--- a/dom/push/test/xpcshell/test_notification_http2.js
+++ b/dom/push/test/xpcshell/test_notification_http2.js
@@ -3,35 +3,31 @@
'use strict';
Cu.import("resource://gre/modules/Services.jsm");
const {PushDB, PushService, PushServiceHttp2} = serviceExports;
var prefs;
-var tlsProfile;
var serverPort = -1;
function run_test() {
serverPort = getTestServerPort();
do_get_profile();
setPrefs({
'testing.allowInsecureServerURL': true,
});
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
- tlsProfile = prefs.getBoolPref("network.http.spdy.enforce-tls-profile");
-
// Set to allow the cert presented by our H2 server
var oldPref = prefs.getIntPref("network.http.speculative-parallel-limit");
prefs.setIntPref("network.http.speculative-parallel-limit", 0);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", false);
prefs.setBoolPref("dom.push.enabled", true);
prefs.setBoolPref("dom.push.connection.enabled", true);
addCertOverride("localhost", serverPort,
Ci.nsICertOverrideService.ERROR_UNTRUSTED |
Ci.nsICertOverrideService.ERROR_MISMATCH |
Ci.nsICertOverrideService.ERROR_TIME);
@@ -178,12 +174,8 @@ add_task(function* test_pushNotification
PushService.init({
serverURI: serverURL,
db
});
yield notifyPromise;
});
-
-add_task(function* test_complete() {
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", tlsProfile);
-});
--- a/dom/push/test/xpcshell/test_register_error_http2.js
+++ b/dom/push/test/xpcshell/test_register_error_http2.js
@@ -3,29 +3,26 @@
'use strict';
Cu.import("resource://gre/modules/Services.jsm");
const {PushDB, PushService, PushServiceHttp2} = serviceExports;
var prefs;
-var tlsProfile;
var serverURL;
var serverPort = -1;
function run_test() {
serverPort = getTestServerPort();
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
- tlsProfile = prefs.getBoolPref("network.http.spdy.enforce-tls-profile");
-
serverURL = "https://localhost:" + serverPort;
run_next_test();
}
// Connection will fail because of the certificates.
add_task(function* test_pushSubscriptionNoConnection() {
@@ -52,17 +49,16 @@ add_task(function* test_pushSubscription
ok(record.length === 0, "Should not store records when connection couldn't be established.");
PushService.uninit();
});
add_task(function* test_TLS() {
// Set to allow the cert presented by our H2 server
var oldPref = prefs.getIntPref("network.http.speculative-parallel-limit");
prefs.setIntPref("network.http.speculative-parallel-limit", 0);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", false);
addCertOverride("localhost", serverPort,
Ci.nsICertOverrideService.ERROR_UNTRUSTED |
Ci.nsICertOverrideService.ERROR_MISMATCH |
Ci.nsICertOverrideService.ERROR_TIME);
prefs.setIntPref("network.http.speculative-parallel-limit", oldPref);
});
@@ -190,12 +186,8 @@ add_task(function* test_pushSubscription
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
'Expected error for not 201 responce code.'
