зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1754744 - isolating TLS handshake code, r=necko-reviewers,dragana
Differential Revision: https://phabricator.services.mozilla.com/D141093
This commit is contained in:
Родитель
7f4ca3792c
Коммит
dc33837cad
|
@ -139,8 +139,9 @@ void DnsAndConnectSocket::PrintDiagnostics(nsCString& log) {
|
|||
void nsHttpConnection::PrintDiagnostics(nsCString& log) {
|
||||
log.AppendPrintf(" CanDirectlyActivate = %d\n", CanDirectlyActivate());
|
||||
|
||||
log.AppendPrintf(" npncomplete = %d setupSSLCalled = %d\n", mNPNComplete,
|
||||
mSetupSSLCalled);
|
||||
log.AppendPrintf(" npncomplete = %d setupSSLCalled = %d\n",
|
||||
mTlsHandshaker->NPNComplete(),
|
||||
mTlsHandshaker->SetupSSLCalled());
|
||||
|
||||
log.AppendPrintf(" spdyVersion = %d reportedSpdy = %d everspdy = %d\n",
|
||||
static_cast<int32_t>(mUsingSpdyVersion), mReportedSpdy,
|
||||
|
|
|
@ -0,0 +1,332 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim:set ts=4 sw=2 sts=2 et cin: */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
// HttpLog.h should generally be included first
|
||||
#include "HttpLog.h"
|
||||
|
||||
#include "TlsHandshaker.h"
|
||||
#include "nsHttpConnectionInfo.h"
|
||||
#include "nsHttpConnection.h"
|
||||
#include "nsHttpHandler.h"
|
||||
#include "nsISSLSocketControl.h"
|
||||
#include "mozilla/StaticPrefs_network.h"
|
||||
|
||||
#define TLS_EARLY_DATA_NOT_AVAILABLE 0
|
||||
#define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
|
||||
#define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
|
||||
|
||||
namespace mozilla::net {
|
||||
|
||||
NS_IMPL_ISUPPORTS(TlsHandshaker, nsITlsHandshakeCallbackListener)
|
||||
|
||||
TlsHandshaker::TlsHandshaker(nsHttpConnectionInfo* aInfo,
|
||||
nsHttpConnection* aOwner)
|
||||
: mConnInfo(aInfo), mOwner(aOwner) {
|
||||
LOG(("TlsHandshaker ctor %p", this));
|
||||
}
|
||||
|
||||
TlsHandshaker::~TlsHandshaker() { LOG(("TlsHandshaker dtor %p", this)); }
|
||||
|
||||
NS_IMETHODIMP
|
||||
TlsHandshaker::HandshakeDone() {
|
||||
LOG(("TlsHandshaker::HandshakeDone mOwner=%p", mOwner.get()));
|
||||
if (mOwner) {
|
||||
mTlsHandshakeComplitionPending = true;
|
||||
|
||||
// HandshakeDone needs to be dispatched so that it is not called inside
|
||||
// nss locks.
|
||||
RefPtr<TlsHandshaker> self(this);
|
||||
NS_DispatchToCurrentThread(NS_NewRunnableFunction(
|
||||
"TlsHandshaker::HandshakeDoneInternal", [self{std::move(self)}]() {
|
||||
if (self->mTlsHandshakeComplitionPending && self->mOwner) {
|
||||
self->mOwner->HandshakeDoneInternal();
|
||||
self->mTlsHandshakeComplitionPending = false;
|
||||
}
|
||||
}));
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void TlsHandshaker::SetupSSL(bool aInSpdyTunnel, bool aForcePlainText) {
|
||||
if (!mOwner) {
|
||||
return;
|
||||
}
|
||||
|
||||
LOG1(("TlsHandshaker::SetupSSL %p caps=0x%X %s\n", mOwner.get(),
|
||||
mOwner->TransactionCaps(), mConnInfo->HashKey().get()));
|
||||
|
||||
if (mSetupSSLCalled) { // do only once
|
||||
return;
|
||||
}
|
||||
mSetupSSLCalled = true;
|
||||
|
||||
if (mNPNComplete) {
|
||||
return;
|
||||
}
|
||||
|
||||
// we flip this back to false if SetNPNList succeeds at the end
|
||||
// of this function
|
||||
mNPNComplete = true;
|
||||
|
||||
if (!mConnInfo->FirstHopSSL() || aForcePlainText) {
|
||||
return;
|
||||
}
|
||||
|
||||
// if we are connected to the proxy with TLS, start the TLS
|
||||
// flow immediately without waiting for a CONNECT sequence.
|
||||
DebugOnly<nsresult> rv{};
|
||||
if (aInSpdyTunnel) {
|
||||
rv = InitSSLParams(false, true);
|
||||
} else {
|
||||
bool usingHttpsProxy = mConnInfo->UsingHttpsProxy();
|
||||
rv = InitSSLParams(usingHttpsProxy, usingHttpsProxy);
|
||||
}
|
||||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||
}
|
||||
|
||||
nsresult TlsHandshaker::InitSSLParams(bool connectingToProxy,
|
||||
bool proxyStartSSL) {
|
||||
LOG(("TlsHandshaker::InitSSLParams [mOwner=%p] connectingToProxy=%d\n",
|
||||
mOwner.get(), connectingToProxy));
|
||||
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
|
||||
|
||||
if (!mOwner) {
|
||||
return NS_ERROR_ABORT;
|
||||
}
|
||||
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsISupports> securityInfo;
|
||||
mOwner->GetSecurityInfo(getter_AddRefs(securityInfo));
|
||||
if (!securityInfo) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
// If proxy is use or 0RTT is excluded for a origin, don't use early-data.
|
||||
if (mConnInfo->UsingProxy() || gHttpHandler->Is0RttTcpExcluded(mConnInfo)) {
|
||||
ssl->DisableEarlyData();
|
||||
}
|
||||
|
||||
if (proxyStartSSL) {
|
||||
rv = ssl->ProxyStartSSL();
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(SetupNPNList(ssl, mOwner->TransactionCaps())) &&
|
||||
NS_SUCCEEDED(ssl->SetHandshakeCallbackListener(this))) {
|
||||
LOG(("InitSSLParams Setting up SPDY Negotiation OK mOwner=%p",
|
||||
mOwner.get()));
|
||||
mNPNComplete = false;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// The naming of NPN is historical - this function creates the basic
|
||||
// offer list for both NPN and ALPN. ALPN validation callbacks are made
|
||||
// now before the handshake is complete, and NPN validation callbacks
|
||||
// are made during the handshake.
|
||||
nsresult TlsHandshaker::SetupNPNList(nsISSLSocketControl* ssl, uint32_t caps) {
|
||||
nsTArray<nsCString> protocolArray;
|
||||
|
||||
nsCString npnToken = mConnInfo->GetNPNToken();
|
||||
if (npnToken.IsEmpty()) {
|
||||
// The first protocol is used as the fallback if none of the
|
||||
// protocols supported overlap with the server's list.
|
||||
// When using ALPN the advertised preferences are protocolArray indicies
|
||||
// {1, .., N, 0} in decreasing order.
|
||||
// For NPN, In the case of overlap, matching priority is driven by
|
||||
// the order of the server's advertisement - with index 0 used when
|
||||
// there is no match.
