diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-02-11 08:01:59 +0100 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-02-11 08:01:59 +0100 |
commit | 8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310 (patch) | |
tree | e7b093c535051c7cc6a0f81b25fababf732d6973 | |
parent | 753df14c7cc1a797af52920e5f150d78195e30ba (diff) | |
download | UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.tar UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.tar.gz UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.tar.lz UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.tar.xz UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.zip |
Bug 1328955 - When a client tries TLS1.3 with EarlyData and a server falls back to tls1.2,we should reconnect using tls1.3 without EarlyData
-rw-r--r-- | netwerk/protocol/http/nsHttpTransaction.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/netwerk/protocol/http/nsHttpTransaction.cpp b/netwerk/protocol/http/nsHttpTransaction.cpp index c70c37308..bc182c6cd 100644 --- a/netwerk/protocol/http/nsHttpTransaction.cpp +++ b/netwerk/protocol/http/nsHttpTransaction.cpp @@ -39,6 +39,8 @@ #include "nsIOService.h" #include "nsIRequestContext.h" #include "nsIHttpAuthenticator.h" +#include "NSSErrorsService.h" +#include "sslerr.h" #include <algorithm> #ifdef MOZ_WIDGET_GONK @@ -1045,7 +1047,9 @@ nsHttpTransaction::Close(nsresult reason) // connection. It will break that connection and also confuse the channel's // auth provider, beliving the cached credentials are wrong and asking for // the password mistakenly again from the user. - if ((reason == NS_ERROR_NET_RESET || reason == NS_OK) && + if ((reason == NS_ERROR_NET_RESET || + reason == NS_OK || + reason == psm::GetXPCOMFromNSSError(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA)) && (!(mCaps & NS_HTTP_STICKY_CONNECTION) || (mCaps & NS_HTTP_CONNECTION_RESTARTABLE))) { if (mForceRestart && NS_SUCCEEDED(Restart())) { @@ -1074,9 +1078,10 @@ nsHttpTransaction::Close(nsresult reason) bool reallySentData = mSentData && (!mConnection || mConnection->BytesWritten()); - if (!mReceivedData && + if (reason == psm::GetXPCOMFromNSSError(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA) || + (!mReceivedData && ((mRequestHead && mRequestHead->IsSafeMethod()) || - !reallySentData || connReused)) { + !reallySentData || connReused))) { // if restarting fails, then we must proceed to close the pipe, // which will notify the channel that the transaction failed. |