зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1627654 - Setup resumption callback when nsNSSSocketInfo is created r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D69883 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
6f548f45a6
Коммит
7829c32789
|
@ -335,8 +335,5 @@ FuzzySecurityInfo::GetPeerId(nsACString& aResult) {
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
FuzzySecurityInfo::SetResumptionTokenFromExternalCache() { return NS_OK; }
|
||||
|
||||
} // namespace net
|
||||
} // namespace mozilla
|
||||
|
|
|
@ -737,7 +737,6 @@ nsSocketTransport::nsSocketTransport()
|
|||
mFastOpenStatus(TFO_NOT_SET),
|
||||
mFirstRetryError(NS_OK),
|
||||
mDoNotRetryToConnect(false),
|
||||
mSSLCallbackSet(false),
|
||||
mUsingQuic(false) {
|
||||
this->mNetAddr.raw.family = 0;
|
||||
this->mNetAddr.inet = {};
|
||||
|
@ -1278,36 +1277,6 @@ nsresult nsSocketTransport::BuildSocket(PRFileDesc*& fd, bool& proxyTransparent,
|
|||
return rv;
|
||||
}
|
||||
|
||||
// static
|
||||
SECStatus nsSocketTransport::StoreResumptionToken(
|
||||
PRFileDesc* fd, const PRUint8* resumptionToken, unsigned int len,
|
||||
void* ctx) {
|
||||
PRIntn val;
|
||||
if (SSL_OptionGet(fd, SSL_ENABLE_SESSION_TICKETS, &val) != SECSuccess ||
|
||||
val == 0) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISSLSocketControl> secCtrl =
|
||||
do_QueryInterface(static_cast<nsSocketTransport*>(ctx)->mSecInfo);
|
||||
if (!secCtrl) {
|
||||
return SECFailure;
|
||||
}
|
||||
nsAutoCString peerId;
|
||||
secCtrl->GetPeerId(peerId);
|
||||
|
||||
nsCOMPtr<nsITransportSecurityInfo> secInfo = do_QueryInterface(secCtrl);
|
||||
if (!secInfo) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if (NS_FAILED(SSLTokensCache::Put(peerId, resumptionToken, len, secInfo))) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
nsresult nsSocketTransport::InitiateSocket() {
|
||||
SOCKET_LOG(("nsSocketTransport::InitiateSocket [this=%p]\n", this));
|
||||
|
||||
|
@ -1622,19 +1591,6 @@ nsresult nsSocketTransport::InitiateSocket() {
|
|||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
|
||||
if (usingSSL && secCtrl && SSLTokensCache::IsEnabled()) {
|
||||
rv = secCtrl->SetResumptionTokenFromExternalCache();
|
||||
if (NS_FAILED(rv)) {
|
||||
SOCKET_LOG(("SetResumptionTokenFromExternalCache failed [rv=%" PRIx32
|
||||
"]\n",
|
||||
static_cast<uint32_t>(rv)));
|
||||
return rv;
|
||||
}
|
||||
SSL_SetResumptionTokenCallback(fd, &StoreResumptionToken, this);
|
||||
mSSLCallbackSet = true;
|
||||
}
|
||||
|
||||
bool connectCalled = true; // This is only needed for telemetry.
|
||||
status = PR_Connect(fd, &prAddr, NS_SOCKET_CONNECT_TIMEOUT);
|
||||
PRErrorCode code = PR_GetError();
|
||||
|
@ -2121,11 +2077,6 @@ void nsSocketTransport::ReleaseFD_Locked(PRFileDesc* fd) {
|
|||
NS_ASSERTION(mFD == fd, "wrong fd");
|
||||
|
||||
if (--mFDref == 0) {
|
||||
if (mSSLCallbackSet) {
|
||||
SSL_SetResumptionTokenCallback(fd, nullptr, nullptr);
|
||||
mSSLCallbackSet = false;
|
||||
}
|
||||
|
||||
if (gIOService->IsNetTearingDown() &&
|
||||
((PR_IntervalNow() - gIOService->NetTearingDownStarted()) >
|
||||
gSocketTransportService->MaxTimeForPrClosePref())) {
|
||||
|
|
|
@ -174,10 +174,6 @@ class nsSocketTransport final : public nsASocketHandler,
|
|||
virtual ~nsSocketTransport();
|
||||
|
||||
private:
|
||||
static SECStatus StoreResumptionToken(PRFileDesc* fd,
|
||||
const PRUint8* resumptionToken,
|
||||
unsigned int len, void* ctx);
|
||||
|
||||
// event types
|
||||
enum {
|
||||
MSG_ENSURE_CONNECT,
|
||||
|
@ -475,11 +471,6 @@ class nsSocketTransport final : public nsASocketHandler,
|
|||
|
||||
bool mDoNotRetryToConnect;
|
||||
|
||||
// True if SSL_SetResumptionTokenCallback was called. We need to clear the
|
||||
// callback when mFD is nulled out to make sure the ssl layer cannot call
|
||||
// the callback after nsSocketTransport is destroyed.
