summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-02-11 08:01:59 +0100
committerjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-02-11 08:01:59 +0100
commit8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310 (patch)
treee7b093c535051c7cc6a0f81b25fababf732d6973
parent753df14c7cc1a797af52920e5f150d78195e30ba (diff)
downloadUXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.tar
UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.tar.gz
UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.tar.lz
UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.tar.xz
UXP-8a9d0dfdbf64c7a494a819842e6e49c7bdfa3310.zip
Bug 1328955 - When a client tries TLS1.3 with EarlyData and a server falls back to tls1.2,we should reconnect using tls1.3 without EarlyData
-rw-r--r--netwerk/protocol/http/nsHttpTransaction.cpp11
1 files changed, 8 insertions, 3 deletions
diff --git a/netwerk/protocol/http/nsHttpTransaction.cpp b/netwerk/protocol/http/nsHttpTransaction.cpp
index c70c37308..bc182c6cd 100644
--- a/netwerk/protocol/http/nsHttpTransaction.cpp
+++ b/netwerk/protocol/http/nsHttpTransaction.cpp
@@ -39,6 +39,8 @@
#include "nsIOService.h"
#include "nsIRequestContext.h"
#include "nsIHttpAuthenticator.h"
+#include "NSSErrorsService.h"
+#include "sslerr.h"
#include <algorithm>
#ifdef MOZ_WIDGET_GONK
@@ -1045,7 +1047,9 @@ nsHttpTransaction::Close(nsresult reason)
// connection. It will break that connection and also confuse the channel's
// auth provider, beliving the cached credentials are wrong and asking for
// the password mistakenly again from the user.
- if ((reason == NS_ERROR_NET_RESET || reason == NS_OK) &&
+ if ((reason == NS_ERROR_NET_RESET ||
+ reason == NS_OK ||
+ reason == psm::GetXPCOMFromNSSError(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA)) &&
(!(mCaps & NS_HTTP_STICKY_CONNECTION) || (mCaps & NS_HTTP_CONNECTION_RESTARTABLE))) {
if (mForceRestart && NS_SUCCEEDED(Restart())) {
@@ -1074,9 +1078,10 @@ nsHttpTransaction::Close(nsresult reason)
bool reallySentData =
mSentData && (!mConnection || mConnection->BytesWritten());
- if (!mReceivedData &&
+ if (reason == psm::GetXPCOMFromNSSError(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA) ||
+ (!mReceivedData &&
((mRequestHead && mRequestHead->IsSafeMethod()) ||
- !reallySentData || connReused)) {
+ !reallySentData || connReused))) {
// if restarting fails, then we must proceed to close the pipe,
// which will notify the channel that the transaction failed.