summaryrefslogtreecommitdiff
path: root/netwerk
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-09-01 23:45:10 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-09-01 23:45:10 +0200
commit1425f020c47b3cbe134f71717299714aead28502 (patch)
tree47c50413b1bb972617454b100f60c10a4516ca36 /netwerk
parent69627ad410935edf4a74a4d4678105d51a662263 (diff)
downloaduxp-1425f020c47b3cbe134f71717299714aead28502.tar.gz
Remove support for TLS session caches in TLSServerSocket.
This resolves #738
Diffstat (limited to 'netwerk')
-rw-r--r--netwerk/base/TLSServerSocket.cpp16
-rw-r--r--netwerk/base/nsITLSServerSocket.idl9
-rw-r--r--netwerk/test/unit/test_be_conservative.js1
-rw-r--r--netwerk/test/unit/test_tls_server.js1
-rw-r--r--netwerk/test/unit/test_tls_server_multiple_clients.js1
5 files changed, 2 insertions, 26 deletions
diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp
index 257a7f5da5..97c7f54231 100644
--- a/netwerk/base/TLSServerSocket.cpp
+++ b/netwerk/base/TLSServerSocket.cpp
@@ -52,12 +52,12 @@ TLSServerSocket::SetSocketDefaults()
SSL_OptionSet(mFD, SSL_SECURITY, true);
SSL_OptionSet(mFD, SSL_HANDSHAKE_AS_CLIENT, false);
SSL_OptionSet(mFD, SSL_HANDSHAKE_AS_SERVER, true);
-
+ SSL_OptionSet(mFD, SSL_NO_CACHE, true);
+
// We don't currently notify the server API consumer of renegotiation events
// (to revalidate peer certs, etc.), so disable it for now.
SSL_OptionSet(mFD, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_NEVER);
- SetSessionCache(true);
SetSessionTickets(true);
SetRequestClientCertificate(REQUEST_NEVER);
@@ -172,18 +172,6 @@ TLSServerSocket::SetServerCert(nsIX509Cert* aCert)
}
NS_IMETHODIMP
-TLSServerSocket::SetSessionCache(bool aEnabled)
-{
- // If AsyncListen was already called (and set mListener), it's too late to set
- // this.
- if (NS_WARN_IF(mListener)) {
- return NS_ERROR_IN_PROGRESS;
- }
- SSL_OptionSet(mFD, SSL_NO_CACHE, !aEnabled);
- return NS_OK;
-}
-
-NS_IMETHODIMP
TLSServerSocket::SetSessionTickets(bool aEnabled)
{
// If AsyncListen was already called (and set mListener), it's too late to set
diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl
index 57485357f5..dce54ffe74 100644
--- a/netwerk/base/nsITLSServerSocket.idl
+++ b/netwerk/base/nsITLSServerSocket.idl
@@ -20,15 +20,6 @@ interface nsITLSServerSocket : nsIServerSocket
attribute nsIX509Cert serverCert;
/**
- * setSessionCache
- *
- * Whether the server should use a session cache. Defaults to true. This
- * should be set before calling |asyncListen| if you wish to change the
- * default.
- */
- void setSessionCache(in boolean aSessionCache);
-
- /**
* setSessionTickets
*
* Whether the server should support session tickets. Defaults to true. This
diff --git a/netwerk/test/unit/test_be_conservative.js b/netwerk/test/unit/test_be_conservative.js
index 2c6ac46ad5..36b6d3b90f 100644
--- a/netwerk/test/unit/test_be_conservative.js
+++ b/netwerk/test/unit/test_be_conservative.js
@@ -140,7 +140,6 @@ function startServer(cert, minServerVersion, maxServerVersion) {
tlsServer.init(-1, true, -1);
tlsServer.serverCert = cert;
tlsServer.setVersionRange(minServerVersion, maxServerVersion);
- tlsServer.setSessionCache(false);
tlsServer.setSessionTickets(false);
tlsServer.asyncListen(new ServerSocketListener());
return tlsServer;
diff --git a/netwerk/test/unit/test_tls_server.js b/netwerk/test/unit/test_tls_server.js
index d805359c7b..12154a27fe 100644
--- a/netwerk/test/unit/test_tls_server.js
+++ b/netwerk/test/unit/test_tls_server.js
@@ -90,7 +90,6 @@ function startServer(cert, expectingPeerCert, clientCertificateConfig,
onStopListening: function() {}
};
- tlsServer.setSessionCache(false);
tlsServer.setSessionTickets(false);
tlsServer.setRequestClientCertificate(clientCertificateConfig);
diff --git a/netwerk/test/unit/test_tls_server_multiple_clients.js b/netwerk/test/unit/test_tls_server_multiple_clients.js
index b63c0189bd..74b814e9cf 100644
--- a/netwerk/test/unit/test_tls_server_multiple_clients.js
+++ b/netwerk/test/unit/test_tls_server_multiple_clients.js
@@ -67,7 +67,6 @@ function startServer(cert) {
onStopListening: function() {}
};
- tlsServer.setSessionCache(true);
tlsServer.setSessionTickets(false);
tlsServer.asyncListen(listener);