mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 767516 - Rename: s/SSLConnect/ProxyConnect/g r=mcmanus

This commit is contained in:
Jason Duell 2012-06-25 12:48:50 -07:00
Родитель 9392a5a0d0
Коммит b6e7808734
12 изменённых файлов: 47 добавлений и 55 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
netwerk/protocol/http/NullHttpTransaction.cpp
Просмотреть файл

@ -152,7 +152,7 @@ NullHttpTransaction::TakeSubTransactions(
}
void
NullHttpTransaction::SetSSLConnectFailed()
NullHttpTransaction::SetProxyConnectFailed()
{
}

2
netwerk/protocol/http/NullHttpTransaction.h
Просмотреть файл

@ -18,7 +18,7 @@
// This is the minimal nsAHttpTransaction implementation. A NullHttpTransaction
// can be used to drive connection level semantics (such as SSL handshakes
// tunnels) so that a nsHttpConnection becomes fully established in
// anticiation of a real transaction needing to use it soon.
// anticipation of a real transaction needing to use it soon.
namespace mozilla { namespace net {

4
netwerk/protocol/http/SpdySession2.cpp
Просмотреть файл

@ -2161,9 +2161,9 @@ SpdySession2::GetSecurityCallbacks(nsIInterfaceRequestor **,
}
void
SpdySession2::SetSSLConnectFailed()
SpdySession2::SetProxyConnectFailed()
{
NS_ABORT_IF_FALSE(false, "SpdySession2::SetSSLConnectFailed()");
NS_ABORT_IF_FALSE(false, "SpdySession2::SetProxyConnectFailed()");
}
bool

4
netwerk/protocol/http/SpdySession3.cpp
Просмотреть файл

@ -2218,9 +2218,9 @@ SpdySession3::GetSecurityCallbacks(nsIInterfaceRequestor **,
}
void
SpdySession3::SetSSLConnectFailed()
SpdySession3::SetProxyConnectFailed()
{
NS_ABORT_IF_FALSE(false, "SpdySession3::SetSSLConnectFailed()");
NS_ABORT_IF_FALSE(false, "SpdySession3::SetProxyConnectFailed()");
}
bool

6
netwerk/protocol/http/nsAHttpTransaction.h
Просмотреть файл

@ -63,8 +63,8 @@ public:
// called to close the transaction
virtual void Close(nsresult reason) = 0;
// called to indicate a failure at the SSL setup level
virtual void SetSSLConnectFailed() = 0;
// called to indicate a failure with proxy CONNECT
virtual void SetProxyConnectFailed() = 0;
// called to retrieve the request headers of the transaction
virtual nsHttpRequestHead *RequestHead() = 0;
@ -149,7 +149,7 @@ public:
nsresult ReadSegments(nsAHttpSegmentReader *, PRUint32, PRUint32 *); \
nsresult WriteSegments(nsAHttpSegmentWriter *, PRUint32, PRUint32 *); \
void Close(nsresult reason); \
void SetSSLConnectFailed(); \
void SetProxyConnectFailed(); \
nsHttpRequestHead *RequestHead(); \
PRUint32 Http1xTransactionCount(); \
nsresult TakeSubTransactions(nsTArray<nsRefPtr<nsAHttpTransaction> > &outTransactions); \

