[or-cvs] r14591: Man is CA cert isolation ever slow. If the user has no custo (in torbutton/trunk/src: chrome/content chrome/locale/en-US components defaults/preferences)

mikeperry at seul.org mikeperry at seul.org
Mon May 12 07:36:39 UTC 2008


Author: mikeperry
Date: 2008-05-12 03:36:39 -0400 (Mon, 12 May 2008)
New Revision: 14591

Modified:
   torbutton/trunk/src/chrome/content/preferences.js
   torbutton/trunk/src/chrome/content/preferences.xul
   torbutton/trunk/src/chrome/content/torbutton.js
   torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd
   torbutton/trunk/src/chrome/locale/en-US/torbutton.properties
   torbutton/trunk/src/components/cssblocker.js
   torbutton/trunk/src/defaults/preferences/preferences.js
Log:

Man is CA cert isolation ever slow. If the user has no custom
CA certs, ask them (once) if they really want to wait for us
to check this fact every time they toggle tor.



Modified: torbutton/trunk/src/chrome/content/preferences.js
===================================================================
--- torbutton/trunk/src/chrome/content/preferences.js	2008-05-12 07:13:05 UTC (rev 14590)
+++ torbutton/trunk/src/chrome/content/preferences.js	2008-05-12 07:36:39 UTC (rev 14591)
@@ -215,6 +215,9 @@
     doc.getElementById('torbutton_clearHttpAuth').checked = o_torprefs.getBoolPref('clear_http_auth');
     doc.getElementById('torbutton_blockJSHistory').checked = o_torprefs.getBoolPref('block_js_history');
     doc.getElementById('torbutton_blockFileNet').checked = o_torprefs.getBoolPref('block_file_net');
+    doc.getElementById('torbutton_jarCerts').checked = o_torprefs.getBoolPref('jar_certs');
+    // XXX: Grey this out if jar_certs is false
+    doc.getElementById('torbutton_jarCACerts').checked = o_torprefs.getBoolPref('jar_ca_certs');
 
     torbutton_prefs_set_field_attributes(doc);
 }
@@ -309,6 +312,10 @@
     o_torprefs.setBoolPref('set_uagent', doc.getElementById('torbutton_setUagent').checked);
     o_torprefs.setBoolPref('disable_referer', doc.getElementById('torbutton_noReferer').checked);
     o_torprefs.setBoolPref('spoof_english', doc.getElementById('torbutton_spoofEnglish').checked);
+    o_torprefs.setBoolPref('jar_certs', doc.getElementById('torbutton_jarCerts').checked);
+    o_torprefs.setBoolPref('jar_ca_certs',
+            o_torprefs.getBoolPref('jar_certs') &&
+            doc.getElementById('torbutton_jarCACerts').checked);
 
     // if tor settings were initially active, update the active settings to reflect any changes
     if (tor_enabled) torbutton_activate_tor_settings();

Modified: torbutton/trunk/src/chrome/content/preferences.xul
===================================================================
--- torbutton/trunk/src/chrome/content/preferences.xul	2008-05-12 07:13:05 UTC (rev 14590)
+++ torbutton/trunk/src/chrome/content/preferences.xul	2008-05-12 07:36:39 UTC (rev 14591)
@@ -240,6 +240,10 @@
                   oncommand="torbutton_prefs_set_field_attributes(document)"/>
           <checkbox id="torbutton_spoofEnglish" label="&torbutton.prefs.spoof_english;" 
                    oncommand="torbutton_prefs_set_field_attributes(document)"/>
+          <checkbox id="torbutton_jarCerts" label="&torbutton.prefs.jar_certs;" 
+                   oncommand="torbutton_prefs_set_field_attributes(document)"/>
+          <checkbox id="torbutton_jarCACerts" label="&torbutton.prefs.jar_ca_certs;" 
+                   oncommand="torbutton_prefs_set_field_attributes(document)"/>
           <checkbox id="torbutton_noReferer" label="&torbutton.prefs.disable_referer;" 
                    oncommand="torbutton_prefs_set_field_attributes(document)"/>
            </vbox>

Modified: torbutton/trunk/src/chrome/content/torbutton.js
===================================================================
--- torbutton/trunk/src/chrome/content/torbutton.js	2008-05-12 07:13:05 UTC (rev 14590)
+++ torbutton/trunk/src/chrome/content/torbutton.js	2008-05-12 07:36:39 UTC (rev 14591)
@@ -737,8 +737,7 @@
         torbutton_jar_cookies(mode);
     }
 
-    // XXX: make pref
-    if (true) {
+    if (torprefs.getBoolPref('jar_certs')) {
         torbutton_jar_certs(mode);
     }
 }
@@ -992,6 +991,7 @@
             if(outList[i]) {
                 var len = new Object();
                 var data = outList[i].getRawDER(len);
+                //torbutton_log(2, "Delete: "+certdb.deleteCertificate(outList[i]));
                 certdb.deleteCertificate(outList[i]);
                 /* Doesn't work.. db isn't updated right away..
                  * if(outList[i].equals(
@@ -1026,6 +1026,7 @@
 }
 
 function torbutton_unjar_cert_type(mode, treeView, name, type) {
+    var unjared_certs = 0;
     var certdb = Components.classes["@mozilla.org/security/x509certdb;1"]
                     .getService(Components.interfaces.nsIX509CertDB2);
     certdb.QueryInterface(Components.interfaces.nsIX509CertDB);
@@ -1067,12 +1068,15 @@
             var bytes = bstream.readByteArray(len);
             switch(type) {
                 case Components.interfaces.nsIX509Cert.EMAIL_CERT:
+                    unjared_certs++;
                     certdb.importEmailCertificate(bytes, bytes.length, null);
                     break;
                 case Components.interfaces.nsIX509Cert.SERVER_CERT:
+                    unjared_certs++;
                     certdb.importServerCertificate(bytes, bytes.length, null);
                     break;
                 case Components.interfaces.nsIX509Cert.USER_CERT:
+                    unjared_certs++;
                     certdb.importUserCertificate(bytes, bytes.length, null);
                     break;
                 case Components.interfaces.nsIX509Cert.CA_CERT:
@@ -1089,6 +1093,7 @@
                         if(checkCert.equals(certdb.findCertByDBKey(checkCert.dbKey, null))) {
                             torbutton_log(2, "Skipping cert: "+checkCert.organization);
                         } else {
+                            unjared_certs++;
                             certdb.importCertificates(bytes, bytes.length, type, null);
                         }
                     } catch(e) {
@@ -1097,14 +1102,17 @@
                     break;
             }
         }
-        torbutton_log(2, "Read "+certs+" "+name+" certificates from "+inFile.path);
+        torbutton_log(2, "Read "+unjared_certs+" "+name+" certificates from "+inFile.path);
     }
 
     bstream.close();
     istream.close();
+
+    return unjared_certs;
 }
 
 function torbutton_jar_certs(mode) {
+    var tot_certs = 0;
     var certCache = 
         Components.classes["@mozilla.org/security/nsscertcache;1"]
                     .getService(Components.interfaces.nsINSSCertCache);
@@ -1152,8 +1160,10 @@
     caTreeView.loadCertsFromCache(certCache, 
             Components.interfaces.nsIX509Cert.CA_CERT);
 
-    torbutton_jar_cert_type(mode, caTreeView, "ca", 
-            Components.interfaces.nsIX509Cert.CA_CERT);
+    if(m_tb_prefs.getBoolPref("extensions.torbutton.jar_ca_certs")) {
+        torbutton_jar_cert_type(mode, caTreeView, "ca", 
+                Components.interfaces.nsIX509Cert.CA_CERT);
+    }
     torbutton_jar_cert_type(mode, userTreeView, "user", 
             Components.interfaces.nsIX509Cert.USER_CERT);
     torbutton_jar_cert_type(mode, emailTreeView, "email", 
@@ -1198,8 +1208,22 @@
         }
     }
 
-    torbutton_unjar_cert_type(mode, caTreeView, "ca", 
-            Components.interfaces.nsIX509Cert.CA_CERT);
+    if(m_tb_prefs.getBoolPref("extensions.torbutton.jar_ca_certs")) {
+        if(torbutton_unjar_cert_type(mode, caTreeView, "ca", 
+                Components.interfaces.nsIX509Cert.CA_CERT) == 0) {
+            if(!m_tb_prefs.getBoolPref("extensions.torbutton.asked_ca_disable")) {
+                var o_stringbundle = torbutton_get_stringbundle();
+                var warning = o_stringbundle.GetStringFromName("torbutton.popup.confirm_ca_certs");
+                var val = window.confirm(warning);
+                torbutton_log(3, "Got response: "+val);
+                if(val) {
+                    m_tb_prefs.setBoolPref("extensions.torbutton.jar_ca_certs",
+                            false);
+                }
+                m_tb_prefs.setBoolPref("extensions.torbutton.asked_ca_disable", true);
+            }
+        }
+    }
     torbutton_unjar_cert_type(mode, userTreeView, "user", 
             Components.interfaces.nsIX509Cert.USER_CERT);
     torbutton_unjar_cert_type(mode, emailTreeView, "email", 
@@ -1207,6 +1231,8 @@
     torbutton_unjar_cert_type(mode, serverTreeView, "server", 
             Components.interfaces.nsIX509Cert.SERVER_CERT);
 
