diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-09-01 23:45:10 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-09-01 23:45:10 +0200 |
commit | 1425f020c47b3cbe134f71717299714aead28502 (patch) | |
tree | 47c50413b1bb972617454b100f60c10a4516ca36 /netwerk/base | |
parent | 69627ad410935edf4a74a4d4678105d51a662263 (diff) | |
download | UXP-1425f020c47b3cbe134f71717299714aead28502.tar UXP-1425f020c47b3cbe134f71717299714aead28502.tar.gz UXP-1425f020c47b3cbe134f71717299714aead28502.tar.lz UXP-1425f020c47b3cbe134f71717299714aead28502.tar.xz UXP-1425f020c47b3cbe134f71717299714aead28502.zip |
Remove support for TLS session caches in TLSServerSocket.
This resolves #738
Diffstat (limited to 'netwerk/base')
-rw-r--r-- | netwerk/base/TLSServerSocket.cpp | 16 | ||||
-rw-r--r-- | netwerk/base/nsITLSServerSocket.idl | 9 |
2 files changed, 2 insertions, 23 deletions
diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp index 257a7f5da..97c7f5423 100644 --- a/netwerk/base/TLSServerSocket.cpp +++ b/netwerk/base/TLSServerSocket.cpp @@ -52,12 +52,12 @@ TLSServerSocket::SetSocketDefaults() SSL_OptionSet(mFD, SSL_SECURITY, true); SSL_OptionSet(mFD, SSL_HANDSHAKE_AS_CLIENT, false); SSL_OptionSet(mFD, SSL_HANDSHAKE_AS_SERVER, true); - + SSL_OptionSet(mFD, SSL_NO_CACHE, true); + // We don't currently notify the server API consumer of renegotiation events // (to revalidate peer certs, etc.), so disable it for now. SSL_OptionSet(mFD, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_NEVER); - SetSessionCache(true); SetSessionTickets(true); SetRequestClientCertificate(REQUEST_NEVER); @@ -172,18 +172,6 @@ TLSServerSocket::SetServerCert(nsIX509Cert* aCert) } NS_IMETHODIMP -TLSServerSocket::SetSessionCache(bool aEnabled) -{ - // If AsyncListen was already called (and set mListener), it's too late to set - // this. - if (NS_WARN_IF(mListener)) { - return NS_ERROR_IN_PROGRESS; - } - SSL_OptionSet(mFD, SSL_NO_CACHE, !aEnabled); - return NS_OK; -} - -NS_IMETHODIMP TLSServerSocket::SetSessionTickets(bool aEnabled) { // If AsyncListen was already called (and set mListener), it's too late to set diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl index 57485357f..dce54ffe7 100644 --- a/netwerk/base/nsITLSServerSocket.idl +++ b/netwerk/base/nsITLSServerSocket.idl @@ -20,15 +20,6 @@ interface nsITLSServerSocket : nsIServerSocket attribute nsIX509Cert serverCert; /** - * setSessionCache - * - * Whether the server should use a session cache. Defaults to true. This - * should be set before calling |asyncListen| if you wish to change the - * default. - */ - void setSessionCache(in boolean aSessionCache); - - /** * setSessionTickets * * Whether the server should support session tickets. Defaults to true. This |