|
||||
protocolArray.AppendElement("http/1.1"_ns);
|
||||
|
||||
if (StaticPrefs::network_http_http2_enabled() &&
|
||||
!(caps & NS_HTTP_DISALLOW_SPDY)) {
|
||||
LOG(("nsHttpConnection::SetupSSL Allow SPDY NPN selection"));
|
||||
const SpdyInformation* info = gHttpHandler->SpdyInfo();
|
||||
if (info->ALPNCallbacks(ssl)) {
|
||||
protocolArray.AppendElement(info->VersionString);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
LOG(("nsHttpConnection::SetupSSL limiting NPN selection to %s",
|
||||
npnToken.get()));
|
||||
protocolArray.AppendElement(npnToken);
|
||||
}
|
||||
|
||||
nsresult rv = ssl->SetNPNList(protocolArray);
|
||||
LOG(("TlsHandshaker::SetupNPNList %p %" PRIx32 "\n", mOwner.get(),
|
||||
static_cast<uint32_t>(rv)));
|
||||
return rv;
|
||||
}
|
||||
|
||||
// Checks if TLS handshake is needed and it is responsible to move it forward.
|
||||
bool TlsHandshaker::EnsureNPNComplete() {
|
||||
if (!mOwner) {
|
||||
mNPNComplete = true;
|
||||
return true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISocketTransport> transport = mOwner->Transport();
|
||||
MOZ_ASSERT(transport);
|
||||
if (!transport) {
|
||||
// this cannot happen
|
||||
mNPNComplete = true;
|
||||
return true;
|
||||
}
|
||||
|
||||
if (mNPNComplete) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (mTlsHandshakeComplitionPending) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsresult rv = NS_OK;
|
||||
nsCOMPtr<nsISupports> securityInfo;
|
||||
mOwner->GetSecurityInfo(getter_AddRefs(securityInfo));
|
||||
if (!securityInfo) {
|
||||
FinishNPNSetup(false, false);
|
||||
return true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
FinishNPNSetup(false, false);
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!m0RTTChecked) {
|
||||
// We reuse m0RTTChecked. We want to send this status only once.
|
||||
RefPtr<nsAHttpTransaction> transaction = mOwner->Transaction();
|
||||
nsCOMPtr<nsISocketTransport> transport = mOwner->Transport();
|
||||
if (transaction && transport) {
|
||||
transaction->OnTransportStatus(transport,
|
||||
NS_NET_STATUS_TLS_HANDSHAKE_STARTING, 0);
|
||||
}
|
||||
}
|
||||
|
||||
LOG(("TlsHandshaker::EnsureNPNComplete [mOwner=%p] drive TLS handshake",
|
||||
mOwner.get()));
|
||||
rv = ssl->DriveHandshake();
|
||||
if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) {
|
||||
FinishNPNSetup(false, true);
|
||||
return true;
|
||||
}
|
||||
|
||||
Check0RttEnabled(ssl);
|
||||
return false;
|
||||
}
|
||||
|
||||
void TlsHandshaker::EarlyDataDone() {
|
||||
if (mEarlyDataState == EarlyData::USED) {
|
||||
mEarlyDataState = EarlyData::DONE_USED;
|
||||
} else if (mEarlyDataState == EarlyData::CANNOT_BE_USED) {
|
||||
mEarlyDataState = EarlyData::DONE_CANNOT_BE_USED;
|
||||
} else if (mEarlyDataState == EarlyData::NOT_AVAILABLE) {
|
||||
mEarlyDataState = EarlyData::DONE_NOT_AVAILABLE;
|
||||
}
|
||||
}
|
||||
|
||||
void TlsHandshaker::FinishNPNSetup(bool handshakeSucceeded,
|
||||
bool hasSecurityInfo) {
|
||||
LOG(("TlsHandshaker::FinishNPNSetup mOwner=%p", mOwner.get()));
|
||||
mNPNComplete = true;
|
||||
|
||||
mOwner->PostProcessNPNSetup(handshakeSucceeded, hasSecurityInfo,
|
||||
EarlyDataUsed());
|
||||
EarlyDataDone();
|
||||
}
|
||||
|
||||
void TlsHandshaker::Check0RttEnabled(nsISSLSocketControl* ssl) {
|
||||
if (!mOwner) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (m0RTTChecked) {
|
||||
return;
|
||||
}
|
||||
|
||||
m0RTTChecked = true;
|
||||
|
||||
if (mConnInfo->UsingProxy()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// There is no ALPN info (yet!). We need to consider doing 0RTT. We
|
||||
// will do so if there is ALPN information from a previous session
|
||||
// (AlpnEarlySelection), we are using HTTP/1, and the request data can
|
||||
// be safely retried.
|
||||
if (NS_FAILED(ssl->GetAlpnEarlySelection(mEarlyNegotiatedALPN))) {
|
||||
LOG1(
|
||||
("TlsHandshaker::Check0RttEnabled %p - "
|
||||
"early selected alpn not available",
|
||||
mOwner.get()));
|
||||
} else {
|
||||
LOG1(
|
||||
("TlsHandshaker::Check0RttEnabled %p -"
|
||||
"early selected alpn: %s",
|
||||
mOwner.get(), mEarlyNegotiatedALPN.get()));
|
||||
const SpdyInformation* info = gHttpHandler->SpdyInfo();
|
||||
if (!mEarlyNegotiatedALPN.Equals(info->VersionString)) {
|
||||
// This is the HTTP/1 case.
|
||||
// Check if early-data is allowed for this transaction.
|
||||
RefPtr<nsAHttpTransaction> transaction = mOwner->Transaction();
|
||||
if (transaction && transaction->Do0RTT()) {
|
||||
LOG(
|
||||
("TlsHandshaker::Check0RttEnabled [mOwner=%p] - We "
|
||||
"can do 0RTT (http/1)!",
|
||||
mOwner.get()));
|
||||
mEarlyDataState = EarlyData::USED;
|
||||
} else {
|
||||
mEarlyDataState = EarlyData::CANNOT_BE_USED;
|
||||
// Poll for read now. Polling for write will cause us to busy wait.
|
||||
// When the handshake is done the polling flags will be set correctly.
|
||||
Unused << mOwner->ResumeRecv();
|
||||
}
|
||||
} else {
|
||||
// We have h2, we can at least 0-RTT the preamble and opening
|
||||
// SETTINGS, etc, and maybe some of the first request
|
||||
LOG(
|
||||
("TlsHandshaker::Check0RttEnabled [mOwner=%p] - Starting "
|
||||
"0RTT for h2!",
|
||||
mOwner.get()));
|
||||
mEarlyDataState = EarlyData::USED;
|
||||
mOwner->Start0RTTSpdy(info->Version);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void TlsHandshaker::EarlyDataTelemetry(int16_t tlsVersion,
|
||||
bool earlyDataAccepted,
|
||||
int64_t aContentBytesWritten0RTT) {
|
||||
// Send the 0RTT telemetry only for tls1.3
|
||||
if (tlsVersion > nsISSLSocketControl::TLS_VERSION_1_2) {
|
||||
Telemetry::Accumulate(Telemetry::TLS_EARLY_DATA_NEGOTIATED,
|
||||
(mEarlyDataState == EarlyData::NOT_AVAILABLE)
|
||||
? TLS_EARLY_DATA_NOT_AVAILABLE
|
||||
: ((mEarlyDataState == EarlyData::USED)
|
||||
? TLS_EARLY_DATA_AVAILABLE_AND_USED
|
||||
: TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED));
|
||||
if (EarlyDataUsed()) {
|
||||
Telemetry::Accumulate(Telemetry::TLS_EARLY_DATA_ACCEPTED,
|
||||
earlyDataAccepted);
|
||||
}
|
||||
if (earlyDataAccepted) {
|
||||
Telemetry::Accumulate(Telemetry::TLS_EARLY_DATA_BYTES_WRITTEN,
|
||||
aContentBytesWritten0RTT);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
} // namespace mozilla::net
|
|
@ -0,0 +1,94 @@
|
|||
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#ifndef TlsHandshaker_h__
|
||||
#define TlsHandshaker_h__
|
||||
|
||||
#include "nsITlsHandshakeListener.h"
|
||||
|
||||
class nsISocketTransport;
|
||||
class nsISSLSocketControl;
|
||||
|
||||
namespace mozilla::net {
|
||||
|
||||
class nsHttpConnection;
|
||||
class nsHttpConnectionInfo;
|
||||
|
||||
class TlsHandshaker : public nsITlsHandshakeCallbackListener {
|
||||
public:
|
||||
NS_DECL_THREADSAFE_ISUPPORTS
|
||||
NS_DECL_NSITLSHANDSHAKECALLBACKLISTENER
|
||||
|
||||
TlsHandshaker(nsHttpConnectionInfo* aInfo, nsHttpConnection* aOwner);
|
||||
|
||||
void SetupSSL(bool aInSpdyTunnel, bool aForcePlainText);
|
||||
[[nodiscard]] nsresult InitSSLParams(bool connectingToProxy,
|
||||
bool ProxyStartSSL);
|
||||
[[nodiscard]] nsresult SetupNPNList(nsISSLSocketControl* ssl, uint32_t caps);
|
||||
// Makes certain the SSL handshake is complete and NPN negotiation
|
||||
// has had a chance to happen
|
||||
[[nodiscard]] bool EnsureNPNComplete();
|
||||
void FinishNPNSetup(bool handshakeSucceeded, bool hasSecurityInfo);
|
||||
bool EarlyDataAvailable() const {
|
||||
return mEarlyDataState == EarlyData::USED ||
|
||||
mEarlyDataState == EarlyData::CANNOT_BE_USED;
|
||||
}
|
||||
bool EarlyDataWasAvailable() const {
|
||||
return mEarlyDataState != EarlyData::NOT_AVAILABLE &&
|
||||
mEarlyDataState != EarlyData::DONE_NOT_AVAILABLE;
|
||||
}
|
||||
bool EarlyDataUsed() const { return mEarlyDataState == EarlyData::USED; }
|
||||
bool EarlyDataCanNotBeUsed() const {
|
||||
return mEarlyDataState == EarlyData::CANNOT_BE_USED;
|
||||
}
|
||||
void EarlyDataDone();
|
||||
void EarlyDataTelemetry(int16_t tlsVersion, bool earlyDataAccepted,
|
||||
int64_t aContentBytesWritten0RTT);
|
||||
|
||||
bool NPNComplete() const { return mNPNComplete; }
|
||||
bool SetupSSLCalled() const { return mSetupSSLCalled; }
|
||||
bool TlsHandshakeComplitionPending() const {
|
||||
return mTlsHandshakeComplitionPending;
|
||||
}
|
||||
const nsCString& EarlyNegotiatedALPN() const { return mEarlyNegotiatedALPN; }
|
||||
void SetNPNComplete() { mNPNComplete = true; }
|
||||
void NotifyClose() {
|
||||
mTlsHandshakeComplitionPending = false;
|
||||
mOwner = nullptr;
|
||||
}
|
||||
|
||||
private:
|
||||
virtual ~TlsHandshaker();
|
||||
|
||||
void Check0RttEnabled(nsISSLSocketControl* ssl);
|
||||
|
||||
// SPDY related
|
||||
bool mSetupSSLCalled{false};
|
||||
bool mNPNComplete{false};
|
||||
|
||||
bool mTlsHandshakeComplitionPending{false};
|
||||
// Helper variable for 0RTT handshake;
|
||||
// Possible 0RTT has been checked.
|
||||
bool m0RTTChecked{false};
|
||||
// 0RTT data state.
|
||||
enum EarlyData {
|
||||
NOT_AVAILABLE,
|
||||
USED,
|
||||
CANNOT_BE_USED,
|
||||
DONE_NOT_AVAILABLE,
|
||||
DONE_USED,
|
||||
DONE_CANNOT_BE_USED,
|
||||
};
|
||||
EarlyData mEarlyDataState{EarlyData::NOT_AVAILABLE};
|
||||
nsCString mEarlyNegotiatedALPN;
|
||||
RefPtr<nsHttpConnectionInfo> mConnInfo;
|
||||
// nsHttpConnection and TlsHandshaker create a reference cycle. To break this
|
||||
// cycle, NotifyClose() needs to be called in nsHttpConnection::Close().
|
||||
RefPtr<nsHttpConnection> mOwner;
|
||||
};
|
||||
|
||||
} // namespace mozilla::net
|
||||
|
||||
#endif // TlsHandshaker_h__
|
|
@ -153,6 +153,7 @@ UNIFIED_SOURCES += [
|
|||
"SocketWrapper.cpp",
|
||||
"SpeculativeTransaction.cpp",
|
||||
"TLSFilterTransaction.cpp",
|
||||
"TlsHandshaker.cpp",
|
||||
"TRRServiceChannel.cpp",
|
||||
]
|
||||
|
||||
|
|
|
@ -13,10 +13,6 @@
|
|||
#undef LOG_ENABLED
|
||||
#define LOG_ENABLED() LOG5_ENABLED()
|
||||
|
||||
#define TLS_EARLY_DATA_NOT_AVAILABLE 0
|
||||
#define TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED 1
|
||||
#define TLS_EARLY_DATA_AVAILABLE_AND_USED 2
|
||||
|
||||
#include "ASpdySession.h"
|
||||
#include "mozilla/ChaosMode.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
|
@ -159,6 +155,7 @@ nsresult nsHttpConnection::Init(
|
|||
mSocketTransport->SetSecurityCallbacks(this);
|
||||
}
|
||||
|
||||
mTlsHandshaker = new TlsHandshaker(mConnInfo, this);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -371,144 +368,9 @@ void nsHttpConnection::StartSpdy(nsISSLSocketControl* sslControl,
|
|||
}
|
||||
}
|
||||
|
||||
void nsHttpConnection::Check0RttEnabled(nsISSLSocketControl* ssl) {
|
||||
if (m0RTTChecked) {
|
||||
return;
|
||||
}
|
||||
|
||||
m0RTTChecked = true;
|
||||
|
||||
if (mConnInfo->UsingProxy()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// There is no ALPN info (yet!). We need to consider doing 0RTT. We
|
||||
// will do so if there is ALPN information from a previous session
|
||||
// (AlpnEarlySelection), we are using HTTP/1, and the request data can
|
||||
// be safely retried.
|
||||
if (NS_FAILED(ssl->GetAlpnEarlySelection(mEarlyNegotiatedALPN))) {
|
||||
LOG1(
|
||||
("nsHttpConnection::Check0RttEnabled %p - "
|
||||
"early selected alpn not available",
|
||||
this));
|
||||
} else {
|
||||
LOG1(
|
||||
("nsHttpConnection::Check0RttEnabled %p -"
|
||||
"early selected alpn: %s",
|
||||
this, mEarlyNegotiatedALPN.get()));
|
||||
const SpdyInformation* info = gHttpHandler->SpdyInfo();
|
||||
if (!mEarlyNegotiatedALPN.Equals(info->VersionString)) {
|
||||
// This is the HTTP/1 case.
