Ticket #10078: 0001-bug-10078-Updated-code-to-clear-SSL-identifier-cache.patch

File 0001-bug-10078-Updated-code-to-clear-SSL-identifier-cache.patch, 6.5 KB (added by gk, 6 years ago)
  • src/chrome/content/torbutton.js

    From 618c3794c7caca86667096f34b3bc8d5adc1c121 Mon Sep 17 00:00:00 2001
    From: Georg Koppen <g.koppen@jondos.de>
    Date: Wed, 13 Nov 2013 12:59:32 +0100
    Subject: [PATCH] bug 10078: Updated code to clear SSL identifier cache in
     ESR24; removed broken code that clears localstorage explicitely (interface
     changed in Fx18) (which should be fine as that storage, which is a.k.a DOM
     storage, is cleared later anyway); updated comments; removed superfluous
     whitespace
    
    ---
     src/chrome/content/torbutton.js | 62 +++++++++++++++++------------------------
     1 file changed, 26 insertions(+), 36 deletions(-)
    
    diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
    index b5aae62..d4356bb 100644
    a b function torbutton_do_new_identity() { 
    14371437  } catch(e) {
    14381438      torbutton_log(3, "Exception on wifi token clear: "+e);
    14391439  }
    1440  
     1440
    14411441  torbutton_log(3, "New Identity: Closing tabs and clearing searchbox");
    14421442
    14431443  torbutton_close_on_toggle(true, true);
    function torbutton_do_new_identity() { 
    14541454
    14551455  torbutton_log(3, "New Identity: Emitting Private Browsing Session clear event");
    14561456  obsSvc.notifyObservers(null, "browser:purge-session-history", "");
    1457    
     1457
    14581458  torbutton_log(3, "New Identity: Clearing HTTP Auth");
    14591459
    14601460  if(m_tb_prefs.getBoolPref('extensions.torbutton.clear_http_auth')) {
    function torbutton_do_new_identity() { 
    14621462          getService(Components.interfaces.nsIHttpAuthManager);
    14631463      auth.clearAll();
    14641464  }
    1465  
     1465
    14661466  torbutton_log(3, "New Identity: Clearing Crypto Tokens");
    14671467
    14681468  try {
    1469       var secMgr = Cc["@mozilla.org/security/crypto;1"].
    1470           getService(Ci.nsIDOMCrypto);
    1471       secMgr.logout();
    1472       torbutton_log(3, "nsIDOMCrypto logout succeeded");
     1469    // This clears the SSL identifier cache.
     1470    // See https://bugzilla.mozilla.org/show_bug.cgi?id=448747. But bug 683262
     1471    // removes nsIDOMCrypto.logout(). We need to resort to our previous fallback
     1472    // method: switching a proper preference that triggers clearing the SSL
     1473    // identifier cache.
     1474    // See: https://mxr.mozilla.org/comm-esr24/source/mozilla/security/manager/ssl/src/nsNSSComponent.cpp#1625 for the ones being available.
     1475    // secruity.enable_md5_signatures seems to be a good choice as it is still
     1476    // available on trunk.
     1477    m_tb_prefs.setBoolPref("security.enable_md5_signatures", !m_tb_prefs.
     1478                           getBoolPref("security.enable_md5_signatures"));
     1479    m_tb_prefs.setBoolPref("security.enable_md5_signatures", !m_tb_prefs.
     1480                           getBoolPref("security.enable_md5_signatures"));
    14731481  } catch(e) {
    1474       torbutton_log(4, "Failed to use nsIDOMCrypto to clear SSL Session ids. Falling back to old method. Error: "+e);
    1475 
    1476       // This clears the SSL Identifier Cache.
    1477       // See https://bugzilla.mozilla.org/show_bug.cgi?id=448747 and
    1478       // http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSComponent.cpp#2134
    1479       m_tb_prefs.setBoolPref("security.enable_ssl2",
    1480               !m_tb_prefs.getBoolPref("security.enable_ssl2"));
    1481       m_tb_prefs.setBoolPref("security.enable_ssl2",
    1482               !m_tb_prefs.getBoolPref("security.enable_ssl2"));
     1482    torbutton_log(4, "Failed to clear SSL session ids: "+e);
    14831483  }
    14841484
