packages: xulrunner/xulrunner-ssl_oldapi.patch, xulrunner/xulrunner.spec - ...
arekm
arekm at pld-linux.org
Thu Mar 24 12:15:54 CET 2011
Author: arekm Date: Thu Mar 24 11:15:54 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 1; Fore-port-nsIBadCertListener-from-1.8.patch from debian as our xulrunner-ssl_oldapi.patch
---- Files affected:
packages/xulrunner:
xulrunner-ssl_oldapi.patch (1.2 -> 1.3) , xulrunner.spec (1.175 -> 1.176)
---- Diffs:
================================================================
Index: packages/xulrunner/xulrunner-ssl_oldapi.patch
diff -u packages/xulrunner/xulrunner-ssl_oldapi.patch:1.2 packages/xulrunner/xulrunner-ssl_oldapi.patch:1.3
--- packages/xulrunner/xulrunner-ssl_oldapi.patch:1.2 Tue Jun 30 20:28:24 2009
+++ packages/xulrunner/xulrunner-ssl_oldapi.patch Thu Mar 24 12:15:48 2011
@@ -1,193 +1,35 @@
---- xulrunner-1.9.0.1.orig/security/manager/ssl/src/nsNSSIOLayer.h
-+++ xulrunner-1.9.0.1/security/manager/ssl/src/nsNSSIOLayer.h
-@@ -185,6 +185,13 @@
+From: Mike Hommey <glandium at debian.org>
+Date: Sun, 15 Jun 2008 12:54:32 +0200
+Subject: Fore-port nsIBadCertListener from 1.8
+
+This allows embedding applications to use the same dialogs as before, instead
+of the new ssl alert pages from Firefox, which have several problems in
+embedding applications.
+---
+ security/manager/ssl/public/Makefile.in | 1 +
+ security/manager/ssl/public/nsIBadCertListener.idl | 155 ++++++++++++++++++++
+ security/manager/ssl/src/nsNSSIOLayer.cpp | 105 +++++++++++++-
+ security/manager/ssl/src/nsNSSIOLayer.h | 8 +
+ 4 files changed, 268 insertions(+), 1 deletions(-)
+ create mode 100644 security/manager/ssl/public/nsIBadCertListener.idl
+
+diff --git a/security/manager/ssl/public/Makefile.in b/security/manager/ssl/public/Makefile.in
+index fa84d3a..affd50a 100644
+--- a/security/manager/ssl/public/Makefile.in
++++ b/security/manager/ssl/public/Makefile.in
+@@ -60,6 +60,7 @@ SDK_XPIDLSRCS = \
- void SetAllowTLSIntoleranceTimeout(PRBool aAllow);
-
-+ enum BadCertUIStatusType {
-+ bcuis_not_shown, bcuis_active, bcuis_was_shown
-+ };
-+
-+ void SetBadCertUIStatus(BadCertUIStatusType aNewStatus);
-+ BadCertUIStatusType GetBadCertUIStatus() { return mBadCertUIStatus; }
-+
- nsresult GetExternalErrorReporting(PRBool* state);
- nsresult SetExternalErrorReporting(PRBool aState);
-
-@@ -225,6 +232,7 @@
- PRPackedBool mHandshakeInProgress;
- PRPackedBool mAllowTLSIntoleranceTimeout;
- PRPackedBool mRememberClientAuthCertificate;
-+ BadCertUIStatusType mBadCertUIStatus;
- PRIntervalTime mHandshakeStartTime;
- PRInt32 mPort;
- nsXPIDLCString mHostName;
---- xulrunner-1.9.0.1.orig/security/manager/ssl/src/nsNSSIOLayer.cpp
-+++ xulrunner-1.9.0.1/security/manager/ssl/src/nsNSSIOLayer.cpp
-@@ -59,6 +59,7 @@
- #include "nsDateTimeFormatCID.h"
- #include "nsIClientAuthDialogs.h"
- #include "nsICertOverrideService.h"
-+#include "nsIBadCertListener.h"
- #include "nsIBadCertListener2.h"
- #include "nsISSLErrorListener.h"
- #include "nsIObjectInputStream.h"
-@@ -750,6 +751,20 @@
- }
- }
-
-+void nsNSSSocketInfo::SetBadCertUIStatus(nsNSSSocketInfo::BadCertUIStatusType aNewStatus)
-+{
-+ if (mBadCertUIStatus == bcuis_active &&
-+ aNewStatus == bcuis_was_shown)
-+ {
-+ // we were blocked and going back to unblocked,
-+ // so let's reset the handshake start time, in order to ensure
-+ // we do not count the amount of time while the UI was shown.
