mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

backout a6890a3b8f72 because of a leak

This commit is contained in:
Kai Engert 2012-08-27 18:45:52 +02:00
Родитель 34c7f9dc7b
Коммит df626bc596
5 изменённых файлов: 32 добавлений и 139 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
Просмотреть файл

@ -319,7 +319,6 @@ certErrorTrust_Untrusted=The certificate does not come from a trusted source.
certErrorMismatch=The certificate is not valid for the name %S.
# LOCALIZATION NOTE (certErrorMismatchSingle2): Do not translate <a id="cert_domain_link" title="%1$S">%1$S</a>
certErrorMismatchSingle2=The certificate is only valid for <a id="cert_domain_link" title="%1$S">%1$S</a>
certErrorMismatchSinglePlain=The certificate is only valid for %S
certErrorMismatchMultiple=The certificate is only valid for the following names:
certErrorMismatchNoNames=The certificate is not valid for any server names.

42
security/manager/ssl/src/SSLServerCertVerification.cpp
Просмотреть файл

@ -108,7 +108,6 @@
#include "nsXPCOMCIDInternal.h"
#include "nsComponentManagerUtils.h"
#include "nsServiceManagerUtils.h"
#include "nsIConsoleService.h"
#include "PSMRunnable.h"
#include "ssl.h"
@ -182,27 +181,6 @@ void StopSSLServerCertVerificationThreads()
namespace {
void
LogInvalidCertError(TransportSecurityInfo *socketInfo,
const nsACString &host,
const nsACString &hostWithPort,
int32_t port,
PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType,
nsIX509Cert* ix509)
{
nsString message;
socketInfo->GetErrorLogMessage(errorCode, errorMessageType, message);
if (!message.IsEmpty()) {
nsCOMPtr<nsIConsoleService> console;
console = do_GetService(NS_CONSOLESERVICE_CONTRACTID);
if (console) {
console->LogStringMessage(message.get());
}
}
}
// Dispatched to the STS thread to notify the infoObject of the verification
// result.
//
@ -250,7 +228,7 @@ class CertErrorRunnable : public SyncRunnableBase
virtual void RunOnTargetThread();
nsRefPtr<SSLServerCertVerificationResult> mResult; // out
private:
already_AddRefed<SSLServerCertVerificationResult> CheckCertOverrides();
SSLServerCertVerificationResult* CheckCertOverrides();
const void * const mFdForLogging; // may become an invalid pointer; do not dereference
const nsCOMPtr<nsIX509Cert> mCert;
@ -262,7 +240,7 @@ private:
const PRErrorCode mErrorCodeExpired;
};
already_AddRefed<SSLServerCertVerificationResult>
SSLServerCertVerificationResult *
CertErrorRunnable::CheckCertOverrides()
{
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%p][%p] top of CheckCertOverrides\n",
@ -377,21 +355,9 @@ CertErrorRunnable::CheckCertOverrides()
: mErrorCodeMismatch ? mErrorCodeMismatch
: mErrorCodeExpired ? mErrorCodeExpired
: mDefaultErrorCodeToReport;
nsRefPtr<SSLServerCertVerificationResult> result =
new SSLServerCertVerificationResult(mInfoObject,
errorCodeToReport,
OverridableCertErrorMessage);
LogInvalidCertError(mInfoObject,
nsDependentCString(mInfoObject->GetHostName()),
hostWithPortString,
port,
result->mErrorCode,
result->mErrorMessageType,
mCert);
return result.forget();
return new SSLServerCertVerificationResult(mInfoObject, errorCodeToReport,
OverridableCertErrorMessage);
}
void