|
||||
bool mSSLCallbackSet;
|
||||
|
||||
// If the connection is used for QUIC this is set to true. That will mean
|
||||
// that UDP will be used. QUIC do not have a SocketProvider because it is a
|
||||
// mix of transport and application(HTTP) level protocol. nsSocketTransport
|
||||
|
|
|
@ -71,10 +71,6 @@ interface nsISSLSocketControl : nsISupports {
|
|||
*/
|
||||
boolean isAcceptableForHost(in ACString hostname);
|
||||
|
||||
/* Read the resumption token from SSLTokansCache and set it to the socket.
|
||||
*/
|
||||
[noscript] void setResumptionTokenFromExternalCache();
|
||||
|
||||
/* The Key Exchange Algorithm is used when determining whether or
|
||||
not HTTP/2 can be used.
|
||||
|
||||
|
|
|
@ -251,8 +251,3 @@ NS_IMETHODIMP
|
|||
CommonSocketControl::GetPeerId(nsACString& aResult) {
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CommonSocketControl::SetResumptionTokenFromExternalCache() {
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
|
|
@ -677,6 +677,12 @@ PRStatus nsNSSSocketInfo::CloseSocketAndDestroy() {
|
|||
poppedPlaintext->dtor(poppedPlaintext);
|
||||
}
|
||||
|
||||
// We need to clear the callback to make sure the ssl layer cannot call the
|
||||
// callback after mFD is nulled.
|
||||
if (net::SSLTokensCache::IsEnabled()) {
|
||||
SSL_SetResumptionTokenCallback(mFd, nullptr, nullptr);
|
||||
}
|
||||
|
||||
PRStatus status = mFd->methods->close(mFd);
|
||||
|
||||
// the nsNSSSocketInfo instance can out-live the connection, so we need some
|
||||
|
@ -757,8 +763,7 @@ nsNSSSocketInfo::GetPeerId(nsACString& aResult) {
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSSocketInfo::SetResumptionTokenFromExternalCache() {
|
||||
nsresult nsNSSSocketInfo::SetResumptionTokenFromExternalCache() {
|
||||
if (!mozilla::net::SSLTokensCache::IsEnabled()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -2323,6 +2328,29 @@ static nsresult nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
SECStatus StoreResumptionToken(PRFileDesc* fd, const PRUint8* resumptionToken,
|
||||
unsigned int len, void* ctx) {
|
||||
PRIntn val;
|
||||
if (SSL_OptionGet(fd, SSL_ENABLE_SESSION_TICKETS, &val) != SECSuccess ||
|
||||
val == 0) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*)ctx;
|
||||
if (!infoObject) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
nsAutoCString peerId;
|
||||
infoObject->GetPeerId(peerId);
|
||||
if (NS_FAILED(
|
||||
net::SSLTokensCache::Put(peerId, resumptionToken, len, infoObject))) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
|
||||
nsIProxyInfo* proxy,
|
||||
const OriginAttributes& originAttributes,
|
||||
|
@ -2421,6 +2449,14 @@ nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
|
|||
|
||||
infoObject->SharedState().NoteSocketCreated();
|
||||
|
||||
if (net::SSLTokensCache::IsEnabled()) {
|
||||
rv = infoObject->SetResumptionTokenFromExternalCache();
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
SSL_SetResumptionTokenCallback(sslSock, &StoreResumptionToken, infoObject);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
loser:
|
||||
NS_IF_RELEASE(infoObject);
|
||||
|
|
|
@ -69,7 +69,6 @@ class nsNSSSocketInfo final : public CommonSocketControl {
|
|||
NS_IMETHOD GetEsniTxt(nsACString& aEsniTxt) override;
|
||||
NS_IMETHOD SetEsniTxt(const nsACString& aEsniTxt) override;
|
||||
NS_IMETHOD GetPeerId(nsACString& aResult) override;
|
||||
NS_IMETHOD SetResumptionTokenFromExternalCache() override;
|
||||
|
||||
PRStatus CloseSocketAndDestroy();
|
||||
|
||||
|
@ -160,6 +159,8 @@ class nsNSSSocketInfo final : public CommonSocketControl {
|
|||
|
||||
void SetSharedOwningReference(mozilla::psm::SharedSSLState* ref);
|
||||
|
||||
nsresult SetResumptionTokenFromExternalCache();
|
||||
|
||||
protected:
|
||||
virtual ~nsNSSSocketInfo();
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче