[tor-commits] [torbrowser/maint-2.2] New patches for bugs 4099 and 4667.
erinn at torproject.org
erinn at torproject.org
Thu Dec 15 05:36:42 UTC 2011
commit 5424e9d5bd7dd8cb2f4577dff3a90d931ec50354
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Thu Dec 8 17:02:35 2011 -0800
New patches for bugs 4099 and 4667.
Session ID-removal and keep-alive connection closing patches.
---
.../0010-Disable-SSL-Session-ID-tracking.patch | 28 ++++++++++++++
...observer-event-to-close-persistent-connec.patch | 39 ++++++++++++++++++++
2 files changed, 67 insertions(+), 0 deletions(-)
diff --git a/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch
new file mode 100644
index 0000000..b74a5c1
--- /dev/null
+++ b/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch
@@ -0,0 +1,28 @@
+From 6ec4ac9d2cafa8b400611a07d62c6279b3568204 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Wed, 7 Dec 2011 19:36:38 -0800
+Subject: [PATCH 10/11] Disable SSL Session ID tracking.
+
+We can't easily bind SSL Session ID tracking to url bar domain,
+so we have to disable them to satisfy
+https://www.torproject.org/projects/torbrowser/design/#identifier-linkability.
+---
+ security/nss/lib/ssl/sslsock.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
+index 568b500..35540a8 100644
+--- a/security/nss/lib/ssl/sslsock.c
++++ b/security/nss/lib/ssl/sslsock.c
+@@ -172,7 +172,7 @@ static sslOptions ssl_defaults = {
+ PR_TRUE, /* enableSSL2 */
+ PR_TRUE, /* enableSSL3 */
+ PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */
+- PR_FALSE, /* noCache */
++ PR_TRUE, /* noCache */
+ PR_FALSE, /* fdx */
+ PR_TRUE, /* v2CompatibleHello */
+ PR_TRUE, /* detectRollBack */
+--
+1.7.3.4
+
diff --git a/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch
new file mode 100644
index 0000000..d2cdfa3
--- /dev/null
+++ b/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch
@@ -0,0 +1,39 @@
+From 7f6e76f1cbab26bcd6dead6427a9a19460877434 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at fscked.org>
+Date: Wed, 7 Dec 2011 20:05:19 -0800
+Subject: [PATCH 11/11] Provide an observer event to close persistent connections
+
+We need to prevent linkability across "New Identity", which includes closing
+keep-alive connections.
+---
+ netwerk/protocol/http/nsHttpHandler.cpp | 7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
+index f79f23e..ed70ecd 100644
+--- a/netwerk/protocol/http/nsHttpHandler.cpp
++++ b/netwerk/protocol/http/nsHttpHandler.cpp
+@@ -321,6 +321,7 @@ nsHttpHandler::Init()
+ mObserverService->AddObserver(this, "net:clear-active-logins", PR_TRUE);
+ mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, PR_TRUE);
+ mObserverService->AddObserver(this, "net:prune-dead-connections", PR_TRUE);
++ mObserverService->AddObserver(this, "net:prune-all-connections", PR_TRUE);
+ }
+
+ return NS_OK;
+@@ -1611,6 +1612,12 @@ nsHttpHandler::Observe(nsISupports *subject,
+ mConnMgr->PruneDeadConnections();
+ }
+ }
++ else if (strcmp(topic, "net:prune-all-connections") == 0) {
++ if (mConnMgr) {
++ mConnMgr->ClosePersistentConnections();
++ mConnMgr->PruneDeadConnections();
++ }
++ }
+
+ return NS_OK;
+ }
+--
+1.7.3.4
+
More information about the tor-commits
mailing list