Ticket #10078: 0002-bug-10078-Updated-code-to-clear-SSL-identifier-cache.patch

File 0002-bug-10078-Updated-code-to-clear-SSL-identifier-cache.patch, 6.9 KB (added by gk, 6 years ago)
  • src/chrome/content/torbutton.js

    From 9f82bfec8cb4d2e2a730250cb09c907b5dcd08fa Mon Sep 17 00:00:00 2001
    From: Georg Koppen <g.koppen@jondos.de>
    Date: Thu, 21 Nov 2013 14:37:13 +0100
    Subject: [PATCH] bug 10078: Updated code to clear SSL identifier cache in
     ESR24; removed broken code that clears localstorage explicitely (interface
     changed in Fx18) (which should be fine as that storage, which is a.k.a DOM
     storage, is cleared later anyway); made removeGroupedPrefs() context-aware;
     updated comments; removed superfluous whitespace
    
    ---
     src/chrome/content/torbutton.js | 70 +++++++++++++++++++----------------------
     1 file changed, 33 insertions(+), 37 deletions(-)
    
    diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
    index 2137983..f1542f1 100644
    a b function torbutton_do_new_identity() { 
    14371437  } catch(e) {
    14381438      torbutton_log(3, "Exception on wifi token clear: "+e);
    14391439  }
    1440  
     1440
    14411441  torbutton_log(3, "New Identity: Closing tabs and clearing searchbox");
    14421442
    14431443  torbutton_close_on_toggle(true, true);
    function torbutton_do_new_identity() { 
    14541454
    14551455  torbutton_log(3, "New Identity: Emitting Private Browsing Session clear event");
    14561456  obsSvc.notifyObservers(null, "browser:purge-session-history", "");
    1457    
     1457
    14581458  torbutton_log(3, "New Identity: Clearing HTTP Auth");
    14591459
    14601460  if(m_tb_prefs.getBoolPref('extensions.torbutton.clear_http_auth')) {
    function torbutton_do_new_identity() { 
    14621462          getService(Components.interfaces.nsIHttpAuthManager);
    14631463      auth.clearAll();
    14641464  }
    1465  
     1465
    14661466  torbutton_log(3, "New Identity: Clearing Crypto Tokens");
    14671467
    14681468  try {
    1469       var secMgr = Cc["@mozilla.org/security/crypto;1"].
    1470           getService(Ci.nsIDOMCrypto);
    1471       secMgr.logout();
    1472       torbutton_log(3, "nsIDOMCrypto logout succeeded");
     1469    // This clears the SSL identifier cache.
     1470    // See https://bugzilla.mozilla.org/show_bug.cgi?id=448747. But bug 683262
     1471    // removes nsIDOMCrypto.logout(). We need to resort to our previous fallback
     1472    // method: switching a proper preference that triggers clearing the SSL
     1473    // identifier cache.
     1474    // See: https://mxr.mozilla.org/comm-esr24/source/mozilla/security/manager/ssl/src/nsNSSComponent.cpp#1625 for the ones being available.
     1475    // secruity.enable_md5_signatures seems to be a good choice as it is still
     1476    // available on trunk.
     1477    m_tb_prefs.setBoolPref("security.enable_md5_signatures", !m_tb_prefs.
     1478                           getBoolPref("security.enable_md5_signatures"));
     1479    m_tb_prefs.setBoolPref("security.enable_md5_signatures", !m_tb_prefs.
     1480                           getBoolPref("security.enable_md5_signatures"));
    14731481  } catch(e) {
    1474       torbutton_log(4, "Failed to use nsIDOMCrypto to clear SSL Session ids. Falling back to old method. Error: "+e);
    1475 
    1476       // This clears the SSL Identifier Cache.
    1477       // See https://bugzilla.mozilla.org/show_bug.cgi?id=448747 and
    1478       // http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSComponent.cpp#2134
    1479       m_tb_prefs.setBoolPref("security.enable_ssl2",
    1480               !m_tb_prefs.getBoolPref("security.enable_ssl2"));
    1481       m_tb_prefs.setBoolPref("security.enable_ssl2",
    1482               !m_tb_prefs.getBoolPref("security.enable_ssl2"));
     1482    torbutton_log(4, "Failed to clear SSL session ids: "+e);
    14831483  }
    14841484
    14851485  // This clears the OCSP cache.
    14861486  //
    14871487  // nsNSSComponent::Observe() watches security.OCSP.enabled, which calls
    1488   // setOCSPOptions(), which if set to 0, calls CERT_DisableOCSPChecking(),