);
let record = yield db.getAllKeyIDs();
ok(record.length === 0, 'Should not store records when respons code is not 201.');
});
-
-add_task(function* test_complete() {
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", tlsProfile);
-});
--- a/dom/push/test/xpcshell/test_register_success_http2.js
+++ b/dom/push/test/xpcshell/test_register_success_http2.js
@@ -3,37 +3,34 @@
'use strict';
Cu.import("resource://gre/modules/Services.jsm");
const {PushDB, PushService, PushServiceHttp2} = serviceExports;
var prefs;
-var tlsProfile;
var serverURL;
var serverPort = -1;
var pushEnabled;
var pushConnectionEnabled;
var db;
function run_test() {
serverPort = getTestServerPort();
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
- tlsProfile = prefs.getBoolPref("network.http.spdy.enforce-tls-profile");
pushEnabled = prefs.getBoolPref("dom.push.enabled");
pushConnectionEnabled = prefs.getBoolPref("dom.push.connection.enabled");
// Set to allow the cert presented by our H2 server
var oldPref = prefs.getIntPref("network.http.speculative-parallel-limit");
prefs.setIntPref("network.http.speculative-parallel-limit", 0);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", false);
prefs.setBoolPref("dom.push.enabled", true);
prefs.setBoolPref("dom.push.connection.enabled", true);
addCertOverride("localhost", serverPort,
Ci.nsICertOverrideService.ERROR_UNTRUSTED |
Ci.nsICertOverrideService.ERROR_MISMATCH |
Ci.nsICertOverrideService.ERROR_TIME);
@@ -117,12 +114,11 @@ add_task(function* test_pushSubscription
'Wrong push endpoint in database record');
equal(record.pushReceiptEndpoint, pushReceiptEndpoint,
'Wrong push endpoint receipt in database record');
equal(record.scope, 'https://example.org/no_receiptEndpoint',
'Wrong scope in database record');
});
add_task(function* test_complete() {
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", tlsProfile);
prefs.setBoolPref("dom.push.enabled", pushEnabled);
prefs.setBoolPref("dom.push.connection.enabled", pushConnectionEnabled);
});
--- a/dom/push/test/xpcshell/test_unregister_success_http2.js
+++ b/dom/push/test/xpcshell/test_unregister_success_http2.js
@@ -3,36 +3,33 @@
'use strict';
Cu.import("resource://gre/modules/Services.jsm");
const {PushDB, PushService, PushServiceHttp2} = serviceExports;
var prefs;
-var tlsProfile;
var pushEnabled;
var pushConnectionEnabled;
var serverPort = -1;
function run_test() {
serverPort = getTestServerPort();
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
- tlsProfile = prefs.getBoolPref("network.http.spdy.enforce-tls-profile");
pushEnabled = prefs.getBoolPref("dom.push.enabled");
pushConnectionEnabled = prefs.getBoolPref("dom.push.connection.enabled");
// Set to allow the cert presented by our H2 server
var oldPref = prefs.getIntPref("network.http.speculative-parallel-limit");
prefs.setIntPref("network.http.speculative-parallel-limit", 0);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", false);
prefs.setBoolPref("dom.push.enabled", true);
prefs.setBoolPref("dom.push.connection.enabled", true);
addCertOverride("localhost", serverPort,
Ci.nsICertOverrideService.ERROR_UNTRUSTED |
Ci.nsICertOverrideService.ERROR_MISMATCH |
Ci.nsICertOverrideService.ERROR_TIME);
@@ -70,12 +67,11 @@ add_task(function* test_pushUnsubscripti
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
let record = yield db.getByKeyID(serverURL + '/subscriptionUnsubscriptionSuccess');
ok(!record, 'Unregister did not remove record');
});
add_task(function* test_complete() {
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", tlsProfile);
prefs.setBoolPref("dom.push.enabled", pushEnabled);
