMethods, expectedResponseTypes) {
let ocspResponseGenerationArgs = expectedCertNames.map(
function(expectedNick) {
let responseType = "good";
@ -641,9 +638,6 @@ function startOCSPResponder(serverPort, identity, nssDBLocation,
}
aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
aResponse.setHeader("Content-Type", "application/ocsp-response");
for (let headerPair of responseHeaderPairs) {
aResponse.setHeader(headerPair[0], headerPair[1]);
}
aResponse.write(ocspResponses.shift());
});
httpServer.identity.setPrimary("http", identity, serverPort);

87
security/manager/ssl/tests/unit/test_ocsp_private_caching.js
Просмотреть файл

@ -1,87 +0,0 @@
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
"use strict";
// In which we connect to a host and encounter OCSP responses with the
// Cache-Control header set, which Necko will normally cache. We need to ensure
// that these responses aren't cached to disk when the original https request
// was in a private context.
do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
const SERVER_PORT = 8888;
function start_ocsp_responder(expectedCertNames, expectedPaths,
expectedMethods) {
return startOCSPResponder(SERVER_PORT, "www.example.com",
"test_ocsp_fetch_method", expectedCertNames,
expectedPaths, expectedMethods);
}
function check_cert_err(cert_name, expected_error) {
let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
return checkCertErrorGeneric(certdb, cert, expected_error,
certificateUsageSSLServer);
}
function add_ocsp_necko_cache_test(loadContext, shouldFindEntry) {
// Pre-testcase cleanup/setup.
let responder;
add_test(() => {
Services.cache2.clear();
clearOCSPCache();
clearSessionCache();
responder = startOCSPResponder(SERVER_PORT, "localhost", "ocsp_certs",
["default-ee"], [], [], [],
[["Cache-Control", "max-age: 1000"]]);
run_next_test();
});
// Prepare a connection that will cause an OCSP request.
add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
null, null, null, loadContext.originAttributes);
// Traverse the cache and ensure the response made it into the cache with the
// appropriate properties (private or not private).
add_test(() => {
let foundEntry = false;
let visitor = {
onCacheStorageInfo() {},
onCacheEntryInfo(aURI, aIdEnhance, aDataSize, aFetchCount,
aLastModifiedTime, aExpirationTime, aPinned, aInfo) {
Assert.equal(aURI.spec, "http://localhost:8888/",
"expected OCSP request URI should match");
foundEntry = true;
},
onCacheEntryVisitCompleted() {
Assert.equal(foundEntry, shouldFindEntry,
"should only find a cached entry if we're expecting one");
run_next_test();
},
QueryInterface(iid) {
if (iid.equals(Ci.nsICacheStorageVisitor)) {
return this;
}
throw Cr.NS_ERROR_NO_INTERFACE;
},
};
Services.cache2.asyncVisitAllStorages(visitor, true);
});
// Clean up (stop the responder).
add_test(() => {
responder.stop(run_next_test);
});
}
function run_test() {
add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
add_ocsp_necko_cache_test(Services.loadContextInfo.default, true);
add_ocsp_necko_cache_test(Services.loadContextInfo.private, false);
run_next_test();
}

2
security/manager/ssl/tests/unit/xpcshell.ini
Просмотреть файл

@ -122,8 +122,6 @@ run-sequentially = hardcoded ports
run-sequentially = hardcoded ports
[test_ocsp_must_staple.js]
run-sequentially = hardcoded ports
[test_ocsp_private_caching.js]
run-sequentially = hardcoded ports
[test_ocsp_no_hsts_upgrade.js]
run-sequentially = hardcoded ports
[test_ocsp_required.js]