     1488  // setValidationOptions(), which in turn calls setNonPkixOcspEnabled() which,
     1489  // if security.OCSP.enabled is set to 0, calls CERT_DisableOCSPChecking(),
    14891490  // which calls CERT_ClearOCSPCache().
    1490   // See: http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSComponent.cpp
     1491  // See: https://mxr.mozilla.org/comm-esr24/source/mozilla/security/manager/ssl/src/nsNSSComponent.cpp
    14911492  var ocsp = m_tb_prefs.getIntPref("security.OCSP.enabled");
    14921493  m_tb_prefs.setIntPref("security.OCSP.enabled", 0);
    14931494  m_tb_prefs.setIntPref("security.OCSP.enabled", ocsp);
    function torbutton_do_new_identity() { 
    15071508  var tabs = m_tb_prefs.getIntPref("browser.sessionstore.max_tabs_undo");
    15081509  m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", 0);
    15091510  m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", tabs);
    1510  
     1511
    15111512  torbutton_log(3, "New Identity: Clearing Image Cache");
    15121513
    15131514  try {
    function torbutton_do_new_identity() { 
    15341535      window.alert("Torbutton: Unexpected error during offline cache clearing: "+e);
    15351536  }
    15361537
    1537   torbutton_log(3, "New Identity: Clearing LocalStorage");
    1538  
    1539   try {
    1540     var storageManagerService = Cc["@mozilla.org/dom/storagemanager;1"].
    1541         getService(Ci.nsIDOMStorageManager);
    1542     storageManagerService.clearOfflineApps();
    1543   } catch(e) {
    1544       torbutton_log(5, "Exception on localStorage clearing: "+e);
    1545       window.alert("Torbutton: Unexpected error during localStorage clearing: "+e);
    1546   }
    1547 
    15481538  torbutton_log(3, "New Identity: Clearing Disk Cache");
    15491539
    15501540  try {
    function torbutton_do_new_identity() { 
    15531543      torbutton_log(5, "Exception on cache clearing: "+e);
    15541544      window.alert("Torbutton: Unexpected error during cache clearing: "+e);
    15551545  }
    1556  
     1546
    15571547  torbutton_log(3, "New Identity: Clearing Cookies and DOM Storage");
    15581548
    15591549  if (m_tb_prefs.getBoolPref('extensions.torbutton.cookie_protections')) {
    function torbutton_do_new_identity() { 
    15661556  } else {
    15671557    torbutton_clear_cookies();
    15681558  }
    1569  
     1559
    15701560  torbutton_log(3, "New Identity: Closing open connections");
    15711561
    15721562  // Clear keep-alive
    15731563  obsSvc.notifyObservers(this, "net:prune-all-connections", null);
    1574  
     1564
    15751565  torbutton_log(3, "New Identity: Clearing Content Preferences");
    15761566
    15771567  // XXX: This may not clear zoom site-specific
    15781568  // browser.content.full-zoom
     1569  // Getting the context first. See:
     1570  // https://bugzilla.mozilla.org/show_bug.cgi?id=723002 for the changes.
     1571  let win = gBrowser.contentDocument.defaultView;
     1572  let context = win ? win.QueryInterface(Ci.nsIInterfaceRequestor).
     1573                          getInterface(Ci.nsIWebNavigation).
     1574                          QueryInterface(Ci.nsILoadContext): null;
    15791575  var cps = Cc["@mozilla.org/content-pref/service;1"].
    15801576      createInstance(Ci.nsIContentPrefService);
    1581   cps.removeGroupedPrefs();
    1582  
     1577  cps.removeGroupedPrefs(context);
     1578
    15831579  torbutton_log(3, "New Identity: Syncing prefs");
    15841580
    15851581  // Force prefs to be synced to disk
    15861582  var prefService = Components.classes["@mozilla.org/preferences-service;1"]
    15871583      .getService(Components.interfaces.nsIPrefService);
    15881584  prefService.savePrefFile(null);
    1589  
     1585
    15901586  torbutton_log(3, "New Identity: Sending NEWNYM");
    15911587
    15921588  // We only support TBB for newnym.
    function torbutton_do_new_identity() { 
    16011597      window.alert(warning);
    16021598    }
    16031599  }
    1604  
     1600
    16051601  torbutton_log(3, "New Identity: Opening a new browser window");
    16061602
    16071603  // Open a new window with the TBB check homepage