49
netwerk/protocol/http/nsHttpChannel.cpp
Просмотреть файл

@ -709,8 +709,8 @@ nsHttpChannel::SetupTransaction()
if (!mAllowSpdy)
mCaps |= NS_HTTP_DISALLOW_SPDY;
// use the URI path if not proxying (transparent proxying such as SSL proxy
// does not count here). also, figure out what version we should be speaking.
// Use the URI path if not proxying (transparent proxying such as proxy
// CONNECT does not count here). Also figure out what HTTP version to use.
nsCAutoString buf, path;
nsCString* requestURI;
if (mConnectionInfo->UsingConnect() ||
@ -986,21 +986,21 @@ nsHttpChannel::CallOnStartRequest()
}
nsresult
nsHttpChannel::ProcessFailedSSLConnect(PRUint32 httpStatus)
nsHttpChannel::ProcessFailedProxyConnect(PRUint32 httpStatus)
{
// Failure to set up SSL proxy tunnel means one of the following:
// Failure to set up a proxy tunnel via CONNECT means one of the following:
// 1) Proxy wants authorization, or forbids.
// 2) DNS at proxy couldn't resolve target URL.
// 3) Proxy connection to target failed or timed out.
// 4) Eve noticed our proxy CONNECT, and is replying with malicious HTML.
//
// Our current architecture will parse response content with the
// permission of the target URL! Given #4, we must avoid rendering the
// body of the reply, and instead give the user a (hopefully helpful)
// 4) Eve intercepted our CONNECT, and is replying with malicious HTML.
//
// Our current architecture would parse the proxy's response content with
// the permission of the target URL. Given #4, we must avoid rendering the
// body of the reply, and instead give the user a (hopefully helpful)
// boilerplate error page, based on just the HTTP status of the reply.
NS_ABORT_IF_FALSE(mConnectionInfo->UsingConnect(),
"SSL connect failed but not using SSL?");
"proxy connect failed but not using CONNECT?");
nsresult rv;
switch (httpStatus)
{
@ -1051,21 +1051,13 @@ nsHttpChannel::ProcessFailedSSLConnect(PRUint32 httpStatus)
rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
break;
}
LOG(("Cancelling failed SSL proxy connection [this=%p httpStatus=%u]\n",
LOG(("Cancelling failed proxy CONNECT [this=%p httpStatus=%u]\n",
this, httpStatus));
Cancel(rv);
CallOnStartRequest();
return rv;
}
bool
nsHttpChannel::ShouldSSLProxyResponseContinue(PRUint32 httpStatus)
{
// When SSL connect has failed, allow proxy reply to continue only if it's
// a 407 (proxy authentication required) response
return (httpStatus == 407);
}
/**
* Decide whether or not to remember Strict-Transport-Security, and whether
* or not to enforce channel integrity.
@ -1163,10 +1155,11 @@ nsHttpChannel::ProcessResponse()
LOG(("nsHttpChannel::ProcessResponse [this=%p httpStatus=%u]\n",
this, httpStatus));
if (mTransaction->SSLConnectFailed()) {
if (!ShouldSSLProxyResponseContinue(httpStatus))
return ProcessFailedSSLConnect(httpStatus);
// If SSL proxy response needs to complete, wait to process connection
if (mTransaction->ProxyConnectFailed()) {
// Only allow 407 (authentication required) to continue
if (httpStatus != 407)
return ProcessFailedProxyConnect(httpStatus);
// If proxy CONNECT response needs to complete, wait to process connection
// for Strict-Transport-Security.
} else {
// Given a successful connection, process any STS data that's relevant.
@ -1270,7 +1263,7 @@ nsHttpChannel::ProcessResponse()
case 401:
case 407:
rv = mAuthProvider->ProcessAuthentication(
httpStatus, mTransaction->SSLConnectFailed());
httpStatus, mTransaction->ProxyConnectFailed());
if (rv == NS_ERROR_IN_PROGRESS) {
// authentication prompt has been invoked and result
// is expected asynchronously
@ -1285,8 +1278,8 @@ nsHttpChannel::ProcessResponse()
}
else if (NS_FAILED(rv)) {
LOG(("ProcessAuthentication failed [rv=%x]\n", rv));
if (mTransaction->SSLConnectFailed())
return ProcessFailedSSLConnect(httpStatus);
if (mTransaction->ProxyConnectFailed())
return ProcessFailedProxyConnect(httpStatus);
if (!mAuthRetryPending)
mAuthProvider->CheckForSuperfluousAuth();
rv = ProcessNormal();
@ -1357,8 +1350,8 @@ nsHttpChannel::ContinueProcessResponse(nsresult rv)
}
LOG(("ContinueProcessResponse got failure result [rv=%x]\n", rv));
if (mTransaction->SSLConnectFailed()) {
return ProcessFailedSSLConnect(mRedirectType);
if (mTransaction->ProxyConnectFailed()) {
return ProcessFailedProxyConnect(mRedirectType);
}
return ProcessNormal();
}

3
netwerk/protocol/http/nsHttpChannel.h
Просмотреть файл

@ -172,8 +172,7 @@ private:
nsresult AsyncProcessRedirection(PRUint32 httpStatus);
nsresult ContinueProcessRedirection(nsresult);
nsresult ContinueProcessRedirectionAfterFallback(nsresult);
bool ShouldSSLProxyResponseContinue(PRUint32 httpStatus);
nsresult ProcessFailedSSLConnect(PRUint32 httpStatus);
nsresult ProcessFailedProxyConnect(PRUint32 httpStatus);
nsresult ProcessFallback(bool *waitingForRedirectCallback);
nsresult ContinueProcessFallback(nsresult);
void HandleAsyncAbort();