87
security/manager/ssl/src/TransportSecurityInfo.cpp
Просмотреть файл

@ -245,82 +245,52 @@ TransportSecurityInfo::GetErrorMessage(PRUnichar** aText)
MutexAutoLock lock(mMutex);
if (mErrorMessageCached.IsEmpty()) {
nsresult rv = formatErrorMessage(lock,
mErrorCode, mErrorMessageType,
true, true, mErrorMessageCached);
NS_ENSURE_SUCCESS(rv, rv);
}
nsresult rv = formatErrorMessage(lock);
NS_ENSURE_SUCCESS(rv, rv);
*aText = ToNewUnicode(mErrorMessageCached);
return *aText != nullptr ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
void
TransportSecurityInfo::GetErrorLogMessage(PRErrorCode errorCode,
SSLErrorMessageType errorMessageType,
nsString &result)
{
if (!NS_IsMainThread()) {
NS_ERROR("nsNSSSocketInfo::GetErrorLogMessage called off the main thread");
return;
}
MutexAutoLock lock(mMutex);
(void) formatErrorMessage(lock, errorCode, errorMessageType,
false, false, result);
}
static nsresult
formatPlainErrorMessage(nsXPIDLCString const & host, int32_t port,
PRErrorCode err,
bool suppressPort443,
nsString &returnedMessage);
PRErrorCode err, nsString &returnedMessage);
static nsresult
formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
PRErrorCode errorCodeToReport,
const nsXPIDLCString & host, int32_t port,
bool suppressPort443,
bool wantsHtml,
nsString & returnedMessage);
// XXX: uses nsNSSComponent string bundles off the main thread when called by
// nsNSSSocketInfo::Write().
// nsNSSSocketInfo::Write(). When we remove the error message from the
// serialization of nsNSSSocketInfo (bug 697781) we can inline
// formatErrorMessage into GetErrorMessage().
nsresult
TransportSecurityInfo::formatErrorMessage(MutexAutoLock const & proofOfLock,
PRErrorCode errorCode,
SSLErrorMessageType errorMessageType,
bool wantsHtml, bool suppressPort443,
nsString &result)
TransportSecurityInfo::formatErrorMessage(MutexAutoLock const & proofOfLock)
{
if (errorCode == 0) {
result.Truncate();
if (mErrorCode == 0 || !mErrorMessageCached.IsEmpty()) {
return NS_OK;
}
nsresult rv;
NS_ConvertASCIItoUTF16 hostNameU(mHostName);
NS_ASSERTION(errorMessageType != OverridableCertErrorMessage ||
NS_ASSERTION(mErrorMessageType != OverridableCertErrorMessage ||
(mSSLStatus && mSSLStatus->mServerCert &&
mSSLStatus->mHaveCertErrorBits),
"GetErrorLogMessage called for cert error without cert");
if (errorMessageType == OverridableCertErrorMessage &&
"GetErrorMessage called for cert error without cert");
if (mErrorMessageType == OverridableCertErrorMessage &&
mSSLStatus && mSSLStatus->mServerCert) {
rv = formatOverridableCertErrorMessage(*mSSLStatus, errorCode,
rv = formatOverridableCertErrorMessage(*mSSLStatus, mErrorCode,
mHostName, mPort,
suppressPort443,
wantsHtml,
result);
mErrorMessageCached);
} else {
rv = formatPlainErrorMessage(mHostName, mPort,
errorCode,
suppressPort443,
result);
rv = formatPlainErrorMessage(mHostName, mPort, mErrorCode,
mErrorMessageCached);
}
if (NS_FAILED(rv)) {
result.Truncate();
mErrorMessageCached.Truncate();
}
return rv;
@ -402,9 +372,7 @@ TransportSecurityInfo::Write(nsIObjectOutputStream* stream)
stream->WriteWStringZ(mShortDesc.get());
// XXX: uses nsNSSComponent string bundles off the main thread
nsresult rv = formatErrorMessage(lock,
mErrorCode, mErrorMessageType,
true, true, mErrorMessageCached);
nsresult rv = formatErrorMessage(lock);
NS_ENSURE_SUCCESS(rv, rv);
stream->WriteWStringZ(mErrorMessageCached.get());
@ -617,9 +585,7 @@ TransportSecurityInfo::SetSSLStatus(nsSSLStatus *aSSLStatus)
*/
static nsresult
formatPlainErrorMessage(const nsXPIDLCString &host, int32_t port,
PRErrorCode err,
bool suppressPort443,
nsString &returnedMessage)
PRErrorCode err, nsString &returnedMessage)
{
const PRUnichar *params[1];
nsresult rv;
@ -639,7 +605,7 @@ formatPlainErrorMessage(const nsXPIDLCString &host, int32_t port,
// in error pages in the common case.
hostWithPort.AssignASCII(host);
if (!suppressPort443 || port != 443) {
if (port != 443) {
hostWithPort.AppendLiteral(":");
hostWithPort.AppendInt(port);
}
@ -814,7 +780,6 @@ static void
AppendErrorTextMismatch(const nsString &host,
nsIX509Cert* ix509,
nsINSSComponent *component,
bool wantsHtml,
nsString &returnedMessage)
{
const PRUnichar *params[1];
@ -877,15 +842,9 @@ AppendErrorTextMismatch(const nsString &host,
else if (nameCount == 1) {
const PRUnichar *params[1];
params[0] = allNames.get();
const char *stringID;
if (wantsHtml)
stringID = "certErrorMismatchSingle2";
else
stringID = "certErrorMismatchSinglePlain";
nsString formattedString;
rv = component->PIPBundleFormatStringFromName(stringID,
rv = component->PIPBundleFormatStringFromName("certErrorMismatchSingle2",
params, 1,
formattedString);
if (NS_SUCCEEDED(rv)) {
@ -1019,8 +978,6 @@ static nsresult
formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
PRErrorCode errorCodeToReport,
const nsXPIDLCString & host, int32_t port,
bool suppressPort443,
bool wantsHtml,
nsString & returnedMessage)
{
const PRUnichar *params[1];
@ -1036,7 +993,7 @@ formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
// in error pages in the common case.
hostWithoutPort.AppendASCII(host);
if (suppressPort443 && port == 443) {
if (port == 443) {
params[0] = hostWithoutPort.get();
} else {
hostWithPort.AppendASCII(host);
@ -1071,7 +1028,7 @@ formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
rv = sslStatus.GetIsDomainMismatch(&isDomainMismatch);
NS_ENSURE_SUCCESS(rv, rv);
if (isDomainMismatch) {
AppendErrorTextMismatch(hostWithoutPort, ix509, component, wantsHtml, returnedMessage);
AppendErrorTextMismatch(hostWithoutPort, ix509, component, returnedMessage);
}
bool isNotValidAtThisTime;