-+ mHandshakeStartTime = PR_IntervalNow();
-+ }
-+
-+ mBadCertUIStatus = aNewStatus;
-+}
-+
- void nsNSSSocketInfo::SetAllowTLSIntoleranceTimeout(PRBool aAllow)
- {
- mAllowTLSIntoleranceTimeout = aAllow;
-@@ -759,7 +774,8 @@
-
- PRBool nsNSSSocketInfo::HandshakeTimeout()
- {
-- if (!mHandshakeInProgress || !mAllowTLSIntoleranceTimeout)
-+ if (!mHandshakeInProgress || !mAllowTLSIntoleranceTimeout ||
-+ mBadCertUIStatus == bcuis_active)
- return PR_FALSE;
-
- return ((PRIntervalTime)(PR_IntervalNow() - mHandshakeStartTime)
-@@ -1610,6 +1626,37 @@
- return PR_FALSE;
- }
-
-+static PRBool
-+isClosedConnectionAfterBadCertUIWasShown(PRInt32 bytesTransfered,
-+ PRBool wasReading,
-+ PRInt32 err,
-+ nsNSSSocketInfo::BadCertUIStatusType aBadCertUIStatus)
-+{
-+ if (aBadCertUIStatus != nsNSSSocketInfo::bcuis_not_shown)
-+ {
-+ // Bad cert UI was shown for this socket.
-+ // Server timeout possible.
-+ // Retry on a simple connection close.
-+
-+ if (wasReading && 0 == bytesTransfered)
-+ return PR_TRUE;
-+
-+ if (0 > bytesTransfered)
-+ {
-+ switch (err)
-+ {
-+ case PR_CONNECT_RESET_ERROR:
-+ case PR_END_OF_FILE_ERROR:
-+ return PR_TRUE;
-+ default:
-+ break;
-+ }
-+ }
-+ }
-+
-+ return PR_FALSE;
-+}
-+
- PRInt32
- nsSSLThread::checkHandshake(PRInt32 bytesTransfered,
- PRBool wasReading,
-@@ -1661,6 +1708,12 @@
- return bytesTransfered;
- }
-
-+ wantRetry =
-+ isClosedConnectionAfterBadCertUIWasShown(bytesTransfered,
-+ wasReading,
-+ err,
-+ socketInfo->GetBadCertUIStatus());
-+
- if (!wantRetry // no decision yet
- && isTLSIntoleranceError(err, socketInfo->GetHasCleartextPhase()))
- {
-@@ -1678,6 +1731,12 @@
- {
- if (handleHandshakeResultNow)
- {
-+ wantRetry =
-+ isClosedConnectionAfterBadCertUIWasShown(bytesTransfered,
-+ wasReading,
-+ 0,
-+ socketInfo->GetBadCertUIStatus());
-+
- if (!wantRetry // no decision yet
- && !socketInfo->GetHasCleartextPhase()) // mirror PR_CONNECT_RESET_ERROR treament
- {
-@@ -3035,6 +3094,48 @@
- rv = proxy_bcl->NotifyCertProblem(csi, status, hostWithPortString,
- &suppressMessage);
- }
-+ } else {
-+ nsCOMPtr<nsIBadCertListener> handler = do_GetInterface(callbacks);
-+ nsIBadCertListener *badCertHandler = nsnull;
-+ if (handler) {
-+ NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
-+ NS_GET_IID(nsIBadCertListener),
-+ handler,
-+ NS_PROXY_SYNC,
-+ (void**)&badCertHandler);
-+ }
-+ if (!badCertHandler) {
-+ getNSSDialogs((void**)&badCertHandler,
-+ NS_GET_IID(nsIBadCertListener),
-+ NS_BADCERTLISTENER_CONTRACTID);
-+ }
-+ if (badCertHandler) {
-+ PRBool retVal = PR_TRUE;
-+ PRInt16 addType = nsIBadCertListener::UNINIT_ADD_FLAG;
-+ nsIInterfaceRequestor *csi = static_cast<nsIInterfaceRequestor*>(infoObject);
-+ infoObject->SetBadCertUIStatus(nsNSSSocketInfo::bcuis_active);
-+ if (remaining_display_errors & nsICertOverrideService::ERROR_UNTRUSTED) {
