diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-08-17 22:28:30 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-08-17 22:28:30 +0200 |
commit | 3252e220000430851ce92446f0fd1336258c7584 (patch) | |
tree | 3580c2cc08d62371a662de0b7df41db3d0d11412 /security | |
parent | ab6242a93b849b0a3c7525b16bc01dd3172fc167 (diff) | |
download | UXP-3252e220000430851ce92446f0fd1336258c7584.tar UXP-3252e220000430851ce92446f0fd1336258c7584.tar.gz UXP-3252e220000430851ce92446f0fd1336258c7584.tar.lz UXP-3252e220000430851ce92446f0fd1336258c7584.tar.xz UXP-3252e220000430851ce92446f0fd1336258c7584.zip |
Issue #1064: Don't get certificate details synchronously.
This avoids getting data synchronously on the main thread in an XHR
(which has been deprecated for a long time and _may_ actually be blocked
in our networking) and attempts to be more predictable by always firing
an update request for the dialog from the XHR request handlers.
Diffstat (limited to 'security')
-rw-r--r-- | security/manager/pki/resources/content/exceptionDialog.js | 82 |
1 files changed, 31 insertions, 51 deletions
diff --git a/security/manager/pki/resources/content/exceptionDialog.js b/security/manager/pki/resources/content/exceptionDialog.js index c106cdbf5..cebf51fa1 100644 --- a/security/manager/pki/resources/content/exceptionDialog.js +++ b/security/manager/pki/resources/content/exceptionDialog.js @@ -15,32 +15,6 @@ var gNeedReset; Components.utils.import("resource://gre/modules/PrivateBrowsingUtils.jsm"); -function badCertListener() {} -badCertListener.prototype = { - getInterface: function (aIID) { - return this.QueryInterface(aIID); - }, - QueryInterface: function(aIID) { - if (aIID.equals(Components.interfaces.nsIBadCertListener2) || - aIID.equals(Components.interfaces.nsIInterfaceRequestor) || - aIID.equals(Components.interfaces.nsISupports)) { - return this; - } - - throw new Error(Components.results.NS_ERROR_NO_INTERFACE); - }, - handle_test_result: function () { - if (gSSLStatus) { - gCert = gSSLStatus.QueryInterface(Components.interfaces.nsISSLStatus).serverCert; - } - }, - notifyCertProblem: function MSR_notifyCertProblem(socketInfo, sslStatus, targetHost) { - gBroken = true; - gSSLStatus = sslStatus; - this.handle_test_result(); - return true; // suppress error UI - } -}; function initExceptionDialog() { gNeedReset = false; @@ -85,6 +59,28 @@ function initExceptionDialog() { } /** + * Helper function for checkCert. Set as the onerror/onload callbacks for an + * XMLHttpRequest. Sets gSSLStatus, gCert, gBroken, and gChecking according to + * the load information from the request. Probably should not be used directly. + * + * @param {XMLHttpRequest} req + * The XMLHttpRequest created and sent by checkCert. + * @param {Event} evt + * The load or error event. + */ +function grabCert(req, evt) { + if (req.channel && req.channel.securityInfo) { + gSSLStatus = req.channel.securityInfo + .QueryInterface(Ci.nsISSLStatusProvider).SSLStatus; + gCert = gSSLStatus ? gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert + : null; + } + gBroken = evt.type == "error"; + gChecking = false; + updateCertStatus(); +} + +/** * Attempt to download the certificate for the location specified, and populate * the Certificate Status section with the result. */ @@ -95,34 +91,18 @@ function checkCert() { gBroken = false; updateCertStatus(); - var uri = getURI(); + let uri = getURI(); - var req = new XMLHttpRequest(); - try { - if (uri) { - req.open('GET', uri.prePath, false); - req.channel.notificationCallbacks = new badCertListener(); - req.send(null); - } - } catch (e) { - // We *expect* exceptions if there are problems with the certificate - // presented by the site. Log it, just in case, but we can proceed here, - // with appropriate sanity checks - Components.utils.reportError("Attempted to connect to a site with a bad certificate in the add exception dialog. " + - "This results in a (mostly harmless) exception being thrown. " + - "Logged for information purposes only: " + e); - } finally { + if (uri) { + let req = new XMLHttpRequest(); + req.open("GET", uri.prePath); + req.onerror = grabCert.bind(this, req); + req.onload = grabCert.bind(this, req); + req.send(null); + } else { gChecking = false; + updateCertStatus(); } - - if (req.channel && req.channel.securityInfo) { - const Ci = Components.interfaces; - gSSLStatus = req.channel.securityInfo - .QueryInterface(Ci.nsISSLStatusProvider).SSLStatus; - gCert = gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert; - } - - updateCertStatus(); } /** |