|
||||
// Check if early-data is allowed for this transaction.
|
||||
if (mTransaction->Do0RTT()) {
|
||||
LOG(
|
||||
("nsHttpConnection::Check0RttEnabled [this=%p] - We "
|
||||
"can do 0RTT (http/1)!",
|
||||
this));
|
||||
mEarlyDataState = EarlyData::USED;
|
||||
} else {
|
||||
mEarlyDataState = EarlyData::CANNOT_BE_USED;
|
||||
// Poll for read now. Polling for write will cause us to busy wait.
|
||||
// When the handshake ia done the polling flags will be set correctly.
|
||||
Unused << ResumeRecv();
|
||||
}
|
||||
} else {
|
||||
// We have h2, we can at least 0-RTT the preamble and opening
|
||||
// SETTINGS, etc, and maybe some of the first request
|
||||
LOG(
|
||||
("nsHttpConnection::Check0RttEnabled [this=%p] - Starting "
|
||||
"0RTT for h2!",
|
||||
this));
|
||||
mEarlyDataState = EarlyData::USED;
|
||||
Start0RTTSpdy(info->Version);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void nsHttpConnection::EarlyDataTelemetry(int16_t tlsVersion,
|
||||
bool earlyDataAccepted) {
|
||||
// Send the 0RTT telemetry only for tls1.3
|
||||
if (tlsVersion > nsISSLSocketControl::TLS_VERSION_1_2) {
|
||||
Telemetry::Accumulate(Telemetry::TLS_EARLY_DATA_NEGOTIATED,
|
||||
(mEarlyDataState == EarlyData::NOT_AVAILABLE)
|
||||
? TLS_EARLY_DATA_NOT_AVAILABLE
|
||||
: ((mEarlyDataState == EarlyData::USED)
|
||||
? TLS_EARLY_DATA_AVAILABLE_AND_USED
|
||||
: TLS_EARLY_DATA_AVAILABLE_BUT_NOT_USED));
|
||||
if (EarlyDataUsed()) {
|
||||
Telemetry::Accumulate(Telemetry::TLS_EARLY_DATA_ACCEPTED,
|
||||
earlyDataAccepted);
|
||||
}
|
||||
if (earlyDataAccepted) {
|
||||
Telemetry::Accumulate(Telemetry::TLS_EARLY_DATA_BYTES_WRITTEN,
|
||||
mContentBytesWritten0RTT);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Checks if TLS handshake is needed and it is responsible to move it forward.
|
||||
bool nsHttpConnection::EnsureNPNComplete() {
|
||||
MOZ_ASSERT(mSocketTransport);
|
||||
if (!mSocketTransport) {
|
||||
// this cannot happen
|
||||
mNPNComplete = true;
|
||||
return true;
|
||||
}
|
||||
|
||||
if (mNPNComplete) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (mTlsHandshakeComplitionPending) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsresult rv = NS_OK;
|
||||
nsCOMPtr<nsISupports> securityInfo;
|
||||
GetSecurityInfo(getter_AddRefs(securityInfo));
|
||||
if (!securityInfo) {
|
||||
FinishNPNSetup(false, false);
|
||||
return true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
FinishNPNSetup(false, false);
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!m0RTTChecked) {
|
||||
// We reuse m0RTTChecked. We want to send this status only once.
|
||||
mTransaction->OnTransportStatus(mSocketTransport,
|
||||
NS_NET_STATUS_TLS_HANDSHAKE_STARTING, 0);
|
||||
}
|
||||
|
||||
LOG(("nsHttpConnection::EnsureNPNComplete [this=%p] drive TLS handshake",
|
||||
this));
|
||||
rv = ssl->DriveHandshake();
|
||||
if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) {
|
||||
FinishNPNSetup(false, true);
|
||||
return true;
|
||||
}
|
||||
|
||||
Check0RttEnabled(ssl);
|
||||
return false;
|
||||
}
|
||||
|
||||
void nsHttpConnection::EarlyDataDone() {
|
||||
if (mEarlyDataState == EarlyData::USED) {
|
||||
mEarlyDataState = EarlyData::DONE_USED;
|
||||
} else if (mEarlyDataState == EarlyData::CANNOT_BE_USED) {
|
||||
mEarlyDataState = EarlyData::DONE_CANNOT_BE_USED;
|
||||
} else if (mEarlyDataState == EarlyData::NOT_AVAILABLE) {
|
||||
mEarlyDataState = EarlyData::DONE_NOT_AVAILABLE;
|
||||
}
|
||||
}
|
||||
|
||||
void nsHttpConnection::FinishNPNSetup(bool handshakeSucceeded,
|
||||
bool hasSecurityInfo) {
|
||||
mNPNComplete = true;
|
||||
|
||||
void nsHttpConnection::PostProcessNPNSetup(bool handshakeSucceeded,
|
||||
bool hasSecurityInfo,
|
||||
bool earlyDataUsed) {
|
||||
if (mTransaction) {
|
||||
mTransaction->OnTransportStatus(mSocketTransport,
|
||||
NS_NET_STATUS_TLS_HANDSHAKE_ENDED, 0);
|
||||
|
@ -529,9 +391,9 @@ void nsHttpConnection::FinishNPNSetup(bool handshakeSucceeded,
|
|||
mBootstrappedTimings.connectEnd = TimeStamp::Now();
|
||||
}
|
||||
|
||||
if (EarlyDataUsed()) {
|
||||
if (earlyDataUsed) {
|
||||
// Didn't get 0RTT OK, back out of the "attempting 0RTT" state
|
||||
LOG(("nsHttpConnection::FinishNPNSetup [this=%p] 0rtt failed", this));
|
||||
LOG(("nsHttpConnection::PostProcessNPNSetup [this=%p] 0rtt failed", this));
|
||||
if (mTransaction && NS_FAILED(mTransaction->Finish0RTT(true, true))) {
|
||||
mTransaction->Close(NS_ERROR_NET_RESET);
|
||||
}
|
||||
|
@ -541,8 +403,6 @@ void nsHttpConnection::FinishNPNSetup(bool handshakeSucceeded,
|
|||
}
|
||||
}
|
||||
|
||||
EarlyDataDone();
|
||||
|
||||
if (hasSecurityInfo) {
|
||||
// Telemetry for tls failure rate with and without esni;
|
||||
bool echConfigUsed = false;
|
||||
|
@ -585,7 +445,7 @@ nsresult nsHttpConnection::Activate(nsAHttpTransaction* trans, uint32_t caps,
|
|||
caps));
|
||||
|
||||
if (!mExperienced && !trans->IsNullTransaction()) {
|
||||
if (mNPNComplete) {
|
||||
if (mTlsHandshaker->NPNComplete()) {
|
||||
mExperienced = true;
|
||||
}
|
||||
if (mBootstrappedTimingsSet) {
|
||||
|
@ -647,7 +507,7 @@ nsresult nsHttpConnection::Activate(nsAHttpTransaction* trans, uint32_t caps,
|
|||
nsCOMPtr<nsIInterfaceRequestor> callbacks;
|
||||
trans->GetSecurityCallbacks(getter_AddRefs(callbacks));
|
||||
SetSecurityCallbacks(callbacks);
|
||||
SetupSSL();
|
||||
mTlsHandshaker->SetupSSL(mInSpdyTunnel, mForcePlainText);
|
||||
|
||||
// take ownership of the transaction
|
||||
mTransaction = trans;
|
||||
|
@ -714,76 +574,6 @@ failed_activation:
|
|||
return rv;
|
||||
}
|
||||
|
||||
void nsHttpConnection::SetupSSL() {
|
||||
LOG1(("nsHttpConnection::SetupSSL %p caps=0x%X %s\n", this, mTransactionCaps,
|
||||
mConnInfo->HashKey().get()));
|
||||
|
||||
if (mSetupSSLCalled) { // do only once
|
||||
return;
|
||||
}
|
||||
mSetupSSLCalled = true;
|
||||
|
||||
if (mNPNComplete) return;
|
||||
|
||||
// we flip this back to false if SetNPNList succeeds at the end
|
||||
// of this function
|
||||
mNPNComplete = true;
|
||||
|
||||
if (!mConnInfo->FirstHopSSL() || mForcePlainText) {
|
||||
return;
|
||||
}
|
||||
|
||||
// if we are connected to the proxy with TLS, start the TLS
|
||||
// flow immediately without waiting for a CONNECT sequence.
