Bug 1264562 - Part 3: Store the firstPartyDomain in TransportSecurityInfo (adapted from Tor Browser patch 13670) r=keeler
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -93,16 +93,23 @@ TransportSecurityInfo::SetPort(int32_t a
nsresult
TransportSecurityInfo::GetPort(int32_t *aPort)
{
*aPort = mPort;
return NS_OK;
}
+nsresult
+TransportSecurityInfo::SetFirstPartyDomain(const nsACString& aFirstPartyDomain)
+{
+ mFirstPartyDomain.Assign(aFirstPartyDomain);
+ return NS_OK;
+}
+
PRErrorCode
TransportSecurityInfo::GetErrorCode() const
{
MutexAutoLock lock(mMutex);
return mErrorCode;
}
--- a/security/manager/ssl/TransportSecurityInfo.h
+++ b/security/manager/ssl/TransportSecurityInfo.h
@@ -57,16 +57,19 @@ public:
nsresult GetHostName(char **aHostName);
nsresult SetHostName(const char *aHostName);
int32_t GetPort() const { return mPort; }
nsresult GetPort(int32_t *aPort);
nsresult SetPort(int32_t aPort);
+ const char* GetFirstPartyDomainRaw() const { return mFirstPartyDomain.get(); }
+ nsresult SetFirstPartyDomain(const nsACString& aFirstPartyDomain);
+
PRErrorCode GetErrorCode() const;
void GetErrorLogMessage(PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType,
nsString &result);
void SetCanceled(PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType);
@@ -95,16 +98,17 @@ private:
nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock,
PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType,
bool wantsHtml, bool suppressPort443,
nsString &result);
int32_t mPort;
nsXPIDLCString mHostName;
+ nsCString mFirstPartyDomain;
/* SSL Status */
RefPtr<nsSSLStatus> mSSLStatus;
/* Peer cert chain for failed connections (for error reporting) */
nsCOMPtr<nsIX509CertList> mFailedCertChain;
virtual void virtualDestroyNSSReference() override;
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -1855,27 +1855,29 @@ nsSSLIOLayerHelpers::treatUnsafeNegotiat
return mTreatUnsafeNegotiationAsBroken;
}
nsresult
nsSSLIOLayerNewSocket(int32_t family,
const char* host,
int32_t port,
nsIProxyInfo *proxy,
+ const nsACString& firstPartyDomain,
PRFileDesc** fd,
nsISupports** info,
bool forSTARTTLS,
uint32_t flags)
{
PRFileDesc* sock = PR_OpenTCPSocket(family);
if (!sock) return NS_ERROR_OUT_OF_MEMORY;
nsresult rv = nsSSLIOLayerAddToSocket(family, host, port, proxy,
- sock, info, forSTARTTLS, flags);
+ firstPartyDomain, sock, info,
+ forSTARTTLS, flags);
if (NS_FAILED(rv)) {
PR_Close(sock);
return rv;
}
*fd = sock;
return NS_OK;
}
@@ -2556,16 +2558,17 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
return NS_OK;
}
nsresult
nsSSLIOLayerAddToSocket(int32_t family,
const char* host,
int32_t port,
nsIProxyInfo* proxy,
+ const nsACString& firstPartyDomain,
PRFileDesc* fd,
nsISupports** info,
bool forSTARTTLS,
uint32_t providerFlags)
{
nsNSSShutDownPreventionLock locker;
PRFileDesc* layer = nullptr;
PRFileDesc* plaintextLayer = nullptr;
@@ -2576,16 +2579,17 @@ nsSSLIOLayerAddToSocket(int32_t family,
providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE ? PrivateSSLState() : PublicSSLState();
nsNSSSocketInfo* infoObject = new nsNSSSocketInfo(*sharedState, providerFlags);
if (!infoObject) return NS_ERROR_FAILURE;
NS_ADDREF(infoObject);
infoObject->SetForSTARTTLS(forSTARTTLS);
infoObject->SetHostName(host);
infoObject->SetPort(port);
+ infoObject->SetFirstPartyDomain(firstPartyDomain);
bool haveProxy = false;
if (proxy) {
nsCString proxyHost;
proxy->GetHost(proxyHost);
haveProxy = !proxyHost.IsEmpty();
}
--- a/security/manager/ssl/nsNSSIOLayer.h
+++ b/security/manager/ssl/nsNSSIOLayer.h
@@ -233,25 +233,27 @@ private:
mozilla::Mutex mutex;
nsCOMPtr<nsIObserver> mPrefObserver;
};
nsresult nsSSLIOLayerNewSocket(int32_t family,
const char* host,
int32_t port,
nsIProxyInfo *proxy,
+ const nsACString& firstPartyDomain,
PRFileDesc** fd,
nsISupports** securityInfo,
bool forSTARTTLS,
uint32_t flags);
nsresult nsSSLIOLayerAddToSocket(int32_t family,
const char* host,
int32_t port,
nsIProxyInfo *proxy,
+ const nsACString& firstPartyDomain,
PRFileDesc* fd,
nsISupports** securityInfo,
bool forSTARTTLS,
uint32_t flags);
nsresult nsSSLIOLayerFreeTLSIntolerantSites();
nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo* infoObject, int error);
--- a/security/manager/ssl/nsSSLSocketProvider.cpp
+++ b/security/manager/ssl/nsSSLSocketProvider.cpp
@@ -27,16 +27,17 @@ nsSSLSocketProvider::NewSocket(int32_t f
uint32_t flags,
PRFileDesc **_result,
nsISupports **securityInfo)
{
nsresult rv = nsSSLIOLayerNewSocket(family,
host,
port,
proxy,
+ firstPartyDomain,
_result,
securityInfo,
false,
flags);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}
// Add the SSL IO layer to an existing socket
@@ -49,15 +50,16 @@ nsSSLSocketProvider::AddToSocket(int32_t
uint32_t flags,
PRFileDesc *aSocket,
nsISupports **securityInfo)
{
nsresult rv = nsSSLIOLayerAddToSocket(family,
host,
port,
proxy,
+ firstPartyDomain,
aSocket,
securityInfo,
false,
flags);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}
--- a/security/manager/ssl/nsTLSSocketProvider.cpp
+++ b/security/manager/ssl/nsTLSSocketProvider.cpp
@@ -27,16 +27,17 @@ nsTLSSocketProvider::NewSocket(int32_t f
uint32_t flags,
PRFileDesc **_result,
nsISupports **securityInfo)
{
nsresult rv = nsSSLIOLayerNewSocket(family,
host,
port,
proxy,
+ firstPartyDomain,
_result,
securityInfo,
true,
flags);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}
@@ -50,15 +51,16 @@ nsTLSSocketProvider::AddToSocket(int32_t
uint32_t flags,
PRFileDesc *aSocket,
nsISupports **securityInfo)
{
nsresult rv = nsSSLIOLayerAddToSocket(family,
host,
port,
proxy,
+ firstPartyDomain,
aSocket,
securityInfo,
true,
flags);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}