prefs.setBoolPref("dom.push.connection.enabled", pushConnectionEnabled);
});
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -1544,17 +1544,16 @@ pref("network.http.bypass-cachelock-thre
#else
pref("network.http.bypass-cachelock-threshold", 250);
#endif
// Try and use SPDY when using SSL
pref("network.http.spdy.enabled", true);
pref("network.http.spdy.enabled.http2", true);
pref("network.http.spdy.enabled.deps", true);
-pref("network.http.spdy.enforce-tls-profile", true);
pref("network.http.spdy.chunk-size", 16000);
pref("network.http.spdy.timeout", 180);
pref("network.http.spdy.coalesce-hostnames", true);
pref("network.http.spdy.persistent-settings", false);
pref("network.http.spdy.ping-threshold", 58);
pref("network.http.spdy.ping-timeout", 8);
pref("network.http.spdy.send-buffer-size", 131072);
pref("network.http.spdy.allow-push", true);
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@@ -3511,22 +3511,16 @@ nsresult
Http2Session::ConfirmTLSProfile()
{
if (mTLSProfileConfirmed)
return NS_OK;
LOG3(("Http2Session::ConfirmTLSProfile %p mConnection=%p\n",
this, mConnection.get()));
- if (!gHttpHandler->EnforceHttp2TlsProfile()) {
- LOG3(("Http2Session::ConfirmTLSProfile %p passed due to configuration bypass\n", this));
- mTLSProfileConfirmed = true;
- return NS_OK;
- }
-
if (!mConnection)
return NS_ERROR_FAILURE;
nsCOMPtr<nsISupports> securityInfo;
mConnection->GetSecurityInfo(getter_AddRefs(securityInfo));
nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo);
LOG3(("Http2Session::ConfirmTLSProfile %p sslsocketcontrol=%p\n", this, ssl.get()));
if (!ssl)
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -208,17 +208,16 @@ nsHttpHandler::nsHttpHandler()
, mParentalControlEnabled(false)
, mHandlerActive(false)
, mTelemetryEnabled(false)
, mAllowExperiments(true)
, mDebugObservations(false)
, mEnableSpdy(false)
, mHttp2Enabled(true)
, mUseH2Deps(true)
- , mEnforceHttp2TlsProfile(true)
, mCoalesceSpdy(true)
, mSpdyPersistentSettings(false)
, mAllowPush(true)
, mEnableAltSvc(false)
, mEnableAltSvcOE(false)
, mSpdySendingChunkSize(ASpdySession::kSendingChunkSize)
, mSpdySendBufferSize(ASpdySession::kTCPSendBufferSize)
, mSpdyPushAllowance(32768)
@@ -1319,22 +1318,16 @@ nsHttpHandler::PrefsChanged(nsIPrefBranc
}
if (PREF_CHANGED(HTTP_PREF("spdy.enabled.deps"))) {
rv = prefs->GetBoolPref(HTTP_PREF("spdy.enabled.deps"), &cVar);
if (NS_SUCCEEDED(rv))
mUseH2Deps = cVar;
}
- if (PREF_CHANGED(HTTP_PREF("spdy.enforce-tls-profile"))) {
- rv = prefs->GetBoolPref(HTTP_PREF("spdy.enforce-tls-profile"), &cVar);
- if (NS_SUCCEEDED(rv))
- mEnforceHttp2TlsProfile = cVar;
- }
-
if (PREF_CHANGED(HTTP_PREF("spdy.coalesce-hostnames"))) {
rv = prefs->GetBoolPref(HTTP_PREF("spdy.coalesce-hostnames"), &cVar);
if (NS_SUCCEEDED(rv))
mCoalesceSpdy = cVar;
}
if (PREF_CHANGED(HTTP_PREF("spdy.persistent-settings"))) {
rv = prefs->GetBoolPref(HTTP_PREF("spdy.persistent-settings"),
--- a/netwerk/protocol/http/nsHttpHandler.h
+++ b/netwerk/protocol/http/nsHttpHandler.h
@@ -105,17 +105,16 @@ public:
bool EnforceAssocReq() { return mEnforceAssocReq; }
bool IsPersistentHttpsCachingEnabled() { return mEnablePersistentHttpsCaching; }
bool IsTelemetryEnabled() { return mTelemetryEnabled; }
bool AllowExperiments() { return mTelemetryEnabled && mAllowExperiments; }
bool IsSpdyEnabled() { return mEnableSpdy; }
bool IsHttp2Enabled() { return mHttp2Enabled; }
- bool EnforceHttp2TlsProfile() { return mEnforceHttp2TlsProfile; }
bool CoalesceSpdy() { return mCoalesceSpdy; }
bool UseSpdyPersistentSettings() { return mSpdyPersistentSettings; }
uint32_t SpdySendingChunkSize() { return mSpdySendingChunkSize; }