    14851485  // This clears the OCSP cache.
    14861486  //
    14871487  // nsNSSComponent::Observe() watches security.OCSP.enabled, which calls
    1488   // setOCSPOptions(), which if set to 0, calls CERT_DisableOCSPChecking(),
     1488  // setValidationOptions(), which in turn calls setNonPkixOcspEnabled() which,
     1489  // if security.OCSP.enabled is set to 0, calls CERT_DisableOCSPChecking(),
    14891490  // which calls CERT_ClearOCSPCache().
    1490   // See: http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSComponent.cpp
     1491  // See: https://mxr.mozilla.org/comm-esr24/source/mozilla/security/manager/ssl/src/nsNSSComponent.cpp
    14911492  var ocsp = m_tb_prefs.getIntPref("security.OCSP.enabled");
    14921493  m_tb_prefs.setIntPref("security.OCSP.enabled", 0);
    14931494  m_tb_prefs.setIntPref("security.OCSP.enabled", ocsp);
    function torbutton_do_new_identity() { 
    15071508  var tabs = m_tb_prefs.getIntPref("browser.sessionstore.max_tabs_undo");
    15081509  m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", 0);
    15091510  m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", tabs);
    1510  
     1511
    15111512  torbutton_log(3, "New Identity: Clearing Image Cache");
    15121513
    15131514  try {
    function torbutton_do_new_identity() { 
    15341535      window.alert("Torbutton: Unexpected error during offline cache clearing: "+e);
    15351536  }
    15361537
    1537   torbutton_log(3, "New Identity: Clearing LocalStorage");
    1538  
    1539   try {
    1540     var storageManagerService = Cc["@mozilla.org/dom/storagemanager;1"].
    1541         getService(Ci.nsIDOMStorageManager);
    1542     storageManagerService.clearOfflineApps();
    1543   } catch(e) {
    1544       torbutton_log(5, "Exception on localStorage clearing: "+e);
    1545       window.alert("Torbutton: Unexpected error during localStorage clearing: "+e);
    1546   }
    1547 
    15481538  torbutton_log(3, "New Identity: Clearing Disk Cache");
    15491539
    15501540  try {
    function torbutton_do_new_identity() { 
    15531543      torbutton_log(5, "Exception on cache clearing: "+e);
    15541544      window.alert("Torbutton: Unexpected error during cache clearing: "+e);
    15551545  }
    1556  
     1546
    15571547  torbutton_log(3, "New Identity: Clearing Cookies and DOM Storage");
    15581548
    15591549  if (m_tb_prefs.getBoolPref('extensions.torbutton.cookie_protections')) {
    function torbutton_do_new_identity() { 
    15661556  } else {
    15671557    torbutton_clear_cookies();
    15681558  }
    1569  
     1559
    15701560  torbutton_log(3, "New Identity: Closing open connections");
    15711561
    15721562  // Clear keep-alive
    15731563  obsSvc.notifyObservers(this, "net:prune-all-connections", null);
    1574  
     1564
    15751565  torbutton_log(3, "New Identity: Clearing Content Preferences");
    15761566
    15771567  // XXX: This may not clear zoom site-specific
    function torbutton_do_new_identity() { 
    15791569  var cps = Cc["@mozilla.org/content-pref/service;1"].
    15801570      createInstance(Ci.nsIContentPrefService);
    15811571  cps.removeGroupedPrefs();
    1582  
     1572
    15831573  torbutton_log(3, "New Identity: Syncing prefs");
    15841574
    15851575  // Force prefs to be synced to disk
    15861576  var prefService = Components.classes["@mozilla.org/preferences-service;1"]
    15871577      .getService(Components.interfaces.nsIPrefService);
    15881578  prefService.savePrefFile(null);
    1589  
     1579
    15901580  torbutton_log(3, "New Identity: Sending NEWNYM");
    15911581
    15921582  // We only support TBB for newnym.
    function torbutton_do_new_identity() { 
    16011591      window.alert(warning);
    16021592    }
    16031593  }
    1604  
     1594
    16051595  torbutton_log(3, "New Identity: Opening a new browser window");
    16061596
    16071597  // Open a new window with the TBB check homepage