roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 22:53:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
81d61fa324c2bc96faa8a25e94a8d481e9b35284
palemoon27/security/manager/ssl/SharedSSLState.cpp
T
roytam1 cbf860dd80 import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1207790 - Fix sandbox build for older Linux distributions. r=gdestuynder (33726f14d6)
- Bug 1157864 - chromium sandbox: Fix compilation for systems without <sys/cdefs.h>. r=jld (19789c8f28)
- Bug 1181704 - Import chromium SafeSPrintf. r=bobowen (c8f2f34098)
- Bug 1196403 - Apply crbug/522201 to support Windows 10 build 10525. r=bobowen (ee9862b408)
- Bug 1200336: Apply fix for Chromium issue 482784 for sandbox bug when built with VS2015. r=tabraldes (7f4cf9640b)
- Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud (e23a3d3e89)
- Bug 1153809 - Loosen Mac content process sandbox rules for NVidia and Intel HD 3000 graphics hardware. r=areinald (9a3a1fa6ea)
- Bug 1229804: Use the correct string length in Windows sandbox logging. r=tabraldes (6a8cb035ed)
- Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=gdestuynder r=glandium (cff9ae432b)
- crash reporter (009341774b)
- Bug 1168555 - Work around Nuwa not always being single-threaded when a normal content process is. r=kang (b858b1fd62)
- Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang (49125e07be)
- Bug 1176085 - Fix second/nanosecond confusion in Linux sandbox start error case. r=kang (701181c7d2)
- Bug 1199481 - Complain more when entering sandboxing code as root. r=kang (baf7b24675)
- Bug 1215303 - Part 1 - add permissive mode r=jld (e8237859ac)
- Bug 1215303 - Part 2 - automatically enable broker when in permissive mode r=jld (9636c8a956)
- Bug 1222500 - Handle unexpected thread creation better on desktop Linux. r=gdestuynder (58e2f81f96)
- Bug 1131227 - Make the about:certerror Unknown Issuer string mention missing intermediates and unimported roots. r=keeler (29ae92e655)
- Bug 443811 - Use long date format for cert date output. r=keeler (50a31e099c)
- namespace (10ccb72736)
- Bug 1225682 - Don't use nsAuto{,C}String as class member variables in security/manager/. r=keeler (24d10b66f6)
- Bug 1110935 - Part 1 - Assert we're on the main thread on public methods. r=keeler (b9b2b52bf2)
- Bug 1110935 - Part 2 - Remove ReentrantMonitor and ReentrantMonitorAutoEnter uses. r=keeler (3fee4d4653)
- Bug 1110935 - Part 3 - Remove now unnecessary temp variables. r=keeler (f81461993a)
- Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler (dac5f75e75)
- Bug 1136301 - Null check for mCert->slot added in destructorSafeDestroyNSSReference & MarkForPermDeletion. Formatting update in MarkForPermDeletion. r=keeler (daaaf2db22)
- Bug 1168048 - Avoid potential null-pointer dereferencing in nsNSSCertificateDB r=keeler (c511046073)
- Bug 1224121 - change getRelativeRuleLine to return 0 for line-less rules; r=heycam (7cef25806d)
- Bug 1216234 - add inIDOMUtils.getCSSPseudoElementNames; r=heycam,pbrosset (1c94ca86b4)
- Bug 1146114 - Make assertion checking additional leading in ruby frame non-crash. r=dholbert (326d82db79)
- Bug 1052924 followup - Move the XXX comment to the right field. DONTBUILD (481cb50d0d)
- Bug 1136521 - Don't try to use the ascent when placing a frame whose block-direction doesn't match the line's. r=smontagu (eb01f6aa1a)
- Bug 1138353 - Correct the directionality of vertical-align dimensions in cases where line- and flow-relative coordinate directions differ. r=smontagu (6e51f4be05)
- Bug 1133945 - Fix behavior of vertical-align with a specified length, relative to dominant centered baseline in vertical mode. r=smontagu (a2e611f978)
- Bug 1146117 - Downgrade the assertion in FindNearestRubyBaseAncestor to warning. r=dbaron (db29a321f4)
- Bug 1191185 - Simplify nsHypotheticalBox, eliminating obsolete/redundant fields, and rename to nsHypotheticalPosition. r=dholbert (3741b6aa49)
- Bug 1227099 - [css-grid] Grid container block-size should include a grid-row-gap between each row. r=dholbert (35eed9d00b)
- Bug 1225368 - [css-grid] Make CollectGrowable() deal with frozen tracks; i.e. subtract their base size but don't collect them since they aren't growable. r=dholbert (073964a857)
