summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsNSSIOLayer.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-02-12 01:25:43 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-02-12 01:25:43 +0100
commit263d8500ce68b279a2d055c322f0ab3eab634989 (patch)
tree9f258c3d6186346dc4435427ce6565ec376efd5d /security/manager/ssl/nsNSSIOLayer.cpp
parentb06821da15b7ab2573cd18aea8048b94266e3a97 (diff)
parent8beab28bfff78ccefc8677c5bdddd6f60c544600 (diff)
downloadUXP-263d8500ce68b279a2d055c322f0ab3eab634989.tar
UXP-263d8500ce68b279a2d055c322f0ab3eab634989.tar.gz
UXP-263d8500ce68b279a2d055c322f0ab3eab634989.tar.lz
UXP-263d8500ce68b279a2d055c322f0ab3eab634989.tar.xz
UXP-263d8500ce68b279a2d055c322f0ab3eab634989.zip
Merge branch 'master' into Pale_Moon-release
# Conflicts: # application/palemoon/components/preferences/advanced.xul # application/palemoon/config/version.txt # modules/libpref/init/all.js
Diffstat (limited to 'security/manager/ssl/nsNSSIOLayer.cpp')
-rw-r--r--security/manager/ssl/nsNSSIOLayer.cpp107
1 files changed, 0 insertions, 107 deletions
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
index d2549c52d..337ef8b8e 100644
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -20,7 +20,6 @@
#include "mozilla/Logging.h"
#include "mozilla/Move.h"
#include "mozilla/Preferences.h"
-#include "mozilla/Telemetry.h"
#include "nsArray.h"
#include "nsArrayUtils.h"
#include "nsCharSeparatedTokenizer.h"
@@ -244,21 +243,6 @@ nsNSSSocketInfo::NoteTimeUntilReady()
void
nsNSSSocketInfo::SetHandshakeCompleted()
{
- if (!mHandshakeCompleted) {
- enum HandshakeType {
- Resumption = 1,
- FalseStarted = 2,
- ChoseNotToFalseStart = 3,
- NotAllowedToFalseStart = 4,
- };
-
- HandshakeType handshakeType = !IsFullHandshake() ? Resumption
- : mFalseStarted ? FalseStarted
- : mFalseStartCallbackCalled ? ChoseNotToFalseStart
- : NotAllowedToFalseStart;
- }
-
-
// Remove the plain text layer as it is not needed anymore.
// The plain text layer is not always present - so its not a fatal error
// if it cannot be removed
@@ -1050,29 +1034,6 @@ class SSLErrorRunnable : public SyncRunnableBase
namespace {
-uint32_t tlsIntoleranceTelemetryBucket(PRErrorCode err)
-{
- // returns a numeric code for where we track various errors in telemetry
- // only errors that cause version fallback are tracked,
- // so this is also used to determine which errors can cause version fallback
- switch (err) {
- case SSL_ERROR_BAD_MAC_ALERT: return 1;
- case SSL_ERROR_BAD_MAC_READ: return 2;
- case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: return 3;
- case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: return 4;
- case SSL_ERROR_ILLEGAL_PARAMETER_ALERT: return 6;
- case SSL_ERROR_NO_CYPHER_OVERLAP: return 7;
- case SSL_ERROR_UNSUPPORTED_VERSION: return 10;
- case SSL_ERROR_PROTOCOL_VERSION_ALERT: return 11;
- case SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE: return 13;
- case SSL_ERROR_DECODE_ERROR_ALERT: return 14;
- case PR_CONNECT_RESET_ERROR: return 16;
- case PR_END_OF_FILE_ERROR: return 17;
- case SSL_ERROR_INTERNAL_ERROR_ALERT: return 18;
- default: return 0;
- }
-}
-
bool
retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
{
@@ -1097,13 +1058,6 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
// this as a hard failure, but forget any intolerance so that later attempts
// don't use this version (i.e., range.max) and trigger the error again.
- // First, track the original cause of the version fallback. This uses the
- // same buckets as the telemetry below, except that bucket 0 will include
- // all cases where there wasn't an original reason.
