[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torbrowser/master] New patches for bugs 4099 and 4667.



commit 5424e9d5bd7dd8cb2f4577dff3a90d931ec50354
Author: Mike Perry <mikeperry-git@xxxxxxxxxx>
Date:   Thu Dec 8 17:02:35 2011 -0800

    New patches for bugs 4099 and 4667.
    
    Session ID-removal and keep-alive connection closing patches.
---
 .../0010-Disable-SSL-Session-ID-tracking.patch     |   28 ++++++++++++++
 ...observer-event-to-close-persistent-connec.patch |   39 ++++++++++++++++++++
 2 files changed, 67 insertions(+), 0 deletions(-)

diff --git a/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch
new file mode 100644
index 0000000..b74a5c1
--- /dev/null
+++ b/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch
@@ -0,0 +1,28 @@
+From 6ec4ac9d2cafa8b400611a07d62c6279b3568204 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@xxxxxxxxxx>
+Date: Wed, 7 Dec 2011 19:36:38 -0800
+Subject: [PATCH 10/11] Disable SSL Session ID tracking.
+
+We can't easily bind SSL Session ID tracking to url bar domain,
+so we have to disable them to satisfy
+https://www.torproject.org/projects/torbrowser/design/#identifier-linkability.
+---
+ security/nss/lib/ssl/sslsock.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
+index 568b500..35540a8 100644
+--- a/security/nss/lib/ssl/sslsock.c
++++ b/security/nss/lib/ssl/sslsock.c
+@@ -172,7 +172,7 @@ static sslOptions ssl_defaults = {
+     PR_TRUE,	/* enableSSL2         */
+     PR_TRUE,	/* enableSSL3         */
+     PR_TRUE, 	/* enableTLS          */ /* now defaults to on in NSS 3.0 */
+-    PR_FALSE,	/* noCache            */
++    PR_TRUE,	/* noCache            */
+     PR_FALSE,	/* fdx                */
+     PR_TRUE,	/* v2CompatibleHello  */
+     PR_TRUE,	/* detectRollBack     */
+-- 
+1.7.3.4
+
diff --git a/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch
new file mode 100644
index 0000000..d2cdfa3
--- /dev/null
+++ b/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch
@@ -0,0 +1,39 @@
+From 7f6e76f1cbab26bcd6dead6427a9a19460877434 Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git@xxxxxxxxxx>
+Date: Wed, 7 Dec 2011 20:05:19 -0800
+Subject: [PATCH 11/11] Provide an observer event to close persistent connections
+
+We need to prevent linkability across "New Identity", which includes closing
+keep-alive connections.
+---
+ netwerk/protocol/http/nsHttpHandler.cpp |    7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
+index f79f23e..ed70ecd 100644
+--- a/netwerk/protocol/http/nsHttpHandler.cpp
++++ b/netwerk/protocol/http/nsHttpHandler.cpp
+@@ -321,6 +321,7 @@ nsHttpHandler::Init()
+         mObserverService->AddObserver(this, "net:clear-active-logins", PR_TRUE);
+         mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, PR_TRUE);
+         mObserverService->AddObserver(this, "net:prune-dead-connections", PR_TRUE);
++        mObserverService->AddObserver(this, "net:prune-all-connections", PR_TRUE);
+     }
+  
+     return NS_OK;
+@@ -1611,6 +1612,12 @@ nsHttpHandler::Observe(nsISupports *subject,
+             mConnMgr->PruneDeadConnections();
+         }
+     }
++    else if (strcmp(topic, "net:prune-all-connections") == 0) {
++        if (mConnMgr) {
++           mConnMgr->ClosePersistentConnections();
++           mConnMgr->PruneDeadConnections();
++        }
++    }
+   
+     return NS_OK;
+ }
+-- 
+1.7.3.4
+

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits