Make sure torbutton_do_new_identity() is still working properly in ESR24

We should make sure that all mechanisms to clear state between to sessions are still doing their job. E.g. clearing the SSL session Id should not work anymore with the current code as logout() is gone in Fx 21 (https://bugzilla.mozilla.org/show_bug.cgi?id=683262) and "security.enable_ssl2" is gone long ago (even "security.enable_ssl3" is gone, in Fx 23).

added MikePerry201311R component::torbrowserbutton ff24-esr priority::medium resolution::fixed status::closed tbb-linkability tbb-testcase type::task labels

Trac:
Description: We should make sure that all mechanisms to clear state between to sessions are still doing their job. E.g. clearing the SSL session Id should not work anymore with the current code as logout() is gone in Fx 21 (https://bugzilla.mozilla.org/show_bug.cgi?id=683262) and "security.enable_ssl2" is gone long ago (even "security.enable_ssl3" is gone in Fx 23).

to

We should make sure that all mechanisms to clear state between to sessions are still doing their job. E.g. clearing the SSL session Id should not work anymore with the current code as logout() is gone in Fx 21 (https://bugzilla.mozilla.org/show_bug.cgi?id=683262) and "security.enable_ssl2" is gone long ago (even "security.enable_ssl3" is gone, in Fx 23).

Trac:
0001-bug-10078-Updated-code-to-clear-SSL-identifier-cache.patch

This should be done and work both for ESR24 and ESR17.

Trac:
Status: new to needs_review

Trac:
Component: Torbutton to TorBrowserButton

Trac:
Cc: N/A to mikeperry

Trac:
Keywords: N/A deleted, tbb-linkability added

Forgot that removeGroupedPrefs() needs an argument now.

Trac:
Status: needs_review to needs_revision

Trac:
0002-bug-10078-Updated-code-to-clear-SSL-identifier-cache.patch

Improved patch, up for review.

Trac:
Status: needs_revision to needs_review

Trac:
Keywords: N/A deleted, MikePerry201311R added

Ok. I merged this. However, I wonder if we should also call nsINSSComponent.LogoutAuthenticatedPK11() (which clears temporary cert additions), and perhaps find some way to call PK11_LogoutAll()?

The first one seems a good idea. The second one might not matter (and I don't see an obvious way to do it from JS).

Trac:
Status: needs_review to needs_information

(In case it wasn't clear, I was asking about the above because nsIDOMCrypto.logout() used to call those functions for us).

Good questions, and, yes, we should. Turns out we get both and clearing the SSL session cache for free. See the new patch attached to this bug.

Trac:
0003-Bug-10078-clearing-crypto-auth-tokens-removing-own-h.patch

Trac:
Status: needs_information to needs_review

Merged. Nice find!

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

Trac:
Keywords: N/A deleted, tbb-testcase added

closed