Backed out changeset 156e22161091 (bug 1580138) for build bustage in toolkit/library/gtest/target. On a CLOSED TREE

netwerk/base/SSLTokensCache.cpp

@@ -23,12 +23,12 @@ static LazyLogModule gSSLTokensCacheLog("SSLTokensCache");
 
 class ExpirationComparator {
  public:
-  bool Equals(SSLTokensCache::TokenCacheRecord* a,
-              SSLTokensCache::TokenCacheRecord* b) const {
+  bool Equals(SSLTokensCache::HostRecord* a,
+              SSLTokensCache::HostRecord* b) const {
     return a->mExpirationTime == b->mExpirationTime;
   }
-  bool LessThan(SSLTokensCache::TokenCacheRecord* a,
-                SSLTokensCache::TokenCacheRecord* b) const {
+  bool LessThan(SSLTokensCache::HostRecord* a,
+                SSLTokensCache::HostRecord* b) const {
     return a->mExpirationTime < b->mExpirationTime;
   }
 };
@@ -78,12 +78,12 @@ SSLTokensCache::SSLTokensCache() : mCacheSize(0) {
 SSLTokensCache::~SSLTokensCache() { LOG(("SSLTokensCache::~SSLTokensCache")); }
 
 // static
-nsresult SSLTokensCache::Put(const nsACString& aKey, const uint8_t* aToken,
+nsresult SSLTokensCache::Put(const nsACString& aHost, const uint8_t* aToken,
                              uint32_t aTokenLen) {
   StaticMutexAutoLock lock(sLock);
 
-  LOG(("SSLTokensCache::Put [key=%s, tokenLen=%u]",
-       PromiseFlatCString(aKey).get(), aTokenLen));
+  LOG(("SSLTokensCache::Put [host=%s, tokenLen=%u]",
+       PromiseFlatCString(aHost).get(), aTokenLen));
 
   if (!gInstance) {
     LOG(("  service not initialized"));
@@ -101,12 +101,12 @@ nsresult SSLTokensCache::Put(const nsACString& aKey, const uint8_t* aToken,
   expirationTime = tokenInfo.expirationTime;
   SSL_DestroyResumptionTokenInfo(&tokenInfo);
 
-  TokenCacheRecord* rec = nullptr;
+  HostRecord* rec = nullptr;
 
-  if (!gInstance->mTokenCacheRecords.Get(aKey, &rec)) {
-    rec = new TokenCacheRecord();
-    rec->mKey = aKey;
-    gInstance->mTokenCacheRecords.Put(aKey, rec);
+  if (!gInstance->mHostRecs.Get(aHost, &rec)) {
+    rec = new HostRecord();
+    rec->mHost = aHost;
+    gInstance->mHostRecs.Put(aHost, rec);
     gInstance->mExpirationArray.AppendElement(rec);
   } else {
     gInstance->mCacheSize -= rec->mToken.Length();
@@ -126,20 +126,20 @@ nsresult SSLTokensCache::Put(const nsACString& aKey, const uint8_t* aToken,
 }
 
 // static
-nsresult SSLTokensCache::Get(const nsACString& aKey,
+nsresult SSLTokensCache::Get(const nsACString& aHost,
                              nsTArray<uint8_t>& aToken) {
   StaticMutexAutoLock lock(sLock);
 
-  LOG(("SSLTokensCache::Get [key=%s]", PromiseFlatCString(aKey).get()));
+  LOG(("SSLTokensCache::Get [host=%s]", PromiseFlatCString(aHost).get()));
 
   if (!gInstance) {
     LOG(("  service not initialized"));
     return NS_ERROR_NOT_INITIALIZED;
   }
 
-  TokenCacheRecord* rec = nullptr;
+  HostRecord* rec = nullptr;
 
-  if (gInstance->mTokenCacheRecords.Get(aKey, &rec)) {
+  if (gInstance->mHostRecs.Get(aHost, &rec)) {
     if (rec->mToken.Length()) {
       aToken = rec->mToken;
       return NS_OK;
@@ -151,28 +151,28 @@ nsresult SSLTokensCache::Get(const nsACString& aKey,
 }
 
 // static
-nsresult SSLTokensCache::Remove(const nsACString& aKey) {
+nsresult SSLTokensCache::Remove(const nsACString& aHost) {
   StaticMutexAutoLock lock(sLock);
 
-  LOG(("SSLTokensCache::Remove [key=%s]", PromiseFlatCString(aKey).get()));
+  LOG(("SSLTokensCache::Remove [host=%s]", PromiseFlatCString(aHost).get()));
 
   if (!gInstance) {
     LOG(("  service not initialized"));
     return NS_ERROR_NOT_INITIALIZED;
   }
 
-  return gInstance->RemoveLocked(aKey);
+  return gInstance->RemoveLocked(aHost);
 }
 
-nsresult SSLTokensCache::RemoveLocked(const nsACString& aKey) {
+nsresult SSLTokensCache::RemoveLocked(const nsACString& aHost) {
   sLock.AssertCurrentThreadOwns();
 