- PRErrorCode originalReason =
- helpers.getIntoleranceReason(socketInfo->GetHostName(),
- socketInfo->GetPort());
-
helpers.forgetIntolerance(socketInfo->GetHostName(),
socketInfo->GetPort());
@@ -1139,35 +1093,6 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
return false;
}
- uint32_t reason = tlsIntoleranceTelemetryBucket(err);
- if (reason == 0) {
- return false;
- }
-
- Telemetry::ID pre;
- Telemetry::ID post;
- switch (range.max) {
- case SSL_LIBRARY_VERSION_TLS_1_3:
- pre = Telemetry::SSL_TLS13_INTOLERANCE_REASON_PRE;
- post = Telemetry::SSL_TLS13_INTOLERANCE_REASON_POST;
- break;
- case SSL_LIBRARY_VERSION_TLS_1_2:
- pre = Telemetry::SSL_TLS12_INTOLERANCE_REASON_PRE;
- post = Telemetry::SSL_TLS12_INTOLERANCE_REASON_POST;
- break;
- case SSL_LIBRARY_VERSION_TLS_1_1:
- pre = Telemetry::SSL_TLS11_INTOLERANCE_REASON_PRE;
- post = Telemetry::SSL_TLS11_INTOLERANCE_REASON_POST;
- break;
- case SSL_LIBRARY_VERSION_TLS_1_0:
- pre = Telemetry::SSL_TLS10_INTOLERANCE_REASON_PRE;
- post = Telemetry::SSL_TLS10_INTOLERANCE_REASON_POST;
- break;
- default:
- MOZ_CRASH("impossible TLS version");
- return false;
- }
-
if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(),
socketInfo->GetPort(),
range.min, range.max, err)) {
@@ -1187,34 +1112,6 @@ static_assert((PR_MAX_ERROR - PR_NSPR_ERROR_BASE) <= 128,
static_assert((mozilla::pkix::ERROR_BASE - mozilla::pkix::END_OF_LIST) < 31,
"too many moz::pkix errors");
-static void
-reportHandshakeResult(int32_t bytesTransferred, bool wasReading, PRErrorCode err)
-{
- uint32_t bucket;
-
- // A negative bytesTransferred or a 0 read are errors.
- if (bytesTransferred > 0) {
- bucket = 0;
- } else if ((bytesTransferred == 0) && !wasReading) {
- // PR_Write() is defined to never return 0, but let's make sure.
- // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_Write.
- MOZ_ASSERT(false);
- bucket = 671;
- } else if (IS_SSL_ERROR(err)) {
- bucket = err - SSL_ERROR_BASE;
- MOZ_ASSERT(bucket > 0); // SSL_ERROR_EXPORT_ONLY_SERVER isn't used.
- } else if (IS_SEC_ERROR(err)) {
- bucket = (err - SEC_ERROR_BASE) + 256;
- } else if ((err >= PR_NSPR_ERROR_BASE) && (err < PR_MAX_ERROR)) {
- bucket = (err - PR_NSPR_ERROR_BASE) + 512;
- } else if ((err >= mozilla::pkix::ERROR_BASE) &&
- (err < mozilla::pkix::ERROR_LIMIT)) {
- bucket = (err - mozilla::pkix::ERROR_BASE) + 640;
- } else {
- bucket = 671;
- }
-}
-
int32_t
checkHandshake(int32_t bytesTransfered, bool wasReading,
PRFileDesc* ssl_layer_fd, nsNSSSocketInfo* socketInfo)
@@ -1292,10 +1189,6 @@ checkHandshake(int32_t bytesTransfered, bool wasReading,
// set the HandshakePending attribute to false so that we don't try the logic
// above again in a subsequent transfer.
if (handleHandshakeResultNow) {
- // Report the result once for each handshake. Note that this does not
- // get handshakes which are cancelled before any reads or writes
- // happen.
- reportHandshakeResult(bytesTransfered, wasReading, originalError);
socketInfo->SetHandshakeNotPending();
}