|
||||
DebugOnly<nsresult> rv{};
|
||||
if (mInSpdyTunnel) {
|
||||
rv = InitSSLParams(false, true);
|
||||
} else {
|
||||
bool usingHttpsProxy = mConnInfo->UsingHttpsProxy();
|
||||
rv = InitSSLParams(usingHttpsProxy, usingHttpsProxy);
|
||||
}
|
||||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||
}
|
||||
|
||||
// The naming of NPN is historical - this function creates the basic
|
||||
// offer list for both NPN and ALPN. ALPN validation callbacks are made
|
||||
// now before the handshake is complete, and NPN validation callbacks
|
||||
// are made during the handshake.
|
||||
nsresult nsHttpConnection::SetupNPNList(nsISSLSocketControl* ssl,
|
||||
uint32_t caps) {
|
||||
nsTArray<nsCString> protocolArray;
|
||||
|
||||
nsCString npnToken = mConnInfo->GetNPNToken();
|
||||
if (npnToken.IsEmpty()) {
|
||||
// The first protocol is used as the fallback if none of the
|
||||
// protocols supported overlap with the server's list.
|
||||
// When using ALPN the advertised preferences are protocolArray indicies
|
||||
// {1, .., N, 0} in decreasing order.
|
||||
// For NPN, In the case of overlap, matching priority is driven by
|
||||
// the order of the server's advertisement - with index 0 used when
|
||||
// there is no match.
|
||||
protocolArray.AppendElement("http/1.1"_ns);
|
||||
|
||||
if (StaticPrefs::network_http_http2_enabled() &&
|
||||
!(caps & NS_HTTP_DISALLOW_SPDY)) {
|
||||
LOG(("nsHttpConnection::SetupSSL Allow SPDY NPN selection"));
|
||||
const SpdyInformation* info = gHttpHandler->SpdyInfo();
|
||||
if (info->ALPNCallbacks(ssl)) {
|
||||
protocolArray.AppendElement(info->VersionString);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
LOG(("nsHttpConnection::SetupSSL limiting NPN selection to %s",
|
||||
npnToken.get()));
|
||||
protocolArray.AppendElement(npnToken);
|
||||
}
|
||||
|
||||
nsresult rv = ssl->SetNPNList(protocolArray);
|
||||
LOG(("nsHttpConnection::SetupNPNList %p %" PRIx32 "\n", this,
|
||||
static_cast<uint32_t>(rv)));
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsresult nsHttpConnection::AddTransaction(nsAHttpTransaction* httpTransaction,
|
||||
int32_t priority) {
|
||||
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
|
||||
|
@ -835,10 +625,8 @@ void nsHttpConnection::Close(nsresult reason, bool aIsShutdown) {
|
|||
LOG(("nsHttpConnection::Close [this=%p reason=%" PRIx32 "]\n", this,
|
||||
static_cast<uint32_t>(reason)));
|
||||
|
||||
mClosed = true;
|
||||
|
||||
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
|
||||
mTlsHandshakeComplitionPending = false;
|
||||
mTlsHandshaker->NotifyClose();
|
||||
mContinueHandshakeDone = nullptr;
|
||||
// Ensure TCP keepalive timer is stopped.
|
||||
if (mTCPKeepaliveTransitionTimer) {
|
||||
|
@ -880,7 +668,7 @@ void nsHttpConnection::Close(nsresult reason, bool aIsShutdown) {
|
|||
mConnInfo && !(mTransactionCaps & NS_HTTP_ERROR_SOFTLY)) {
|
||||
gHttpHandler->ClearHostMapping(mConnInfo);
|
||||
}
|
||||
if (EarlyDataWasAvailable() &&
|
||||
if (mTlsHandshaker->EarlyDataWasAvailable() &&
|
||||
(reason ==
|
||||
psm::GetXPCOMFromNSSError(SSL_ERROR_PROTOCOL_VERSION_ALERT))) {
|
||||
gHttpHandler->Exclude0RttTcp(mConnInfo);
|
||||
|
@ -914,46 +702,6 @@ void nsHttpConnection::Close(nsresult reason, bool aIsShutdown) {
|
|||
}
|
||||
}
|
||||
|
||||
// called on the socket thread
|
||||
nsresult nsHttpConnection::InitSSLParams(bool connectingToProxy,
|
||||
bool proxyStartSSL) {
|
||||
LOG(("nsHttpConnection::InitSSLParams [this=%p] connectingToProxy=%d\n", this,
|
||||
connectingToProxy));
|
||||
MOZ_ASSERT(OnSocketThread(), "not on socket thread");
|
||||
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsISupports> securityInfo;
|
||||
GetSecurityInfo(getter_AddRefs(securityInfo));
|
||||
if (!securityInfo) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
// If proxy is use or 0RTT is excluded for a origin, don't use early-data.
|
||||
if (mConnInfo->UsingProxy() || gHttpHandler->Is0RttTcpExcluded(mConnInfo)) {
|
||||
ssl->DisableEarlyData();
|
||||
}
|
||||
|
||||
if (proxyStartSSL) {
|
||||
rv = ssl->ProxyStartSSL();
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(SetupNPNList(ssl, mTransactionCaps)) &&
|
||||
NS_SUCCEEDED(ssl->SetHandshakeCallbackListener(this))) {
|
||||
LOG(("InitSSLParams Setting up SPDY Negotiation OK"));
|
||||
mNPNComplete = false;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void nsHttpConnection::DontReuse() {
|
||||
LOG(("nsHttpConnection::DontReuse %p spdysession=%p\n", this,
|
||||
mSpdySession.get()));
|
||||
|
@ -1060,7 +808,7 @@ bool nsHttpConnection::IsAlive() {
|
|||
|
||||
// SocketTransport::IsAlive can run the SSL state machine, so make sure
|
||||
// the NPN options are set before that happens.