uint32_t SpdySendBufferSize() { return mSpdySendBufferSize; }
uint32_t SpdyPushAllowance() { return mSpdyPushAllowance; }
uint32_t SpdyPullAllowance() { return mSpdyPullAllowance; }
uint32_t DefaultSpdyConcurrent() { return mDefaultSpdyConcurrent; }
PRIntervalTime SpdyPingThreshold() { return mSpdyPingThreshold; }
@@ -517,17 +516,16 @@ private:
uint32_t mAllowExperiments : 1;
// The value of 'hidden' network.http.debug-observations : 1;
uint32_t mDebugObservations : 1;
uint32_t mEnableSpdy : 1;
uint32_t mHttp2Enabled : 1;
uint32_t mUseH2Deps : 1;
- uint32_t mEnforceHttp2TlsProfile : 1;
uint32_t mCoalesceSpdy : 1;
uint32_t mSpdyPersistentSettings : 1;
uint32_t mAllowPush : 1;
uint32_t mEnableAltSvc : 1;
uint32_t mEnableAltSvcOE : 1;
// Try to use SPDY features instead of HTTP/1.1 over SSL
SpdyInformation mSpdyInfo;
--- a/netwerk/test/unit/test_altsvc.js
+++ b/netwerk/test/unit/test_altsvc.js
@@ -1,16 +1,15 @@
Cu.import("resource://testing-common/httpd.js");
Cu.import("resource://gre/modules/NetUtil.jsm");
var h2Port;
var prefs;
var spdypref;
var http2pref;
-var tlspref;
var altsvcpref1;
var altsvcpref2;
// https://foo.example.com:(h2Port)
// https://bar.example.com:(h2Port) <- invalid for bar, but ok for foo
var h1Foo; // server http://foo.example.com:(h1Foo.identity.primaryPort)
var h1Bar; // server http://bar.example.com:(h1bar.identity.primaryPort)
@@ -29,23 +28,21 @@ function run_test() {
do_check_neq(h2Port, "");
// Set to allow the cert presented by our H2 server
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
spdypref = prefs.getBoolPref("network.http.spdy.enabled");
http2pref = prefs.getBoolPref("network.http.spdy.enabled.http2");
- tlspref = prefs.getBoolPref("network.http.spdy.enforce-tls-profile");
altsvcpref1 = prefs.getBoolPref("network.http.altsvc.enabled");
altsvcpref2 = prefs.getBoolPref("network.http.altsvc.oe", true);
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", false);
prefs.setBoolPref("network.http.altsvc.enabled", true);
prefs.setBoolPref("network.http.altsvc.oe", true);
prefs.setCharPref("network.dns.localDomains", "foo.example.com, bar.example.com");
// The moz-http2 cert is for foo.example.com and is signed by CA.cert.der
// so add that cert to the trust list as a signing cert. The same cert is used
// for both h2FooRoute and h2BarRoute though it is only valid for
// the foo.example.com domain name.
@@ -109,17 +106,16 @@ function h1ServerWK(metadata, response)
var body = '{"http://foo.example.com:' + h1Foo.identity.primaryPort + '": { "tls-ports": [' + h2Port + '] }}';
response.bodyOutputStream.write(body, body.length);
}
function resetPrefs() {
prefs.setBoolPref("network.http.spdy.enabled", spdypref);
prefs.setBoolPref("network.http.spdy.enabled.http2", http2pref);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", tlspref);
prefs.setBoolPref("network.http.altsvc.enabled", altsvcpref1);
prefs.setBoolPref("network.http.altsvc.oe", altsvcpref2);
prefs.clearUserPref("network.dns.localDomains");
}
function readFile(file) {
let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
.createInstance(Ci.nsIFileInputStream);
--- a/netwerk/test/unit/test_http2.js
+++ b/netwerk/test/unit/test_http2.js
@@ -1020,29 +1020,27 @@ function addCertOverride(host, port, bit
// This will fail since the server is not trusted yet
}
}
var prefs;
var spdypref;
var spdypush;
var http2pref;
-var tlspref;
var altsvcpref1;
var altsvcpref2;
var loadGroup;
var serverPort;
var speculativeLimit;
function resetPrefs() {
prefs.setIntPref("network.http.speculative-parallel-limit", speculativeLimit);
prefs.setBoolPref("network.http.spdy.enabled", spdypref);
