remove_email_entry used cert->email of the last-destroyed cert to locate
the hash entry to clean up. If that cert had no email, the entry was
silently skipped, leaving a dangling subjectList pointer after the arena
was freed. Store the registration-time email on the subject cache_entry
(mirroring ce->nickname) and thread it through remove_subject_entry so
removal always uses the correct email regardless of destruction order.
In some cases, `lock.wait()` can be interrupted by spurious wake-ups
before processing is done. To ensure things are, in fact, synchronous,
loop over `wait()` until it is actually done.
Previously, SFTKSlot.rwSessionCount was incremented and decremented
atomically, which meant that there was no way to synchronize reads from it
in NSC_GetTokenInfo. This patch removes the atomic operations but protects
rwSessionCount with SFTKSlot.slotLock.
SFTKSlot.sessionCount is already protected in this way, so this should
have no performance impact.
NPN was removed from NSS a long time ago, this effectively does nothing.
ALPN also should be default-enabled (we do this by pref but the component
itself should have a sane default) so this was flipped as a drive-by fix.
Resolves#2723
Vim control lines were re-introduced or not entirely cleaned up.
This nukes them again.
Removing from modules, netwerk, security, storage, testing, toolkit, and
a few scattered misc files. More to come.
Critical note: this potentially reduces the strength of TLS 1.3 and
should only be enabled if absolutely necessary to access a site.
A browser restart is required for the pref change to take effect as it
is set on NSS initialization.
Resolves#1831
This is no longer needed because the call to SSL_ConfigServerSessionIDCache on startup was already removed (see 1425f020c47b3cbe134f71717299714aead28502), meaning LocksInitializedEarly does not become true and only causes an assertion on debug builds.
On the other hand, SSL_ClearSessionCache is already called on XPCOM shutdown and calling it again here is redundant.
Additional context: https://bugzilla.mozilla.org/show_bug.cgi?id=1485087#c5
Based on https://bugzilla.mozilla.org/show_bug.cgi?id=1485087
Dennis Jackson
John Schanck
Moonchild
Brian Smith
Kai Engert
FranklinDM
roytam1
adesh