|
||||
SetupSSL();
|
||||
mTlsHandshaker->SetupSSL(mInSpdyTunnel, mForcePlainText);
|
||||
|
||||
bool alive;
|
||||
nsresult rv = mSocketTransport->IsAlive(&alive);
|
||||
|
@ -1244,7 +992,7 @@ void nsHttpConnection::HandleTunnelResponse(uint16_t responseStatus,
|
|||
SetupSecondaryTLS();
|
||||
}
|
||||
|
||||
rv = InitSSLParams(false, true);
|
||||
rv = mTlsHandshaker->InitSSLParams(false, true);
|
||||
LOG(("InitSSLParams [rv=%" PRIx32 "]\n", static_cast<uint32_t>(rv)));
|
||||
} else {
|
||||
// We have an https protocol but the CONNECT only flag was
|
||||
|
@ -1252,7 +1000,7 @@ void nsHttpConnection::HandleTunnelResponse(uint16_t responseStatus,
|
|||
// proxy. We have to mark this as complete to finish the
|
||||
// transaction and be upgraded. OnSocketReadable() uses this
|
||||
// to detect an inactive tunnel and blocks completion.
|
||||
mNPNComplete = true;
|
||||
mTlsHandshaker->SetNPNComplete();
|
||||
}
|
||||
}
|
||||
rv = mSocketOut->AsyncWait(this, 0, 0, nullptr);
|
||||
|
@ -1401,7 +1149,7 @@ uint32_t nsHttpConnection::ReadTimeoutTick(PRIntervalTime now) {
|
|||
nextTickAfter = std::max(nextTickAfter, 1U);
|
||||
}
|
||||
|
||||
if (!mNPNComplete) {
|
||||
if (!mTlsHandshaker->NPNComplete()) {
|
||||
// We can reuse mLastWriteTime here, because it is set when the
|
||||
// connection is activated and only change when a transaction
|
||||
// succesfullu write to the socket and this can only happen after
|
||||
|
@ -1701,7 +1449,7 @@ void nsHttpConnection::CloseTransaction(nsAHttpTransaction* trans,
|
|||
}
|
||||
|
||||
bool nsHttpConnection::CheckCanWrite0RTTData() {
|
||||
MOZ_ASSERT(EarlyDataAvailable());
|
||||
MOZ_ASSERT(mTlsHandshaker->EarlyDataAvailable());
|
||||
nsCOMPtr<nsISupports> securityInfo;
|
||||
GetSecurityInfo(getter_AddRefs(securityInfo));
|
||||
if (!securityInfo) {
|
||||
|
@ -1746,8 +1494,8 @@ nsresult nsHttpConnection::OnReadSegment(const char* buf, uint32_t count,
|
|||
// handshake already.
|
||||
// IsAlive() calls drive the handshake and that may cause nss and necko
|
||||
// to be out of sync.
|
||||
if (EarlyDataAvailable() && !CheckCanWrite0RTTData()) {
|
||||
MOZ_DIAGNOSTIC_ASSERT(mTlsHandshakeComplitionPending);
|
||||
if (mTlsHandshaker->EarlyDataAvailable() && !CheckCanWrite0RTTData()) {
|
||||
MOZ_DIAGNOSTIC_ASSERT(mTlsHandshaker->TlsHandshakeComplitionPending());
|
||||
LOG(
|
||||
("nsHttpConnection::OnReadSegment Do not write any data, wait"
|
||||
" for EnsureNPNComplete to be called [this=%p]",
|
||||
|
@ -1810,8 +1558,9 @@ nsresult nsHttpConnection::OnSocketWritable() {
|
|||
|
||||
switch (mState) {
|
||||
case HttpConnectionState::SETTING_UP_TUNNEL:
|
||||
if (mConnInfo->UsingHttpsProxy() && !EnsureNPNComplete()) {
|
||||
MOZ_DIAGNOSTIC_ASSERT(!EarlyDataAvailable());
|
||||
if (mConnInfo->UsingHttpsProxy() &&
|
||||
!mTlsHandshaker->EnsureNPNComplete()) {
|
||||
MOZ_DIAGNOSTIC_ASSERT(!mTlsHandshaker->EarlyDataAvailable());
|
||||
mSocketOutCondition = NS_BASE_STREAM_WOULD_BLOCK;
|
||||
} else {
|
||||
rv = SendConnectRequest(this, &transactionBytes);
|
||||
|
@ -1822,8 +1571,9 @@ nsresult nsHttpConnection::OnSocketWritable() {
|
|||
// transaction->readsegments() processing can proceed because we need to
|
||||
// know how to format the request differently for http/1, http/2, spdy,
|
||||
// etc.. and that is negotiated with NPN/ALPN in the SSL handshake.
|
||||
if (!EnsureNPNComplete() &&
|
||||
(!EarlyDataUsed() || mTlsHandshakeComplitionPending)) {
|
||||
if (!mTlsHandshaker->EnsureNPNComplete() &&
|
||||
(!mTlsHandshaker->EarlyDataUsed() ||
|
||||
mTlsHandshaker->TlsHandshakeComplitionPending())) {
|
||||
// The handshake is not done and we cannot write 0RTT data or nss has
|
||||
// already finished 0RTT data.
|
||||
mSocketOutCondition = NS_BASE_STREAM_WOULD_BLOCK;
|
||||
|
@ -1832,7 +1582,7 @@ nsresult nsHttpConnection::OnSocketWritable() {
|
|||
LOG((" No Transaction In OnSocketWritable\n"));
|
||||
} else if (NS_SUCCEEDED(rv)) {
|
||||
// for non spdy sessions let the connection manager know
|
||||
if (!mReportedSpdy && mNPNComplete) {
|
||||
if (!mReportedSpdy && mTlsHandshaker->NPNComplete()) {
|
||||
mReportedSpdy = true;
|
||||
MOZ_ASSERT(!mEverUsedSpdy);
|
||||
gHttpHandler->ConnMgr()->ReportSpdyConnection(this, false);
|
||||
|
@ -1842,12 +1592,12 @@ nsresult nsHttpConnection::OnSocketWritable() {
|
|||
rv = mTransaction->ReadSegmentsAgain(this,
|
||||
nsIOService::gDefaultSegmentSize,
|
||||
&transactionBytes, &again);
|
||||
if (EarlyDataUsed()) {
|
||||
if (mTlsHandshaker->EarlyDataUsed()) {
|
||||
mContentBytesWritten0RTT += transactionBytes;
|
||||
if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) {
|
||||
// If an error happens while writting 0RTT data, restart
|
||||
// the transactiions without 0RTT.
|
||||
FinishNPNSetup(false, true);
|
||||
mTlsHandshaker->FinishNPNSetup(false, true);
|
||||
}
|
||||
} else {
|
||||
mContentBytesWritten += transactionBytes;
|
||||
|
@ -1881,7 +1631,7 @@ nsresult nsHttpConnection::OnSocketWritable() {
|
|||
if (mTLSFilter) {
|
||||
LOG((" blocked tunnel (handshake?)\n"));
|
||||
rv = mTLSFilter->NudgeTunnel(this);
|
||||
} else if (mEarlyDataState != EarlyData::CANNOT_BE_USED) {
|
||||
} else if (!mTlsHandshaker->EarlyDataCanNotBeUsed()) {
|
||||
// continue writing
|
||||
// We are not going to poll for write if the handshake is in progress,
|
||||
// but early data cannot be used.