-+ rv = badCertHandler->ConfirmUnknownIssuer(csi, ix509, &addType, &retVal);
-+ if (NS_FAILED(rv)) retVal = PR_FALSE;
-+ }
-+ if (retVal && (remaining_display_errors & nsICertOverrideService::ERROR_MISMATCH)) {
-+ rv = badCertHandler->ConfirmMismatchDomain(csi, hostString, ix509, &retVal);
-+ if (NS_FAILED(rv)) retVal = PR_FALSE;
-+ }
-+ if (retVal && (remaining_display_errors & nsICertOverrideService::ERROR_TIME)) {
-+ rv = badCertHandler->ConfirmCertExpired(csi, ix509, &retVal);
-+ if (NS_FAILED(rv)) retVal = PR_FALSE;
-+ }
-+ if (overrideService && retVal && addType != nsIBadCertListener::UNINIT_ADD_FLAG) {
-+ overrideService->RememberValidityOverride(hostString, port, ix509,
-+ nsICertOverrideService::ERROR_UNTRUSTED,
-+ addType == nsIBadCertListener::ADD_TRUSTED_FOR_SESSION);
-+ }
-+ infoObject->SetBadCertUIStatus(nsNSSSocketInfo::bcuis_was_shown);
-+ if (retVal)
-+ return SECSuccess;
-+ suppressMessage = PR_TRUE;
-+ }
- }
- }
-
---- xulrunner-1.9.0.1.orig/security/manager/ssl/public/Makefile.in
-+++ xulrunner-1.9.0.1/security/manager/ssl/public/Makefile.in
-@@ -51,6 +51,7 @@
- SDK_XPIDLSRCS = \
- nsIASN1Object.idl \
- nsIASN1Sequence.idl \
+ XPIDLSRCS = \
+ nsISSLCertErrorDialog.idl \
+ nsIBadCertListener.idl \
- nsICertificateDialogs.idl \
- nsICRLInfo.idl \
- nsIX509Cert.idl \
---- xulrunner-1.9.0.1.orig/security/manager/ssl/public/nsIBadCertListener.idl
-+++ xulrunner-1.9.0.1/security/manager/ssl/public/nsIBadCertListener.idl
+ nsIBadCertListener2.idl \
+ nsISSLErrorListener.idl \
+ nsIIdentityInfo.idl \
+diff --git a/security/manager/ssl/public/nsIBadCertListener.idl b/security/manager/ssl/public/nsIBadCertListener.idl
+new file mode 100644
+index 0000000..5e9e750
+--- /dev/null
++++ b/security/manager/ssl/public/nsIBadCertListener.idl
@@ -0,0 +1,155 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
@@ -344,3 +186,187 @@
+%{C++
+#define NS_BADCERTLISTENER_CONTRACTID "@mozilla.org/nsBadCertListener;1"
+%}
+diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp
+index 88f0c98..c4d8db9 100644
+--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
++++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
+@@ -60,6 +60,7 @@
+ #include "nsIClientAuthDialogs.h"
+ #include "nsClientAuthRemember.h"
+ #include "nsICertOverrideService.h"
++#include "nsIBadCertListener.h"
+ #include "nsIBadCertListener2.h"
+ #include "nsISSLErrorListener.h"
+ #include "nsIObjectInputStream.h"
+@@ -899,6 +900,20 @@ void nsNSSSocketInfo::SetHandshakeInProgress(PRBool aIsIn)
+ }
+ }
+
++void nsNSSSocketInfo::SetBadCertUIStatus(nsNSSSocketInfo::BadCertUIStatusType aNewStatus)
++{
++ if (mBadCertUIStatus == bcuis_active &&
++ aNewStatus == bcuis_was_shown)
++ {
++ // we were blocked and going back to unblocked,
++ // so let's reset the handshake start time, in order to ensure
++ // we do not count the amount of time while the UI was shown.
++ mHandshakeStartTime = PR_IntervalNow();
++ }
++
++ mBadCertUIStatus = aNewStatus;
++}
++
+ void nsNSSSocketInfo::SetAllowTLSIntoleranceTimeout(PRBool aAllow)
+ {
+ mAllowTLSIntoleranceTimeout = aAllow;
+@@ -908,7 +923,8 @@ void nsNSSSocketInfo::SetAllowTLSIntoleranceTimeout(PRBool aAllow)
+
+ PRBool nsNSSSocketInfo::HandshakeTimeout()
+ {
+- if (!mHandshakeInProgress || !mAllowTLSIntoleranceTimeout)
++ if (!mHandshakeInProgress || !mAllowTLSIntoleranceTimeout ||
++ mBadCertUIStatus == bcuis_active)
+ return PR_FALSE;
+
+ return ((PRIntervalTime)(PR_IntervalNow() - mHandshakeStartTime)
+@@ -1949,6 +1965,37 @@ isTLSIntoleranceError(PRInt32 err, PRBool withInitialCleartext)
+ return PR_FALSE;
+ }
+
++static PRBool
++isClosedConnectionAfterBadCertUIWasShown(PRInt32 bytesTransfered,
++ PRBool wasReading,
++ PRInt32 err,
++ nsNSSSocketInfo::BadCertUIStatusType aBadCertUIStatus)
++{
++ if (aBadCertUIStatus != nsNSSSocketInfo::bcuis_not_shown)
++ {
++ // Bad cert UI was shown for this socket.
++ // Server timeout possible.
++ // Retry on a simple connection close.
++
++ if (wasReading && 0 == bytesTransfered)
++ return PR_TRUE;
++
++ if (0 > bytesTransfered)
++ {
++ switch (err)
++ {
++ case PR_CONNECT_RESET_ERROR:
++ case PR_END_OF_FILE_ERROR:
++ return PR_TRUE;
++ default:
++ break;
++ }
++ }
++ }
++
++ return PR_FALSE;
++}
++
+ PRInt32
+ nsSSLThread::checkHandshake(PRInt32 bytesTransfered,
+ PRBool wasReading,
+@@ -2000,6 +2047,12 @@ nsSSLThread::checkHandshake(PRInt32 bytesTransfered,
+ return bytesTransfered;
+ }
+
++ wantRetry =
++ isClosedConnectionAfterBadCertUIWasShown(bytesTransfered,
++ wasReading,
++ err,
++ socketInfo->GetBadCertUIStatus());
++
+ if (!wantRetry // no decision yet
+ && isTLSIntoleranceError(err, socketInfo->GetHasCleartextPhase()))
+ {
+@@ -2017,6 +2070,12 @@ nsSSLThread::checkHandshake(PRInt32 bytesTransfered,
+ {
+ if (handleHandshakeResultNow)
+ {
++ wantRetry =
++ isClosedConnectionAfterBadCertUIWasShown(bytesTransfered,
++ wasReading,
++ 0,
++ socketInfo->GetBadCertUIStatus());
++
+ if (!wantRetry // no decision yet
+ && !socketInfo->GetHasCleartextPhase()) // mirror PR_CONNECT_RESET_ERROR treament
+ {
+@@ -3577,6 +3636,50 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
+ rv = proxy_bcl->NotifyCertProblem(csi, status, hostWithPortString,
+ &suppressMessage);
+ }
++ } else {
++ nsCOMPtr<nsIBadCertListener> handler = do_GetInterface(callbacks);
++ nsIBadCertListener *badCertHandler = nsnull;
++ if (handler) {
++ NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
++ NS_GET_IID(nsIBadCertListener),
++ handler,
++ NS_PROXY_SYNC,
++ (void**)&badCertHandler);
++ }
++ if (!badCertHandler) {
++ getNSSDialogs((void**)&badCertHandler,
++ NS_GET_IID(nsIBadCertListener),
++ NS_BADCERTLISTENER_CONTRACTID);
++ }
++ if (badCertHandler) {
++ PRBool retVal = PR_TRUE;
++ PRInt16 addType = nsIBadCertListener::UNINIT_ADD_FLAG;
++ nsIInterfaceRequestor *csi = static_cast<nsIInterfaceRequestor*>(infoObject);
++ infoObject->SetBadCertUIStatus(nsNSSSocketInfo::bcuis_active);
++ if (remaining_display_errors & nsICertOverrideService::ERROR_UNTRUSTED) {
++ rv = badCertHandler->ConfirmUnknownIssuer(csi, ix509, &addType, &retVal);