- Bug 1224634 - [css-grid] Make grid items shrink-wrap when reflowing them, unless they have justify-self:stretch. r=dholbert (070c2cf6a9)
- Bug 1176793 part 1 - [css-grid] Implement margin:auto for grid items. r=dholbert (ff89b80fc2)
- Bug 1176793 part 2 - [css-grid] Reftests for margin:auto on grid items. (fe9367e7ca)
- Bug 1229999 - [css-grid] Clamp auto-placed lines to where kMaxLine is in the translated grid. r=dholbert (576d9a8384)
- Bug 1151243 part 1 - Replace three bool params for nsAbsoluteContainingBlock::Reflow with a flag param (idempotent patch). r=dholbert (7303bb9468)
- Bug 978212 - [css-grid] Resolved value of grid-template-{columns,rows} in px units. r=mat (fe4b886917)
- Bug 1151243 part 2 - [css-grid] Add a eIsGridContainerCB flag for nsAbsoluteContainingBlock::Reflow to trigger Grid specific code (rather than checking GetType()). r=dholbert (2f5f857b16)
- Bug 1215099 part 1 - [css-grid] Backout bug 1206703. r=dholbert (b6af6389ce)
- Bug 1123299 - Allow <input type=number> to be displayed in vertical writing mode; but keep the spinner arrows arranged as for horizontal writing mode. r=dholbert (2a2e17ce76)
- (no bug) Fix typo in grid style-struct comment: s/grid-columns-rows/grid-template-rows/. No review, DONTBUILD (f362946aed)
- fix namespace (70ec283c08)
- Bug 1224251 patch 1 - Add reftests. r=mattwoodrow (4f5eed4d0c)
- Bug 1224251 patch 2 - Add nsChangeHint_UpdateUsesOpacity to say when opacity changes between 1 and non-1. r=xidorn (0cec051688)
- Bug 1224251 patch 3 - Return nsChangeHint_UpdateUsesOpacity when opacity changes between 1 and non-1. r=xidorn (acf5f3514c)
- Bug 1224251 patch 4 - Convert UpdateOpacityLayer to RepaintFrame when changing opacity between 1 and non-1 on table parts. r=mattwoodrow (3101e06481)
- Tweak a couple of comments; no bug. (DONTBUILD) (6b7d8486ad)
- Bug 1219534 - Remove unused nsStyleContext::SetStyle##name_ methods. r=dholbert (4c032b5914)
- (no bug) Fix typo in nsStyleContext.h (s/currenlty/currently/). Comment-only, DONTBUILD (3864f8194b)
- Bug 1208901 - Fix a typo in nsStyleClipPath::nsStyleClipPath; r=heycam (df5c3b59a6)
- Bug 1227766 patch 3 - Make will-change cause creation of a containing block for fixed and absolutely positioned elements when needed. r=dholbert (09c59e07f1)
- Bug 1229278 - Fix dynamic changes to text-emphasis-style. r=dbaron (ab0c450f14)
- Bug 1159729 - Reftest to check that text decoration is properly offset when needed. r=smontagu (b93bb0ca41)
- Bug 196292 - Make table inside align=left reset alignment just like for align=center and align=right. r=bz (3b45a62477)
- Bug 1227917 - Update |disp| after we've (potentially) cloned the Display struct so that subsequent tests of 'display' use the new value. r=jfkthame (d3216e7aad)
- Bug 1155766 - Fix a bad assertion r=dbaron (d6744220f4)
- Bug 1167589 - Mark the members of CSSParsingEnvironment as MOZ_UNSAFE_REF. r=dbaron (ebb9729549)
- Bug 1228542 - Resetting AuthorStyleSheets. r=bz (31b27e491d)
- Use nsContentUtils::GenerateUUIDInPlace() in nsIDocument::GenerateDocumentId(), no bug (642138ebac)
- Bug 1226443 P2 Make service worker fetch and functional events used scheduled timer updates. r=ehsan (a4fc5a9275)
- Bug 1227015 P1 Create ServiceWorkerScriptJobBase as parent class to register and install jobs. r=ehsan (214dda4e7d)
- Bug 1226443 P1 Add a timer based mechanism for firing service worker updates. r=ehsan (f2a9eae9d2)
- Bug 1229052 - Add a telemetry histogram to gather data on the number of top-level pages with scroll-linked positioning effects. r=vladan (6844bfaa2b)
- Bug 1229052 - Log a warning when we detect a scroll-linked effect based on the scroll event. r=roc (da8dd5cff2)
- bug 1215657 - make AccessibleWrap::get_accFocus work with proxied accessibles (02bfa582d6)
- Bug 1227285 part 1 - Add a nsHTMLReflowState ctor flag to request shrink-wrap behavior. r=dholbert (da92253664)
- Bug 1227285 part 2 - [css-grid] Request shrink-wrap behavior when doing a measuring reflow to figure out a grid item's block-size. r=dholbert (6bfcf381fe)
- Bug 1227285 part 3 - [css-grid] Reftests for testing minmax(min-content,max-content) track sizing with grid item with %-sized descendants. (61b769d0d2)
- No bug - [css-grid] Add a small fuzz factor to make this reftest pass on Windows. r=me (3c51c91220)
- Bug 1173689: allow column sets in an orthogonal writing mode to their container to expand in the container's block direction, r=roc (88aa32efd9)
- Bug 1209994. Take block-wrapper path only for blocks that are wrappers. r=bz (ecb4ae8d7e)
- Bug 1191109 - Clean up use of writing-modes in GetHypotheticalBoxContainer, eliminating a redundant ConvertTo call. r=dholbert (f58d0d63c4)
- Bug 1183439 - Update the wording of a few assertions to reflect logical-coordinate conversion. r=dholbert (8aacb0f89d)
- Bug 1233276 - Make css::Declaration::List more useful again, given that it degraded a bit in bug 978833 (/ bug 1221436). r=heycam (1efda568e7)
- Bug 1167665 - Mark css::Loader::mDocument as MOZ_NON_OWNING_REF. r=dbaron (f4d4f4ed1d)
- Bug 621596 - Don't assert when a percentage base value overflows to become negative, when getting the computed style of a property that rejects negative values. r=bzbarsky (6076ce7cb6)
- Bug 622314 - Add crashtest. (f1d64b943c)
- Bug 1230613 - Long-press to trigger text selection should vibrate, r=snorp (f35f37336e)
- Bug 1230582 - Always show caret even if input is empty on Fennec. f=capella, r=roc (6cf1258232)
- Bug 1183085 - Correct argument name for BuildContainerLayerFor; r=roc (0fd119efd1)
- Bug 1183085 - Correct a typo in FrameLayerBuilder.h; r=roc (1fb9a583ed)
- Comment typo fix; no bug. (DONTBUILD) (27d7270052)
- Bug 1211858 - Add a hint for the Restyle label when the id is unavailable. r=roc,benwa (8eb99a4b45)
- bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj (a986e73f0b)
- bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg (5e071955b0)
- Bug 921907 - Enable OCSP must-staple. r=keeler (448661431f)
- Bug 1215795 - Fix documentation in nsIWeakCryptoOverride.idl. r=keeler IGNORE IDL (3cf051737c)
- bug 1222179 - remove unnecessary observation topics in nsNSSComponent r=Cykesiopka (2eaa16d860)
- bug 986956 - only ever initialize NSS once per process r=Cykesiopka r=mgoodwin (efdec10cbb)
- Bug 1224875 - Enable TLS extended master secret. r=keeler (8f56d54ec1)
- Bug 1145893 - Shutdown nsNSSComponent background threads during xpcom-shutdown. r=keeler, a=me (5d513b930d)
- namespace (bf40a8f575)
- Bug 1224951 - Part 1: Fix nsPresContext::SizeOfExcludingThis() size calculation. r=dholbert (530a54e15d)
- Bug 1227666 - Insure that cached plugin geometry configuration cached in ShadowLayerForwarder gets cleared when we reflow and new content has no plugins. r=roc (a44fbce70e)
- Bug 1140625 - Part 1: Add recursive call in GetFrameForNodeOffset. r=roc (0b7535cf7b)
- Bug 1140625 - Recursive call GetFrameForNodeOffset if text node has no frame. r=roc (9198ab6a20)
- Bug 1140625 - Part 3: Fix a bug in bug414526 so we can reopen the test. r=roc (cbe0d3577d)
- Bug 1140625 - Part 4: Fix scroll_selection_into_view test to make its function remain. r=roc (97ca749e63)
2023-07-11 15:00:13 +08:00

219 lines
5.3 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "SharedSSLState.h"
#include "nsClientAuthRemember.h"
#include "nsComponentManagerUtils.h"
#include "nsICertOverrideService.h"
#include "nsIObserverService.h"
#include "mozilla/Services.h"
#include "nsThreadUtils.h"
#include "nsCRT.h"
#include "nsServiceManagerUtils.h"
#include "PSMRunnable.h"
#include "PublicSSL.h"
#include "ssl.h"
#include "nsNetCID.h"
#include "mozilla/Atomics.h"
#include "mozilla/unused.h"
using mozilla::psm::SyncRunnableBase;
using mozilla::Atomic;
using mozilla::Unused;
namespace {
static Atomic<bool> sCertOverrideSvcExists(false);
class MainThreadClearer : public SyncRunnableBase
{
public:
MainThreadClearer() : mShouldClearSessionCache(false) {}
void RunOnTargetThread() {
// In some cases it's possible to cause PSM/NSS to initialize while XPCOM shutdown
// is in progress. We want to avoid this, since they do not handle the situation well,
// hence the flags to avoid instantiating the services if they don't already exist.
bool certOverrideSvcExists = sCertOverrideSvcExists.exchange(false);
if (certOverrideSvcExists) {
sCertOverrideSvcExists = true;
nsCOMPtr<nsICertOverrideService> icos = do_GetService(NS_CERTOVERRIDE_CONTRACTID);
if (icos) {
icos->ClearValidityOverride(
NS_LITERAL_CSTRING("all:temporary-certificates"),
0);
}
}
// This needs to be checked on the main thread to avoid racing with NSS
// initialization.
mShouldClearSessionCache = mozilla::psm::PrivateSSLState() &&
mozilla::psm::PrivateSSLState()->SocketCreated();
}
bool mShouldClearSessionCache;
};
} // namespace
namespace mozilla {
void ClearPrivateSSLState()
{
// This only works if it is called on the socket transport
// service thread immediately after closing all private SSL
// connections.
#ifdef DEBUG
nsresult rv;
nsCOMPtr<nsIEventTarget> sts
= do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
MOZ_ASSERT(NS_SUCCEEDED(rv));
bool onSTSThread;
rv = sts->IsOnCurrentThread(&onSTSThread);
MOZ_ASSERT(NS_SUCCEEDED(rv) && onSTSThread);
#endif
RefPtr<MainThreadClearer> runnable = new MainThreadClearer;
runnable->DispatchToMainThreadAndWait();
// If NSS isn't initialized, this throws an assertion. We guard it by checking if
// the session cache might even have anything worth clearing.
if (runnable->mShouldClearSessionCache) {
SSL_ClearSessionCache();
}
}
namespace psm {
namespace {
class PrivateBrowsingObserver : public nsIObserver {
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIOBSERVER
explicit PrivateBrowsingObserver(SharedSSLState* aOwner) : mOwner(aOwner) {}
protected:
virtual ~PrivateBrowsingObserver() {}
private:
SharedSSLState* mOwner;
};
SharedSSLState* gPublicState;
SharedSSLState* gPrivateState;
} // namespace
NS_IMPL_ISUPPORTS(PrivateBrowsingObserver, nsIObserver)
NS_IMETHODIMP
PrivateBrowsingObserver::Observe(nsISupports *aSubject,
const char *aTopic,
const char16_t *aData)
{
if (!nsCRT::strcmp(aTopic, "last-pb-context-exited")) {
mOwner->ResetStoredData();
}
return NS_OK;
}
SharedSSLState::SharedSSLState()
: mClientAuthRemember(new nsClientAuthRememberService)
, mMutex("SharedSSLState::mMutex")
, mSocketCreated(false)
, mOCSPStaplingEnabled(false)
, mOCSPMustStapleEnabled(false)
{
mIOLayerHelpers.Init();
mClientAuthRemember->Init();
}
SharedSSLState::~SharedSSLState()
{
}
void
SharedSSLState::NotePrivateBrowsingStatus()
{
MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
mObserver = new PrivateBrowsingObserver(this);
nsCOMPtr<nsIObserverService> obsSvc = mozilla::services::GetObserverService();
obsSvc->AddObserver(mObserver, "last-pb-context-exited", false);
}
void
SharedSSLState::ResetStoredData()
{
MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
mClientAuthRemember->ClearRememberedDecisions();
mIOLayerHelpers.clearStoredData();
}
void
SharedSSLState::NoteSocketCreated()
{
MutexAutoLock lock(mMutex);
mSocketCreated = true;
}
bool
SharedSSLState::SocketCreated()
{
MutexAutoLock lock(mMutex);
return mSocketCreated;
}
/*static*/ void
SharedSSLState::GlobalInit()
{
MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
gPublicState = new SharedSSLState();
gPrivateState = new SharedSSLState();
gPrivateState->NotePrivateBrowsingStatus();
}
/*static*/ void
SharedSSLState::GlobalCleanup()
{
MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
if (gPrivateState) {
gPrivateState->Cleanup();
delete gPrivateState;
gPrivateState = nullptr;
}
if (gPublicState) {
gPublicState->Cleanup();
delete gPublicState;
gPublicState = nullptr;
}
}
/*static*/ void
SharedSSLState::NoteCertOverrideServiceInstantiated()
{
sCertOverrideSvcExists = true;
}
void
SharedSSLState::Cleanup()
{
mIOLayerHelpers.Cleanup();
}
SharedSSLState*
PublicSSLState()
{
return gPublicState;
}
SharedSSLState*
PrivateSSLState()
{
return gPrivateState;
}
} // namespace psm
} // namespace mozilla
Reference in New Issue View Git Blame Copy Permalink