|
||||
|
@ -1981,7 +1731,7 @@ nsresult nsHttpConnection::OnSocketReadable() {
|
|||
bool again = true;
|
||||
|
||||
do {
|
||||
if (!TunnelSetupInProgress() && !EnsureNPNComplete()) {
|
||||
if (!TunnelSetupInProgress() && !mTlsHandshaker->EnsureNPNComplete()) {
|
||||
// Unless we are setting up a tunnel via CONNECT, prevent reading
|
||||
// from the socket until the results of NPN
|
||||
// negotiation are known (which is determined from the write path).
|
||||
|
@ -1993,7 +1743,7 @@ nsresult nsHttpConnection::OnSocketReadable() {
|
|||
("nsHttpConnection::OnSocketReadable %p return due to inactive "
|
||||
"tunnel setup but incomplete NPN state\n",
|
||||
this));
|
||||
if (EarlyDataAvailable()) {
|
||||
if (mTlsHandshaker->EarlyDataAvailable()) {
|
||||
rv = ResumeRecv();
|
||||
}
|
||||
break;
|
||||
|
@ -2299,7 +2049,6 @@ NS_INTERFACE_MAP_BEGIN(nsHttpConnection)
|
|||
NS_INTERFACE_MAP_ENTRY(nsIOutputStreamCallback)
|
||||
NS_INTERFACE_MAP_ENTRY(nsITransportEventSink)
|
||||
NS_INTERFACE_MAP_ENTRY(nsIInterfaceRequestor)
|
||||
NS_INTERFACE_MAP_ENTRY(nsITlsHandshakeCallbackListener)
|
||||
NS_INTERFACE_MAP_ENTRY(HttpConnectionBase)
|
||||
NS_INTERFACE_MAP_ENTRY_CONCRETE(nsHttpConnection)
|
||||
NS_INTERFACE_MAP_END
|
||||
|
@ -2529,27 +2278,9 @@ bool nsHttpConnection::GetEchConfigUsed() {
|
|||
return val;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsHttpConnection::HandshakeDone() {
|
||||
if (!mClosed) {
|
||||
mTlsHandshakeComplitionPending = true;
|
||||
|
||||
// HandshakeDone needs to be dispatched so that it is not called inside
|
||||
// nss locks.
|
||||
RefPtr<nsHttpConnection> self(this);
|
||||
NS_DispatchToCurrentThread(NS_NewRunnableFunction(
|
||||
"nsHttpConnection::HandshakeDoneInternal", [self{std::move(self)}]() {
|
||||
if (self->mTlsHandshakeComplitionPending && !self->mClosed) {
|
||||
self->HandshakeDoneInternal();
|
||||
self->mTlsHandshakeComplitionPending = false;
|
||||
}
|
||||
}));
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void nsHttpConnection::HandshakeDoneInternal() {
|
||||
if (mNPNComplete) {
|
||||
LOG(("nsHttpConnection::HandshakeDoneInternal [this=%p]\n", this));
|
||||
if (mTlsHandshaker->NPNComplete()) {
|
||||
return;
|
||||
}
|
||||
nsresult rv = NS_OK;
|
||||
|
@ -2560,19 +2291,19 @@ void nsHttpConnection::HandshakeDoneInternal() {
|
|||
|
||||
GetSecurityInfo(getter_AddRefs(securityInfo));
|
||||
if (!securityInfo) {
|
||||
FinishNPNSetup(false, false);
|
||||
mTlsHandshaker->FinishNPNSetup(false, false);
|
||||
return;
|
||||
}
|
||||
|
||||
ssl = do_QueryInterface(securityInfo, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
FinishNPNSetup(false, false);
|
||||
mTlsHandshaker->FinishNPNSetup(false, false);
|
||||
return;
|
||||
}
|
||||
|
||||
info = do_QueryInterface(securityInfo, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
FinishNPNSetup(false, false);
|
||||
mTlsHandshaker->FinishNPNSetup(false, false);
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -2580,7 +2311,7 @@ void nsHttpConnection::HandshakeDoneInternal() {
|
|||
MOZ_ASSERT(NS_SUCCEEDED(rvDebug));
|
||||
|
||||
bool earlyDataAccepted = false;
|
||||
if (EarlyDataUsed()) {
|
||||
if (mTlsHandshaker->EarlyDataUsed()) {
|
||||
// Check if early data has been accepted.
|
||||
nsresult rvEarlyData = ssl->GetEarlyDataAccepted(&earlyDataAccepted);
|
||||
LOG(
|
||||
|
@ -2592,7 +2323,8 @@ void nsHttpConnection::HandshakeDoneInternal() {
|
|||
if (NS_FAILED(rvEarlyData) ||
|
||||
(mTransaction &&
|
||||
NS_FAILED(mTransaction->Finish0RTT(
|
||||
!earlyDataAccepted, negotiatedNPN != mEarlyNegotiatedALPN)))) {
|
||||
!earlyDataAccepted,
|
||||
negotiatedNPN != mTlsHandshaker->EarlyNegotiatedALPN())))) {
|
||||
LOG(
|
||||
("nsHttpConection::HandshakeDone [this=%p] closing transaction "
|
||||
"%p",
|
||||
|
@ -2600,15 +2332,16 @@ void nsHttpConnection::HandshakeDoneInternal() {
|
|||
if (mTransaction) {
|
||||
mTransaction->Close(NS_ERROR_NET_RESET);
|
||||
}
|
||||
FinishNPNSetup(false, true);
|
||||
mTlsHandshaker->FinishNPNSetup(false, true);
|
||||
return;
|
||||
}
|
||||
if (mDid0RTTSpdy && (negotiatedNPN != mEarlyNegotiatedALPN)) {
|
||||
if (mDid0RTTSpdy &&
|
||||
(negotiatedNPN != mTlsHandshaker->EarlyNegotiatedALPN())) {
|
||||
Reset0RttForSpdy();
|
||||
}
|
||||
}
|
||||
|
||||
if (EarlyDataAvailable() && !earlyDataAccepted) {
|
||||
if (mTlsHandshaker->EarlyDataAvailable() && !earlyDataAccepted) {
|
||||
// When the early-data were used but not accepted, we need to start
|
||||
// from the begining here and start writing the request again.
|
||||
// The same is true if 0RTT was available but not used.