11
security/manager/ssl/src/TransportSecurityInfo.h
Просмотреть файл

@ -59,11 +59,6 @@ public:
nsresult SetPort(int32_t aPort);
PRErrorCode GetErrorCode() const;
void GetErrorLogMessage(PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType,
nsString &result);
void SetCanceled(PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType);
@ -96,11 +91,7 @@ private:
PRErrorCode mErrorCode;
::mozilla::psm::SSLErrorMessageType mErrorMessageType;
nsString mErrorMessageCached;
nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock,
PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType,
bool wantsHtml, bool suppressPort443,
nsString &result);
nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock);
int32_t mPort;
nsXPIDLCString mHostName;

30
security/manager/ssl/src/nsNSSIOLayer.cpp
Просмотреть файл

@ -23,7 +23,6 @@
#include "nsISecureBrowserUI.h"
#include "nsIInterfaceRequestorUtils.h"
#include "nsCharSeparatedTokenizer.h"
#include "nsIConsoleService.h"
#include "PSMRunnable.h"
#include "ssl.h"
@ -486,9 +485,7 @@ void nsSSLIOLayerHelpers::Cleanup()
}
static void
nsHandleSSLError(nsNSSSocketInfo *socketInfo,
::mozilla::psm::SSLErrorMessageType errtype,
PRErrorCode err)
nsHandleSSLError(nsNSSSocketInfo *socketInfo, PRErrorCode err)
{
if (!NS_IsMainThread()) {
NS_ERROR("nsHandleSSLError called off the main thread");
@ -532,19 +529,8 @@ nsHandleSSLError(nsNSSSocketInfo *socketInfo,
rv = sel->NotifySSLError(csi, err, hostWithPortString, &suppressMessage);
}
}
// We must cancel first, which sets the error code.
socketInfo->SetCanceled(err, PlainErrorMessage);
nsXPIDLString errorString;
socketInfo->GetErrorLogMessage(err, errtype, errorString);
if (!errorString.IsEmpty()) {
nsCOMPtr<nsIConsoleService> console;
console = do_GetService(NS_CONSOLESERVICE_CONTRACTID);
if (console) {
console->LogStringMessage(errorString.get());
}
}
}
namespace {
@ -820,22 +806,17 @@ isTLSIntoleranceError(int32_t err, bool withInitialCleartext)
class SSLErrorRunnable : public SyncRunnableBase
{
public:
SSLErrorRunnable(nsNSSSocketInfo * infoObject,
::mozilla::psm::SSLErrorMessageType errtype,
PRErrorCode errorCode)
: mInfoObject(infoObject)
, mErrType(errtype)
, mErrorCode(errorCode)
SSLErrorRunnable(nsNSSSocketInfo * infoObject, PRErrorCode errorCode)
: mInfoObject(infoObject), mErrorCode(errorCode)
{
}
virtual void RunOnTargetThread()
{
nsHandleSSLError(mInfoObject, mErrType, mErrorCode);
nsHandleSSLError(mInfoObject, mErrorCode);
}
nsRefPtr<nsNSSSocketInfo> mInfoObject;
::mozilla::psm::SSLErrorMessageType mErrType;
const PRErrorCode mErrorCode;
};
@ -909,7 +890,6 @@ int32_t checkHandshake(int32_t bytesTransfered, bool wasReading,
if (!wantRetry && (IS_SSL_ERROR(err) || IS_SEC_ERROR(err)) &&
!socketInfo->GetErrorCode()) {
nsRefPtr<SyncRunnableBase> runnable = new SSLErrorRunnable(socketInfo,
PlainErrorMessage,
err);
(void) runnable->DispatchToMainThreadAndWait();
}