-  LOG(("SSLTokensCache::RemoveLocked [key=%s]",
-       PromiseFlatCString(aKey).get()));
+  LOG(("SSLTokensCache::RemoveLocked [host=%s]",
+       PromiseFlatCString(aHost).get()));
 
-  nsAutoPtr<TokenCacheRecord> rec;
+  nsAutoPtr<HostRecord> rec;
 
-  if (!mTokenCacheRecords.Remove(aKey, &rec)) {
+  if (!mHostRecs.Remove(aHost, &rec)) {
     LOG(("  token not found"));
     return NS_ERROR_NOT_AVAILABLE;
   }
@@ -206,9 +206,8 @@ void SSLTokensCache::EvictIfNecessary() {
   mExpirationArray.Sort(ExpirationComparator());
 
   while (mCacheSize > capacity && mExpirationArray.Length() > 0) {
-    if (NS_FAILED(RemoveLocked(mExpirationArray[0]->mKey))) {
-      MOZ_ASSERT(false,
-                 "mExpirationArray and mTokenCacheRecords are out of sync!");
+    if (NS_FAILED(RemoveLocked(mExpirationArray[0]->mHost))) {
+      MOZ_ASSERT(false, "mExpirationArray and mHostRecs are out of sync!");
       mExpirationArray.RemoveElementAt(0);
     }
   }
@@ -223,12 +222,12 @@ size_t SSLTokensCache::SizeOfIncludingThis(
     mozilla::MallocSizeOf mallocSizeOf) const {
   size_t n = mallocSizeOf(this);
 
-  n += mTokenCacheRecords.ShallowSizeOfExcludingThis(mallocSizeOf);
+  n += mHostRecs.ShallowSizeOfExcludingThis(mallocSizeOf);
   n += mExpirationArray.ShallowSizeOfExcludingThis(mallocSizeOf);
 
   for (uint32_t i = 0; i < mExpirationArray.Length(); ++i) {
     n += mallocSizeOf(mExpirationArray[i]);
-    n += mExpirationArray[i]->mKey.SizeOfExcludingThisIfUnshared(mallocSizeOf);
+    n += mExpirationArray[i]->mHost.SizeOfExcludingThisIfUnshared(mallocSizeOf);
     n += mExpirationArray[i]->mToken.ShallowSizeOfExcludingThis(mallocSizeOf);
   }
 

netwerk/base/SSLTokensCache.h

@@ -27,16 +27,16 @@ class SSLTokensCache : public nsIMemoryReporter {
 
   static bool IsEnabled() { return sEnabled; }
 
-  static nsresult Put(const nsACString& aKey, const uint8_t* aToken,
+  static nsresult Put(const nsACString& aHost, const uint8_t* aToken,
                       uint32_t aTokenLen);
-  static nsresult Get(const nsACString& aKey, nsTArray<uint8_t>& aToken);
-  static nsresult Remove(const nsACString& aKey);
+  static nsresult Get(const nsACString& aHost, nsTArray<uint8_t>& aToken);
+  static nsresult Remove(const nsACString& aHost);
 
  private:
   SSLTokensCache();
   virtual ~SSLTokensCache();
 
-  nsresult RemoveLocked(const nsACString& aKey);
+  nsresult RemoveLocked(const nsACString& aHost);
 
   void InitPrefs();
   void EvictIfNecessary();
@@ -53,15 +53,15 @@ class SSLTokensCache : public nsIMemoryReporter {
 
   uint32_t mCacheSize;  // Actual cache size in bytes
 
-  class TokenCacheRecord {
+  class HostRecord {
    public:
-    nsCString mKey;
+    nsCString mHost;
     PRUint32 mExpirationTime;
     nsTArray<uint8_t> mToken;
   };
 
-  nsClassHashtable<nsCStringHashKey, TokenCacheRecord> mTokenCacheRecords;
-  nsTArray<TokenCacheRecord*> mExpirationArray;
+  nsClassHashtable<nsCStringHashKey, HostRecord> mHostRecs;
+  nsTArray<HostRecord*> mExpirationArray;
 };
 
 }  // namespace net

netwerk/base/nsSocketTransport2.cpp

@@ -1238,15 +1238,8 @@ SECStatus nsSocketTransport::StoreResumptionToken(
     return SECFailure;
   }
 
-  nsCOMPtr<nsISSLSocketControl> secCtrl =
-      do_QueryInterface(static_cast<nsSocketTransport*>(ctx)->mSecInfo);
-  if (!secCtrl) {
-    return SECFailure;
-  }
-
-  nsAutoCString peerId;
-  secCtrl->GetPeerId(peerId);
-  SSLTokensCache::Put(peerId, resumptionToken, len);
+  SSLTokensCache::Put(static_cast<nsSocketTransport*>(ctx)->mHost,
+                      resumptionToken, len);
 
   return SECSuccess;
 }
@@ -1541,22 +1534,19 @@ nsresult nsSocketTransport::InitiateSocket() {
     }
   }
 