prefs.setBoolPref("network.http.spdy.allow-push", spdypush);
prefs.setBoolPref("network.http.spdy.enabled.http2", http2pref);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", tlspref);
prefs.setBoolPref("network.http.altsvc.enabled", altsvcpref1);
prefs.setBoolPref("network.http.altsvc.oe", altsvcpref2);
prefs.clearUserPref("network.dns.localDomains");
}
function run_test() {
var env = Cc["@mozilla.org/process/environment;1"].getService(Ci.nsIEnvironment);
serverPort = env.get("MOZHTTP2_PORT");
@@ -1067,25 +1065,23 @@ function run_test() {
Ci.nsICertOverrideService.ERROR_UNTRUSTED |
Ci.nsICertOverrideService.ERROR_MISMATCH |
Ci.nsICertOverrideService.ERROR_TIME);
// Enable all versions of spdy to see that we auto negotiate http/2
spdypref = prefs.getBoolPref("network.http.spdy.enabled");
spdypush = prefs.getBoolPref("network.http.spdy.allow-push");
http2pref = prefs.getBoolPref("network.http.spdy.enabled.http2");
- tlspref = prefs.getBoolPref("network.http.spdy.enforce-tls-profile");
altsvcpref1 = prefs.getBoolPref("network.http.altsvc.enabled");
altsvcpref2 = prefs.getBoolPref("network.http.altsvc.oe", true);
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.v3-1", true);
prefs.setBoolPref("network.http.spdy.allow-push", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", false);
prefs.setBoolPref("network.http.altsvc.enabled", true);
prefs.setBoolPref("network.http.altsvc.oe", true);
prefs.setCharPref("network.dns.localDomains", "foo.example.com, bar.example.com");
loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance(Ci.nsILoadGroup);
httpserv = new HttpServer();
httpserv.registerPathHandler("/altsvc1", altsvcHttp1Server);
--- a/netwerk/test/unit/test_immutable.js
+++ b/netwerk/test/unit/test_immutable.js
@@ -1,51 +1,47 @@
Cu.import("resource://testing-common/httpd.js");
Cu.import("resource://gre/modules/NetUtil.jsm");
var prefs;
var spdypref;
var http2pref;
-var tlspref;
var origin;
function run_test() {
var env = Cc["@mozilla.org/process/environment;1"].getService(Ci.nsIEnvironment);
var h2Port = env.get("MOZHTTP2_PORT");
do_check_neq(h2Port, null);
do_check_neq(h2Port, "");
// Set to allow the cert presented by our H2 server
do_get_profile();
prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
spdypref = prefs.getBoolPref("network.http.spdy.enabled");
http2pref = prefs.getBoolPref("network.http.spdy.enabled.http2");
- tlspref = prefs.getBoolPref("network.http.spdy.enforce-tls-profile");
prefs.setBoolPref("network.http.spdy.enabled", true);
prefs.setBoolPref("network.http.spdy.enabled.http2", true);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", false);
prefs.setCharPref("network.dns.localDomains", "foo.example.com, bar.example.com");
// The moz-http2 cert is for foo.example.com and is signed by CA.cert.der
// so add that cert to the trust list as a signing cert. // the foo.example.com domain name.
let certdb = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
addCertFromFile(certdb, "CA.cert.der", "CTu,u,u");
origin = "https://foo.example.com:" + h2Port;
dump ("origin - " + origin + "\n");
doTest1();
}
function resetPrefs() {
prefs.setBoolPref("network.http.spdy.enabled", spdypref);
prefs.setBoolPref("network.http.spdy.enabled.http2", http2pref);
- prefs.setBoolPref("network.http.spdy.enforce-tls-profile", tlspref);
prefs.clearUserPref("network.dns.localDomains");
}
function readFile(file) {
let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
.createInstance(Ci.nsIFileInputStream);
fstream.init(file, -1, 0, 0);
let data = NetUtil.readInputStreamToString(fstream, fstream.available());