Bug 1154068 - rename relaxed to insecure scheme and add more runtime checks r=hurley

we used the term relaxed for http:// over tls; but someitmes we also
enforced the authentication if alt-svc changed the host involved. That
was all done correctly but the term relaxed wasn't very accurate in
those cases.

For clarity rename "relaxed" to be "insecureScheme". Also add a
runtime check (with debug assert) to paths to enforce that bit isn't
set where it shouldn't be (it isn't known to be).

netwerk/protocol/http/AlternateServices.cpp

@@ -230,9 +230,7 @@ AltSvcMapping::GetConnectionInfo(nsHttpConnectionInfo **outCI,
   nsRefPtr<nsHttpConnectionInfo> ci =
     new nsHttpConnectionInfo(mAlternateHost, mAlternatePort, mNPNToken,
                              mUsername, pi, mOriginHost, mOriginPort);
-  if (!mHttps) {
+  ci->SetInsecureScheme(!mHttps);
-    ci->SetRelaxed(true);
-  }
   ci->SetPrivate(mPrivate);
   ci.forget(outCI);
 }
@@ -330,6 +328,13 @@ public:
          this, socketControl.get(), bypassAuth));
 
     if (bypassAuth) {
+      if (mMapping->HTTPS()) {
+        MOZ_ASSERT(false); // cannot happen but worth the runtime sanity check
+        LOG(("AltSvcTransaction::MaybeValidate %p"
+             "somehow indicates bypassAuth on https:// origin\n", this));
+        return;
+      }
+
       LOG(("AltSvcTransaction::MaybeValidate() %p "
            "validating alternate service because relaxed", this));
       mMapping->SetValidated(true);

netwerk/protocol/http/AlternateServices.h

@@ -68,6 +68,7 @@ public:
   void SetExpiresAt(int32_t val) { mExpiresAt = val; }
   void SetExpired();
   bool RouteEquals(AltSvcMapping *map);
+  bool HTTPS() { return mHttps; }
 
   void GetConnectionInfo(nsHttpConnectionInfo **outCI, nsProxyInfo *pi);
   int32_t TTL();
@@ -95,7 +96,7 @@ private:
 
   bool mValidated;
   bool mRunning;
-  bool mHttps;
+  bool mHttps; // origin is https://
 
   nsCString mNPNToken;
 };

netwerk/protocol/http/Http2Session.cpp

@@ -2186,7 +2186,7 @@ Http2Session::RecvAltSvc(Http2Session *self)
     nsAutoCString specifiedOriginHost;
     if (origin.EqualsIgnoreCase("https://", 8)) {
       specifiedOriginHost.Assign(origin.get() + 8, origin.Length() - 8);
-      if (ci->GetRelaxed()) {
+      if (ci->GetInsecureScheme()) {
         // technically this is ok because it will still be confirmed before being used
         // but let's not support it.
         okToReroute = false;

netwerk/protocol/http/nsHttpConnection.cpp

@@ -519,7 +519,7 @@ nsHttpConnection::SetupNPNList(nsISSLSocketControl *ssl, uint32_t caps)
         ssl->SetAuthenticationPort(authPort);
     }
 
-    if (mConnInfo->GetRelaxed()) { // http:// over tls
+    if (mConnInfo->GetInsecureScheme()) { // http:// over tls
         if (authHost.IsEmpty() || authHost.Equals(mConnInfo->GetHost())) {
             LOG(("nsHttpConnection::SetupSSL %p TLS-Relaxed "
                  "with Same Host Auth Bypass", this));
@@ -555,10 +555,10 @@ nsHttpConnection::AddTransaction(nsAHttpTransaction *httpTransaction,
          needTunnel ? " over tunnel" : ""));
 
     // do a runtime check here just for defense in depth
-    if (transCI->GetRelaxed() &&
+    if (transCI->GetInsecureScheme() &&
         httpTransaction->RequestHead() && httpTransaction->RequestHead()->IsHTTPS()) {
-        LOG(("This Cannot happen - https on relaxed tls stream\n"));
+        LOG(("This Cannot happen - https on insecure scheme tls stream\n"));
-        MOZ_ASSERT(false, "https:// on tls relaxed");
+        MOZ_ASSERT(false, "https:// on tls insecure scheme");
         return NS_ERROR_FAILURE;
     }
 

netwerk/protocol/http/nsHttpConnectionInfo.cpp

@@ -114,7 +114,7 @@ void nsHttpConnectionInfo::BuildHashKey()
     // byte 1 is S/. S is for end to end ssl such as https:// uris
     // byte 2 is A/. A is for an anonymous channel (no cookies, etc..)
     // byte 3 is P/. P is for a private browising channel
-    // byte 4 is R/. R is for 'relaxed' unauthed TLS for http:// uris
+    // byte 4 is I/. I is for insecure scheme on TLS for http:// uris
     // byte 5 is X/. X is for disallow_spdy flag
 
     mHashKey.AssignLiteral("......");
@@ -202,10 +202,10 @@ nsHttpConnectionInfo::Clone() const
         clone->SetNetworkInterfaceId(mNetworkInterfaceId);
     }
 
-    // Make sure the anonymous, relaxed, and private flags are transferred
+    // Make sure the anonymous, insecure-scheme, and private flags are transferred
     clone->SetAnonymous(GetAnonymous());
     clone->SetPrivate(GetPrivate());
-    clone->SetRelaxed(GetRelaxed());
+    clone->SetInsecureScheme(GetInsecureScheme());
     clone->SetNoSpdy(GetNoSpdy());
     MOZ_ASSERT(clone->Equals(this));
 
@@ -223,10 +223,10 @@ nsHttpConnectionInfo::CloneAsDirectRoute(nsHttpConnectionInfo **outCI)
     nsRefPtr<nsHttpConnectionInfo> clone =
         new nsHttpConnectionInfo(mAuthenticationHost, mAuthenticationPort,
                                  EmptyCString(), mUsername, mProxyInfo, mEndToEndSSL);
-    // Make sure the anonymous, relaxed, and private flags are transferred
+    // Make sure the anonymous, insecure-scheme, and private flags are transferred
     clone->SetAnonymous(GetAnonymous());
     clone->SetPrivate(GetPrivate());
-    clone->SetRelaxed(GetRelaxed());
+    clone->SetInsecureScheme(GetInsecureScheme());
     clone->SetNoSpdy(GetNoSpdy());
     if (!mNetworkInterfaceId.IsEmpty()) {
         clone->SetNetworkInterfaceId(mNetworkInterfaceId);

netwerk/protocol/http/nsHttpConnectionInfo.h

@@ -99,9 +99,9 @@ public:
     bool          GetAnonymous() const   { return mHashKey.CharAt(2) == 'A'; }
     void          SetPrivate(bool priv)  { mHashKey.SetCharAt(priv ? 'P' : '.', 3); }
     bool          GetPrivate() const     { return mHashKey.CharAt(3) == 'P'; }
-    void          SetRelaxed(bool relaxed)
+    void          SetInsecureScheme(bool insecureScheme)
-                                       { mHashKey.SetCharAt(relaxed ? 'R' : '.', 4); }
+                                       { mHashKey.SetCharAt(insecureScheme ? 'I' : '.', 4); }
-    bool          GetRelaxed() const   { return mHashKey.CharAt(4) == 'R'; }
+    bool          GetInsecureScheme() const   { return mHashKey.CharAt(4) == 'I'; }
 
     void          SetNoSpdy(bool aNoSpdy)
                                        { mHashKey.SetCharAt(aNoSpdy ? 'X' : '.', 5); }