Fix for bug 31174. Misc. ssl related fixes for getting SSL proxies to work. r=ruslan,pavlov sr=dougt. Thanks nikolay.igotti@eng.sun.com

2024-12-14 10:43:24 +00:00 · 2000-10-13 03:18:55 +00:00 · 2000-10-13 03:18:55 +00:00 · 34549dbcd5
commit 34549dbcd5
parent 70a7f66f5c
4 changed files with 40 additions and 7 deletions
--- a/netwerk/base/src/nsSocketTransport.cpp
+++ b/netwerk/base/src/nsSocketTransport.cpp
@ -137,6 +137,7 @@ nsSocketTransport::nsSocketTransport():
    mProxyPort(0),
    mProxyHost(nsnull),
    mProxyTransparent(PR_FALSE),
+    mSSLProxy(PR_FALSE),
    mReadWriteState(0),
    mSelectFlags(0),
    mService(nsnull),
@ -326,6 +327,10 @@ nsresult nsSocketTransport::Init(nsSocketTransportService* aService,
                    // the default proxy behavior
                    mProxyTransparent = PR_TRUE;
                }
+                if (mProxyHost && (nsCRT::strcmp(socketType, "ssl") == 0))
+                {
+                    mSSLProxy = PR_TRUE;
+                }
            }
        }
    } 
@ -1839,7 +1844,10 @@ nsSocketTransport::GetOriginalURI(nsIURI* *aURL)
 {
  nsStdURL *url;
  url = new nsStdURL(nsnull);
-  if( mProxyHost && !mProxyTransparent)
+  // XXX: not sure this is correct behavior, but we should somehow
+  // prevent reusing the same nsSocketTransport for different SSL hosts
+  // in proxied case.
+  if (mProxyHost && !(mProxyTransparent || mSSLProxy))
  {
    url->SetHost(mProxyHost);
    url->SetPort(mProxyPort);
--- a/netwerk/base/src/nsSocketTransport.h
+++ b/netwerk/base/src/nsSocketTransport.h
@ -224,7 +224,8 @@ protected:
    nsCOMPtr<nsISupports>           mSecurityInfo;
    PRInt32                         mProxyPort;
    char*                           mProxyHost;
-    PRBool			    mProxyTransparent;
+    PRBool                          mProxyTransparent;
+    PRBool                          mSSLProxy;
    nsCOMPtr<nsISupports>           mReadContext;
    nsCOMPtr<nsIStreamListener>     mReadListener;
    nsCOMPtr<nsIInputStream>        mReadPipeIn;
--- a/netwerk/protocol/http/src/nsHTTPRequest.cpp
+++ b/netwerk/protocol/http/src/nsHTTPRequest.cpp
@ -62,6 +62,7 @@ nsHTTPRequest::nsHTTPRequest(nsIURI* i_URL,
    mBufferMaxSize(bufferMaxSize),
    mPipelinedRequest(nsnull),
    mDoingProxySSLConnect(PR_FALSE),
+    mSSLConnected(PR_FALSE),
    mVersion(HTTP_ONE_ZERO),
    mKeepAliveTimeout(0),
    mRequestSpec(0),
@ -282,7 +283,7 @@ nsHTTPRequest::SetOverrideRequestSpec(const char* i_Spec)
    if (i_Spec)
    {
        // proxy case
-        if (!PL_strcasecmp(mSpec, "https") && mProxySSLConnectAllowed)
+        if (mProxySSLConnectAllowed && !PL_strncasecmp(mSpec, "https", 5))
            mDoingProxySSLConnect = PR_TRUE;
    }
    
@ -411,7 +412,25 @@ nsHTTPRequest::formBuffer(nsCString * requestBuffer, PRUint32 capabilities)
    nsString methodString;
    nsCString cp;

-    if (mDoingProxySSLConnect)
+    
+    if (mDoingProxySSLConnect) 
+    { 
+            nsCOMPtr<nsIChannel> trans;
+            PRUint32 reuse = 0;
+            GetTransport(getter_AddRefs(trans));
+            nsCOMPtr<nsISocketTransport> sockTrans = 
+                do_QueryInterface(trans, &rv);
+            if (NS_SUCCEEDED(rv))
+                sockTrans->GetReuseCount(&reuse);
+            if (reuse > 0) 
+                {
+                    mSSLConnected = PR_TRUE;
+                    mDoingProxySSLConnect = PR_FALSE;
+                }
+    }
+    
+
+    if (mDoingProxySSLConnect && !mSSLConnected)
    {
        requestBuffer->Append("CONNECT ");
        requestBuffer->Append(mHost);
@ -419,9 +438,10 @@ nsHTTPRequest::formBuffer(nsCString * requestBuffer, PRUint32 capabilities)

        char tmp[20];
        sprintf(tmp, "%u",(mPort == -1) ? 
-            ((!PL_strcasecmp(mSpec, "https")) ? 443 : 80) 
+            ((!PL_strncasecmp(mSpec, "https", 5)) ? 443 : 80) 
                    : mPort);
        requestBuffer->Append(tmp);
+        mSSLConnected = PR_TRUE;
    }
    else
    {
@ -432,7 +452,8 @@ nsHTTPRequest::formBuffer(nsCString * requestBuffer, PRUint32 capabilities)
        requestBuffer->Append(" ");

        // Request spec gets set for proxied cases-
-        if (!mRequestSpec)
+        // for proxied SSL form request just like non-proxy case
+        if (!mRequestSpec || mSSLConnected)
        {
            rv = mURI->GetPath(getter_Copies(autoBuffer));
            requestBuffer->Append(autoBuffer);
@ -906,7 +927,9 @@ nsHTTPPipelinedRequest::RestartRequest(PRUint32 aType)
    {
        mTotalWritten = 0;
        mMustCommit   = PR_TRUE;
-        mListener     =  nsnull;
+        // We don't have to do it, as this listener should get 
+        // data on the second stage of proxy SSL connection as far
+        // mListener     =  nsnull;

        // in case of SSL proxies we can't pipeline
        nsHTTPRequest * req =(nsHTTPRequest *) mRequests->ElementAt(0);
--- a/netwerk/protocol/http/src/nsHTTPRequest.h
+++ b/netwerk/protocol/http/src/nsHTTPRequest.h
@ -132,6 +132,7 @@ public:
    nsHTTPChannel*              mConnection;
    nsCOMPtr<nsIURL>            mURI;
    PRBool                      mDoingProxySSLConnect;
+    PRBool                      mSSLConnected;

 protected:
    virtual ~nsHTTPRequest();