+
+
     certCache.cacheAllCerts();
     serverTreeView.loadCertsFromCache(certCache, 
             Components.interfaces.nsIX509Cert.SERVER_CERT);

Modified: torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd
===================================================================
--- torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd	2008-05-12 07:13:05 UTC (rev 14590)
+++ torbutton/trunk/src/chrome/locale/en-US/torbutton.dtd	2008-05-12 07:36:39 UTC (rev 14591)
@@ -68,8 +68,10 @@
 <!ENTITY torbutton.prefs.dual_cookie_jars        "Store both Tor and Non-Tor cookies in protected jars (dangerous)">
 <!ENTITY torbutton.prefs.clear_http_auth        "Clear HTTP auth sessions (recommended)">
 <!ENTITY torbutton.prefs.block_js_history       "Isolate access to history navigation to Tor state (crucial)">
-<!ENTITY torbutton.prefs.resize_on_toggle       "Resize window dimensions to multiples of 50px on toggle (recommended)">
+<!ENTITY torbutton.prefs.resize_on_toggle       "Resize windows to multiples of 50px during Tor usage (recommended)">
 <!ENTITY torbutton.prefs.close_tor    "Close all Tor windows and tabs on toggle (optional)">
 <!ENTITY torbutton.prefs.close_nontor       "Close all Non-Tor windows and tabs on toggle (optional)">
 <!ENTITY torbutton.prefs.block_file_net     "Block access to network from file:// urls (recommended)">
 <!ENTITY torbutton.prefs.block_links        "Block link clicks and page reloads from different Tor states (optional)">
+<!ENTITY torbutton.prefs.jar_certs        "Store SSL certs in seperate jars for Tor/Non-Tor (recommended)">
+<!ENTITY torbutton.prefs.jar_ca_certs        "Store CA certs in seperate jars for Tor/Non-Tor (recommended, slow)">

Modified: torbutton/trunk/src/chrome/locale/en-US/torbutton.properties
===================================================================
--- torbutton/trunk/src/chrome/locale/en-US/torbutton.properties	2008-05-12 07:13:05 UTC (rev 14590)
+++ torbutton/trunk/src/chrome/locale/en-US/torbutton.properties	2008-05-12 07:36:39 UTC (rev 14591)
@@ -9,3 +9,4 @@
 extensions.{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.description = Torbutton provides a button to easily enable or disable pointing Firefox to the Tor proxy
 torbutton.popup.history.warning = Torbutton blocked changed-state history manipulation.\n\nSee history settings to allow.\n\n
 torbutton.popup.plugin.warning = Torbutton blocked direct Tor load of plugin content.\n\nUse Save-As instead.\n\n
+torbutton.popup.confirm_ca_certs = Torbutton Note: It appears you have no custom Certificate Authorities. Examining the Certificate Authority list is a slow operation and slows down Tor toggle. Would you like to disable the isolation of Certificate Authority certificates? (If you don't understand this, it is safe to click OK)

Modified: torbutton/trunk/src/components/cssblocker.js
===================================================================
--- torbutton/trunk/src/components/cssblocker.js	2008-05-12 07:13:05 UTC (rev 14590)
+++ torbutton/trunk/src/components/cssblocker.js	2008-05-12 07:36:39 UTC (rev 14591)
@@ -373,7 +373,7 @@
         // Instead, related functionality has been grafted onto the 
         // webprogresslistener :(	
         // See mozilla bugs 380556, 305699, 309524
-        if(ContentLocation) {
+        if(contentLocation) {
             this.logger.log(2, "Process for "+contentLocation.spec);
         }
         return ok;

Modified: torbutton/trunk/src/defaults/preferences/preferences.js
===================================================================
--- torbutton/trunk/src/defaults/preferences/preferences.js	2008-05-12 07:13:05 UTC (rev 14590)
+++ torbutton/trunk/src/defaults/preferences/preferences.js	2008-05-12 07:36:39 UTC (rev 14591)
@@ -88,3 +88,6 @@
 pref("extensions.torbutton.useragent_vendorSub","");
 pref("extensions.torbutton.banned_ports","8118,8123,9050,9051");
 pref("extensions.torbutton.block_file_net",true);
+pref("extensions.torbutton.jar_certs",true);
+pref("extensions.torbutton.jar_ca_certs",true);
+pref("extensions.torbutton.asked_ca_disable",false);



More information about the tor-commits mailing list