|
||||
|
@ -2624,8 +2357,9 @@ void nsHttpConnection::HandshakeDoneInternal() {
|
|||
(tlsVersion < nsISSLSocketControl::TLS_VERSION_1_3) &&
|
||||
(tlsVersion != nsISSLSocketControl::SSL_VERSION_UNKNOWN));
|
||||
|
||||
EarlyDataTelemetry(tlsVersion, earlyDataAccepted);
|
||||
EarlyDataDone();
|
||||
mTlsHandshaker->EarlyDataTelemetry(tlsVersion, earlyDataAccepted,
|
||||
mContentBytesWritten0RTT);
|
||||
mTlsHandshaker->EarlyDataDone();
|
||||
|
||||
if (!earlyDataAccepted) {
|
||||
LOG(
|
||||
|
@ -2648,7 +2382,7 @@ void nsHttpConnection::HandshakeDoneInternal() {
|
|||
LOG(("nsHttpConnection do mContinueHandshakeDone [this=%p]",
|
||||
self.get()));
|
||||
self->StartSpdy(ssl, info);
|
||||
self->FinishNPNSetup(true, true);
|
||||
self->mTlsHandshaker->FinishNPNSetup(true, true);
|
||||
};
|
||||
return;
|
||||
}
|
||||
|
@ -2672,7 +2406,7 @@ void nsHttpConnection::HandshakeDoneInternal() {
|
|||
|
||||
Telemetry::Accumulate(Telemetry::SPDY_NPN_CONNECT, UsingSpdy());
|
||||
|
||||
FinishNPNSetup(true, true);
|
||||
mTlsHandshaker->FinishNPNSetup(true, true);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#include "ARefBase.h"
|
||||
#include "TimingStruct.h"
|
||||
#include "HttpTrafficAnalyzer.h"
|
||||
#include "TlsHandshaker.h"
|
||||
|
||||
#include "nsIAsyncInputStream.h"
|
||||
#include "nsIAsyncOutputStream.h"
|
||||
|
@ -58,7 +59,6 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
public nsIOutputStreamCallback,
|
||||
public nsITransportEventSink,
|
||||
public nsIInterfaceRequestor,
|
||||
public nsITlsHandshakeCallbackListener,
|
||||
public NudgeTunnelCallback {
|
||||
private:
|
||||
virtual ~nsHttpConnection();
|
||||
|
@ -73,7 +73,6 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
NS_DECL_NSIOUTPUTSTREAMCALLBACK
|
||||
NS_DECL_NSITRANSPORTEVENTSINK
|
||||
NS_DECL_NSIINTERFACEREQUESTOR
|
||||
NS_DECL_NSITLSHANDSHAKECALLBACKLISTENER
|
||||
NS_DECL_NUDGETUNNELCALLBACK
|
||||
|
||||
nsHttpConnection();
|
||||
|
@ -123,6 +122,7 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
HttpVersion GetLastHttpResponseVersion() { return mLastHttpResponseVersion; }
|
||||
|
||||
friend class HttpConnectionForceIO;
|
||||
friend class TlsHandshaker;
|
||||
|
||||
// When a persistent connection is in the connection manager idle
|
||||
// connection pool, the nsHttpConnection still reads errors and hangups
|
||||
|
@ -226,11 +226,6 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
kTCPKeepaliveLongLivedConfig
|
||||
};
|
||||
|
||||
// called to cause the underlying socket to start speaking SSL
|
||||
[[nodiscard]] nsresult InitSSLParams(bool connectingToProxy,
|
||||
bool ProxyStartSSL);
|
||||
[[nodiscard]] nsresult SetupNPNList(nsISSLSocketControl* ssl, uint32_t caps);
|
||||
|
||||
[[nodiscard]] nsresult OnTransactionDone(nsresult reason);
|
||||
[[nodiscard]] nsresult OnSocketWritable();
|
||||
[[nodiscard]] nsresult OnSocketReadable();
|
||||
|
@ -238,12 +233,6 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
PRIntervalTime IdleTime();
|
||||
bool IsAlive();
|
||||
|
||||
// Makes certain the SSL handshake is complete and NPN negotiation
|
||||
// has had a chance to happen
|
||||
[[nodiscard]] bool EnsureNPNComplete();
|
||||
|
||||
void SetupSSL();
|
||||
|
||||
// Start the Spdy transaction handler when NPN indicates spdy/*
|
||||
void StartSpdy(nsISSLSocketControl* ssl, SpdyVersion spdyVersion);
|
||||
// Like the above, but do the bare minimum to do 0RTT data, so we can back
|
||||
|
@ -265,17 +254,19 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
[[nodiscard]] nsresult DisableTCPKeepalives();
|
||||
|
||||
bool CheckCanWrite0RTTData();
|
||||
void Check0RttEnabled(nsISSLSocketControl* ssl);
|
||||
void EarlyDataTelemetry(int16_t tlsVersion, bool earlyDataAccepted);
|
||||
void FinishNPNSetup(bool handshakeSucceeded, bool hasSecurityInfo);
|
||||
void PostProcessNPNSetup(bool handshakeSucceeded, bool hasSecurityInfo,
|
||||
bool earlyDataUsed);
|
||||
void Reset0RttForSpdy();
|
||||
void HandshakeDoneInternal();
|
||||
uint32_t TransactionCaps() const { return mTransactionCaps; }
|
||||
|
||||
private:
|
||||
// mTransaction only points to the HTTP Transaction callbacks if the
|
||||
// transaction is open, otherwise it is null.
|
||||
RefPtr<nsAHttpTransaction> mTransaction;
|
||||
|
||||
RefPtr<TlsHandshaker> mTlsHandshaker;
|
||||
|
||||
nsCOMPtr<nsIAsyncInputStream> mSocketIn;
|
||||
nsCOMPtr<nsIAsyncOutputStream> mSocketOut;
|
||||
|
||||
|
@ -330,10 +321,6 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
// on this persistent connection.
|
||||
uint32_t mRemainingConnectionUses{0xffffffff};
|
||||
|
||||
// SPDY related
|
||||
bool mNPNComplete{false};
|
||||
bool mSetupSSLCalled{false};
|
||||
|
||||
// version level in use, 0 if unused
|
||||
SpdyVersion mUsingSpdyVersion{SpdyVersion::NONE};
|
||||
|
||||
|
@ -364,34 +351,8 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
bool mForceSendPending{false};
|
||||
nsCOMPtr<nsITimer> mForceSendTimer;
|
||||
|
||||
// Helper variable for 0RTT handshake;
|
||||
// Possible 0RTT has been checked.
|
||||
bool m0RTTChecked{false};
|
||||
// 0RTT data state.
|
||||
enum EarlyData {
|
||||
NOT_AVAILABLE,
|
||||
USED,
|
||||
CANNOT_BE_USED,
|
||||
DONE_NOT_AVAILABLE,
|
||||
DONE_USED,
|
||||
DONE_CANNOT_BE_USED,
|
||||
};
|
||||
EarlyData mEarlyDataState{EarlyData::NOT_AVAILABLE};
|
||||
bool EarlyDataAvailable() const {
|
||||
return mEarlyDataState == EarlyData::USED ||
|
||||
mEarlyDataState == EarlyData::CANNOT_BE_USED;
|
||||
}
|
||||
bool EarlyDataWasAvailable() const {
|
||||
return mEarlyDataState != EarlyData::NOT_AVAILABLE &&
|
||||
mEarlyDataState != EarlyData::DONE_NOT_AVAILABLE;
|
||||
}
|
||||
bool EarlyDataUsed() const { return mEarlyDataState == EarlyData::USED; }
|
||||
void EarlyDataDone();
|
||||
|
||||
int64_t mContentBytesWritten0RTT{0};
|
||||
nsCString mEarlyNegotiatedALPN;
|
||||
bool mDid0RTTSpdy{false};
|
||||
bool mTlsHandshakeComplitionPending{false};
|
||||
|
||||
nsresult mErrorBeforeConnect = NS_OK;
|
||||
|
||||
|
@ -406,8 +367,6 @@ class nsHttpConnection final : public HttpConnectionBase,
|
|||
int64_t mTotalBytesWritten = 0; // does not include CONNECT tunnel
|
||||
|
||||
nsCOMPtr<nsIInputStream> mProxyConnectStream;
|
||||
|
||||
bool mClosed{false};
|
||||
};
|
||||
|
||||
NS_DEFINE_STATIC_IID_ACCESSOR(nsHttpConnection, NS_HTTPCONNECTION_IID)
|
||||
|
|
Загрузка…
Ссылка в новой задаче