12
netwerk/protocol/http/nsHttpConnection.cpp
Просмотреть файл

@ -828,9 +828,9 @@ nsHttpConnection::OnHeadersAvailable(nsAHttpTransaction *trans,
if (!mProxyConnectStream)
HandleAlternateProtocol(responseHead);
// if we're doing an SSL proxy connect, then we need to check whether or not
// the connect was successful. if so, then we have to reset the transaction
// and step-up the socket connection to SSL. finally, we have to wake up the
// If we're doing a proxy connect, we need to check whether or not
// it was successful. If so, we have to reset the transaction and step-up
// the socket connection if using SSL. Finally, we have to wake up the
// socket write request.
if (mProxyConnectStream) {
NS_ABORT_IF_FALSE(!mUsingSpdyVersion,
@ -855,7 +855,7 @@ nsHttpConnection::OnHeadersAvailable(nsAHttpTransaction *trans,
else {
LOG(("proxy CONNECT failed! ssl=%s\n",
mConnInfo->UsingSSL() ? "true" :"false"));
mTransaction->SetSSLConnectFailed();
mTransaction->SetProxyConnectFailed();
}
}
@ -1195,8 +1195,8 @@ nsHttpConnection::OnSocketWritable()
do {
mSocketOutCondition = NS_OK;
// if we're doing an SSL proxy connect, then we need to bypass calling
// into the transaction.
// If we're doing a proxy connect, then we need to bypass calling into
// the transaction.
//
// NOTE: this code path can't be shared since the transaction doesn't
// implement nsIInputStream. doing so is not worth the added cost of

6
netwerk/protocol/http/nsHttpPipeline.cpp
Просмотреть файл

@ -345,12 +345,12 @@ nsHttpPipeline::Classification()
}
void
nsHttpPipeline::SetSSLConnectFailed()
nsHttpPipeline::SetProxyConnectFailed()
{
nsAHttpTransaction *trans = Request(0);
if (trans)
trans->SetSSLConnectFailed();
trans->SetProxyConnectFailed();
}
nsHttpRequestHead *
@ -647,7 +647,7 @@ nsHttpPipeline::WriteSegments(nsAHttpSegmentWriter *writer,
trans = Response(0);
// This code deals with the establishment of a CONNECT tunnel through
// an HTTP proxy. It allows the connection to do the CONNECT/200
// HTTP transaction to establish an SSL tunnel as a precursor to the
// HTTP transaction to establish a tunnel as a precursor to the
// actual pipeline of regular HTTP transactions.
if (!trans && mRequestQ.Length() &&
mConnection->IsProxyConnectInProgress()) {

6
netwerk/protocol/http/nsHttpTransaction.cpp
Просмотреть файл

@ -101,7 +101,7 @@ nsHttpTransaction::nsHttpTransaction()
, mReceivedData(false)
, mStatusEventPending(false)
, mHasRequestBody(false)
, mSSLConnectFailed(false)
, mProxyConnectFailed(false)
, mHttpResponseMatched(false)
, mPreserveStream(false)
, mReportedStart(false)
@ -352,9 +352,9 @@ nsHttpTransaction::TakeResponseHead()
}
void
nsHttpTransaction::SetSSLConnectFailed()
nsHttpTransaction::SetProxyConnectFailed()
{
mSSLConnectFailed = true;
mProxyConnectFailed = true;
}
nsHttpRequestHead *

4
netwerk/protocol/http/nsHttpTransaction.h
Просмотреть файл

@ -94,7 +94,7 @@ public:
// Called to find out if the transaction generated a complete response.
bool ResponseIsComplete() { return mResponseIsComplete; }
bool SSLConnectFailed() { return mSSLConnectFailed; }
bool ProxyConnectFailed() { return mProxyConnectFailed; }
// SetPriority() may only be used by the connection manager.
void SetPriority(PRInt32 priority) { mPriority = priority; }
@ -189,7 +189,7 @@ private:
bool mReceivedData;
bool mStatusEventPending;
bool mHasRequestBody;
bool mSSLConnectFailed;
bool mProxyConnectFailed;
bool mHttpResponseMatched;
bool mPreserveStream;

4
netwerk/protocol/http/nsIHttpAuthManager.idl
Просмотреть файл

@ -27,7 +27,7 @@ interface nsIHttpAuthManager : nsISupports
*
* @param aScheme
* the URL scheme (e.g., "http"). NOTE: for proxy authentication,
* this should be "http" (this includes authentication for SSL
* this should be "http" (this includes authentication for CONNECT
* tunneling).
* @param aHost
* the host of the server issuing a challenge (ASCII only).
@ -61,7 +61,7 @@ interface nsIHttpAuthManager : nsISupports
*
* @param aScheme
* the URL scheme (e.g., "http"). NOTE: for proxy authentication,
* this should be "http" (this includes authentication for SSL
* this should be "http" (this includes authentication for CONNECT
* tunneling).
* @param aHost
* the host of the server issuing a challenge (ASCII only).