-  nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
-  if (usingSSL && secCtrl && SSLTokensCache::IsEnabled()) {
+  if (usingSSL && SSLTokensCache::IsEnabled()) {
     PRIntn val;
     // If SSL_NO_CACHE option was set, we must not use the cache
     if (SSL_OptionGet(fd, SSL_NO_CACHE, &val) == SECSuccess && val == 0) {
       nsTArray<uint8_t> token;
-      nsAutoCString peerId;
-      secCtrl->GetPeerId(peerId);
-      nsresult rv2 = SSLTokensCache::Get(peerId, token);
+      nsresult rv2 = SSLTokensCache::Get(mHost, token);
       if (NS_SUCCEEDED(rv2) && token.Length() != 0) {
         SECStatus srv =
             SSL_SetResumptionToken(fd, token.Elements(), token.Length());
         if (srv == SECFailure) {
-          SOCKET_LOG(("Setting token failed with NSS error %d [id=%s]",
-                      PORT_GetError(), PromiseFlatCString(peerId).get()));
-          SSLTokensCache::Remove(peerId);
+          SOCKET_LOG(("Setting token failed with NSS error %d [host=%s]",
+                      PORT_GetError(), PromiseFlatCString(mHost).get()));
+          SSLTokensCache::Remove(mHost);
         }
       }
     }

netwerk/socket/nsISSLSocketControl.idl

@@ -166,10 +166,5 @@ interface nsISSLSocketControl : nsISupports {
      * True iff the connection was resumed using the resumption token.
      */
     readonly attribute boolean resumed;
-
-    /**
-     * The id used to uniquely identify the connection to the peer.
-     */
-    readonly attribute ACString peerId;
 };
 

security/manager/ssl/nsNSSIOLayer.cpp

@@ -887,37 +887,6 @@ nsNSSSocketInfo::SetEsniTxt(const nsACString& aEsniTxt) {
   return NS_OK;
 }
 
-NS_IMETHODIMP
-nsNSSSocketInfo::GetPeerId(nsACString& aResult) {
-  if (!mPeerId.IsEmpty()) {
-    aResult.Assign(mPeerId);
-    return NS_OK;
-  }
-
-  if (mProviderFlags &
-      nsISocketProvider::ANONYMOUS_CONNECT) {  // See bug 466080
-    mPeerId.AppendLiteral("anon:");
-  }
-  if (mProviderFlags & nsISocketProvider::NO_PERMANENT_STORAGE) {
-    mPeerId.AppendLiteral("private:");
-  }
-  if (mProviderFlags & nsISocketProvider::BE_CONSERVATIVE) {
-    mPeerId.AppendLiteral("beConservative:");
-  }
-
-  mPeerId.AppendPrintf("tlsflags0x%08x:", mProviderTlsFlags);
-
-  mPeerId.Append(GetHostName());
-  mPeerId.Append(':');
-  mPeerId.AppendInt(GetPort());
-  nsAutoCString suffix;
-  GetOriginAttributes().CreateSuffix(suffix);
-  mPeerId.Append(suffix);
-
-  aResult.Assign(mPeerId);
-  return NS_OK;
-}
-
 #if defined(DEBUG_SSL_VERBOSE) && defined(DUMP_BUFFER)
 // Dumps a (potentially binary) buffer using SSM_DEBUG.  (We could have used
 // the version in ssltrace.c, but that's specifically tailored to SSLTRACE.)
@@ -2324,13 +2293,30 @@ static nsresult nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
 
   // Set the Peer ID so that SSL proxy connections work properly and to
   // separate anonymous and/or private browsing connections.
+  uint32_t flags = infoObject->GetProviderFlags();
   nsAutoCString peerId;
-  infoObject->GetPeerId(peerId);
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) {  // See bug 466080
+    peerId.AppendLiteral("anon:");
+  }
+  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    peerId.AppendLiteral("private:");
+  }
+  if (flags & nsISocketProvider::BE_CONSERVATIVE) {
+    peerId.AppendLiteral("beConservative:");
+  }
+
+  peerId.AppendPrintf("tlsflags0x%08x:", infoObject->GetProviderTlsFlags());
+
+  peerId.Append(host);
+  peerId.Append(':');
+  peerId.AppendInt(port);
+  nsAutoCString suffix;
+  infoObject->GetOriginAttributes().CreateSuffix(suffix);
+  peerId.Append(suffix);
   if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
     return NS_ERROR_FAILURE;
   }
 
-  uint32_t flags = infoObject->GetProviderFlags();
   if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
     if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, false) ||
         SECSuccess != SSL_OptionSet(fd, SSL_NO_CACHE, true)) {

security/manager/ssl/nsNSSIOLayer.h

@@ -163,7 +163,6 @@ class nsNSSSocketInfo final : public mozilla::psm::TransportSecurityInfo,
 
   nsCString mNegotiatedNPN;
   nsCString mEsniTxt;
-  nsCString mPeerId;
   bool mNPNCompleted;
   bool mEarlyDataAccepted;
   bool mDenyClientCert;