mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-19 16:25:38 +00:00
4a553d09d1
PSM has two instances of TLS bookkeeping structures ("SharedSSLState"): a "public" one for most connections and a "private" one that automatically clears its state when the last private browsing context (usually a window) closes. Since we moved to separating connections by origin attributes, the latter is largely redundant because keying by origin attributes already separates connections from different contexts, even when using the "public" shared TLS state structure. However, it still has the advantage of clearing its state when the last private browsing context closes. This patch updates the decision of which SharedSSLState to use by taking into account origin attributes. That is, if the origin attributes of the connection has a private browsing ID that isn't the default (unset), we'll use the auto-clearing SharedSSLState. This has the effect of auto-clearing cached client auth certificate state for private contexts when the last private browsing window closes. It also clears accumulated TLS intolerance state in the private context, but that isn't as relevant any more since we don't do TLS fallback by default. Differential Revision: https://phabricator.services.mozilla.com/D33099 --HG-- extra : moz-landing-system : lando |
||
---|---|---|
.. | ||
apps | ||
certverifier | ||
ct | ||
mac/hardenedruntime | ||
manager | ||
nss | ||
sandbox | ||
.eslintrc.js | ||
generate_certdata.py | ||
generate_mapfile.py | ||
moz.build | ||
nss.symbols |