++ if (NS_FAILED(rv)) retVal = PR_FALSE;
++ }
++ if (retVal && (remaining_display_errors & nsICertOverrideService::ERROR_MISMATCH)) {
++ rv = badCertHandler->ConfirmMismatchDomain(csi, hostString, ix509, &retVal);
++ if (NS_FAILED(rv)) retVal = PR_FALSE;
++ }
++ if (retVal && (remaining_display_errors & nsICertOverrideService::ERROR_TIME)) {
++ rv = badCertHandler->ConfirmCertExpired(csi, ix509, &retVal);
++ if (NS_FAILED(rv)) retVal = PR_FALSE;
++ }
++ nsCOMPtr<nsICertOverrideService> overrideService =
++ do_GetService(NS_CERTOVERRIDE_CONTRACTID);
++ if (overrideService && retVal && addType != nsIBadCertListener::UNINIT_ADD_FLAG) {
++ overrideService->RememberValidityOverride(hostString, port, ix509,
++ nsICertOverrideService::ERROR_UNTRUSTED,
++ addType == nsIBadCertListener::ADD_TRUSTED_FOR_SESSION);
++ }
++ infoObject->SetBadCertUIStatus(nsNSSSocketInfo::bcuis_was_shown);
++ if (retVal)
++ return SECSuccess;
++ suppressMessage = PR_TRUE;
++ }
+ }
+ }
+
+diff --git a/security/manager/ssl/src/nsNSSIOLayer.h b/security/manager/ssl/src/nsNSSIOLayer.h
+index c619282..fbca648 100644
+--- a/security/manager/ssl/src/nsNSSIOLayer.h
++++ b/security/manager/ssl/src/nsNSSIOLayer.h
+@@ -189,6 +189,13 @@ public:
+
+ void SetAllowTLSIntoleranceTimeout(PRBool aAllow);
+
++ enum BadCertUIStatusType {
++ bcuis_not_shown, bcuis_active, bcuis_was_shown
++ };
++
++ void SetBadCertUIStatus(BadCertUIStatusType aNewStatus);
++ BadCertUIStatusType GetBadCertUIStatus() { return mBadCertUIStatus; }
++
+ nsresult GetExternalErrorReporting(PRBool* state);
+ nsresult SetExternalErrorReporting(PRBool aState);
+
+@@ -225,6 +232,7 @@ protected:
+ PRPackedBool mHandshakeInProgress;
+ PRPackedBool mAllowTLSIntoleranceTimeout;
+ PRPackedBool mRememberClientAuthCertificate;
++ BadCertUIStatusType mBadCertUIStatus;
+ PRIntervalTime mHandshakeStartTime;
+ PRInt32 mPort;
+ nsXPIDLCString mHostName;
================================================================
Index: packages/xulrunner/xulrunner.spec
diff -u packages/xulrunner/xulrunner.spec:1.175 packages/xulrunner/xulrunner.spec:1.176
--- packages/xulrunner/xulrunner.spec:1.175 Thu Mar 24 10:46:47 2011
+++ packages/xulrunner/xulrunner.spec Thu Mar 24 12:15:48 2011
@@ -27,7 +27,7 @@
Summary(pl.UTF-8): XULRunner - środowisko uruchomieniowe Mozilli dla aplikacji XUL+XPCOM
Name: xulrunner
Version: %{xulrunner_ver}
-Release: 0.1
+Release: 1
Epoch: 2
License: MPL v1.1 or GPL v2+ or LGPL v2.1+
Group: X11/Applications
@@ -185,8 +185,7 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
-# applies but fails to builds - needs update
-#%patch8 -p1
+%patch8 -p1
%patch9 -p1
%build
@@ -597,6 +596,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.176 2011/03/24 11:15:48 arekm
+- rel 1; Fore-port-nsIBadCertListener-from-1.8.patch from debian as our xulrunner-ssl_oldapi.patch
+
Revision 1.175 2011/03/24 09:46:47 arekm
- patch8 still needs update
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/xulrunner/xulrunner-ssl_oldapi.patch?r1=1.2&r2=1.3&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/xulrunner/xulrunner.spec?r1=1.175&r2=1.176&f=u
More information about the pld-cvs-commit
mailing list