From 1425f020c47b3cbe134f71717299714aead28502 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sat, 1 Sep 2018 23:45:10 +0200 Subject: Remove support for TLS session caches in TLSServerSocket. This resolves #738 --- netwerk/base/TLSServerSocket.cpp | 16 ++-------------- netwerk/base/nsITLSServerSocket.idl | 9 --------- netwerk/test/unit/test_be_conservative.js | 1 - netwerk/test/unit/test_tls_server.js | 1 - netwerk/test/unit/test_tls_server_multiple_clients.js | 1 - 5 files changed, 2 insertions(+), 26 deletions(-) (limited to 'netwerk') diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp index 257a7f5da..97c7f5423 100644 --- a/netwerk/base/TLSServerSocket.cpp +++ b/netwerk/base/TLSServerSocket.cpp @@ -52,12 +52,12 @@ TLSServerSocket::SetSocketDefaults() SSL_OptionSet(mFD, SSL_SECURITY, true); SSL_OptionSet(mFD, SSL_HANDSHAKE_AS_CLIENT, false); SSL_OptionSet(mFD, SSL_HANDSHAKE_AS_SERVER, true); - + SSL_OptionSet(mFD, SSL_NO_CACHE, true); + // We don't currently notify the server API consumer of renegotiation events // (to revalidate peer certs, etc.), so disable it for now. SSL_OptionSet(mFD, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_NEVER); - SetSessionCache(true); SetSessionTickets(true); SetRequestClientCertificate(REQUEST_NEVER); @@ -171,18 +171,6 @@ TLSServerSocket::SetServerCert(nsIX509Cert* aCert) return NS_OK; } -NS_IMETHODIMP -TLSServerSocket::SetSessionCache(bool aEnabled) -{ - // If AsyncListen was already called (and set mListener), it's too late to set - // this. - if (NS_WARN_IF(mListener)) { - return NS_ERROR_IN_PROGRESS; - } - SSL_OptionSet(mFD, SSL_NO_CACHE, !aEnabled); - return NS_OK; -} - NS_IMETHODIMP TLSServerSocket::SetSessionTickets(bool aEnabled) { diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl index 57485357f..dce54ffe7 100644 --- a/netwerk/base/nsITLSServerSocket.idl +++ b/netwerk/base/nsITLSServerSocket.idl @@ -19,15 +19,6 @@ interface nsITLSServerSocket : nsIServerSocket */ attribute nsIX509Cert serverCert; - /** - * setSessionCache - * - * Whether the server should use a session cache. Defaults to true. This - * should be set before calling |asyncListen| if you wish to change the - * default. - */ - void setSessionCache(in boolean aSessionCache); - /** * setSessionTickets * diff --git a/netwerk/test/unit/test_be_conservative.js b/netwerk/test/unit/test_be_conservative.js index 2c6ac46ad..36b6d3b90 100644 --- a/netwerk/test/unit/test_be_conservative.js +++ b/netwerk/test/unit/test_be_conservative.js @@ -140,7 +140,6 @@ function startServer(cert, minServerVersion, maxServerVersion) { tlsServer.init(-1, true, -1); tlsServer.serverCert = cert; tlsServer.setVersionRange(minServerVersion, maxServerVersion); - tlsServer.setSessionCache(false); tlsServer.setSessionTickets(false); tlsServer.asyncListen(new ServerSocketListener()); return tlsServer; diff --git a/netwerk/test/unit/test_tls_server.js b/netwerk/test/unit/test_tls_server.js index d805359c7..12154a27f 100644 --- a/netwerk/test/unit/test_tls_server.js +++ b/netwerk/test/unit/test_tls_server.js @@ -90,7 +90,6 @@ function startServer(cert, expectingPeerCert, clientCertificateConfig, onStopListening: function() {} }; - tlsServer.setSessionCache(false); tlsServer.setSessionTickets(false); tlsServer.setRequestClientCertificate(clientCertificateConfig); diff --git a/netwerk/test/unit/test_tls_server_multiple_clients.js b/netwerk/test/unit/test_tls_server_multiple_clients.js index b63c0189b..74b814e9c 100644 --- a/netwerk/test/unit/test_tls_server_multiple_clients.js +++ b/netwerk/test/unit/test_tls_server_multiple_clients.js @@ -67,7 +67,6 @@ function startServer(cert) { onStopListening: function() {} }; - tlsServer.setSessionCache(true); tlsServer.setSessionTickets(false); tlsServer.asyncListen(listener); -- cgit v1.2.3