commit 5424e9d5bd7dd8cb2f4577dff3a90d931ec50354 Author: Mike Perry mikeperry-git@fscked.org Date: Thu Dec 8 17:02:35 2011 -0800
New patches for bugs 4099 and 4667.
Session ID-removal and keep-alive connection closing patches. --- .../0010-Disable-SSL-Session-ID-tracking.patch | 28 ++++++++++++++ ...observer-event-to-close-persistent-connec.patch | 39 ++++++++++++++++++++ 2 files changed, 67 insertions(+), 0 deletions(-)
diff --git a/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch b/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch new file mode 100644 index 0000000..b74a5c1 --- /dev/null +++ b/src/current-patches/firefox/0010-Disable-SSL-Session-ID-tracking.patch @@ -0,0 +1,28 @@ +From 6ec4ac9d2cafa8b400611a07d62c6279b3568204 Mon Sep 17 00:00:00 2001 +From: Mike Perry mikeperry-git@fscked.org +Date: Wed, 7 Dec 2011 19:36:38 -0800 +Subject: [PATCH 10/11] Disable SSL Session ID tracking. + +We can't easily bind SSL Session ID tracking to url bar domain, +so we have to disable them to satisfy +https://www.torproject.org/projects/torbrowser/design/#identifier-linkabilit.... +--- + security/nss/lib/ssl/sslsock.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c +index 568b500..35540a8 100644 +--- a/security/nss/lib/ssl/sslsock.c ++++ b/security/nss/lib/ssl/sslsock.c +@@ -172,7 +172,7 @@ static sslOptions ssl_defaults = { + PR_TRUE, /* enableSSL2 */ + PR_TRUE, /* enableSSL3 */ + PR_TRUE, /* enableTLS */ /* now defaults to on in NSS 3.0 */ +- PR_FALSE, /* noCache */ ++ PR_TRUE, /* noCache */ + PR_FALSE, /* fdx */ + PR_TRUE, /* v2CompatibleHello */ + PR_TRUE, /* detectRollBack */ +-- +1.7.3.4 + diff --git a/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch b/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch new file mode 100644 index 0000000..d2cdfa3 --- /dev/null +++ b/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch @@ -0,0 +1,39 @@ +From 7f6e76f1cbab26bcd6dead6427a9a19460877434 Mon Sep 17 00:00:00 2001 +From: Mike Perry mikeperry-git@fscked.org +Date: Wed, 7 Dec 2011 20:05:19 -0800 +Subject: [PATCH 11/11] Provide an observer event to close persistent connections + +We need to prevent linkability across "New Identity", which includes closing +keep-alive connections. +--- + netwerk/protocol/http/nsHttpHandler.cpp | 7 +++++++ + 1 files changed, 7 insertions(+), 0 deletions(-) + +diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp +index f79f23e..ed70ecd 100644 +--- a/netwerk/protocol/http/nsHttpHandler.cpp ++++ b/netwerk/protocol/http/nsHttpHandler.cpp +@@ -321,6 +321,7 @@ nsHttpHandler::Init() + mObserverService->AddObserver(this, "net:clear-active-logins", PR_TRUE); + mObserverService->AddObserver(this, NS_PRIVATE_BROWSING_SWITCH_TOPIC, PR_TRUE); + mObserverService->AddObserver(this, "net:prune-dead-connections", PR_TRUE); ++ mObserverService->AddObserver(this, "net:prune-all-connections", PR_TRUE); + } + + return NS_OK; +@@ -1611,6 +1612,12 @@ nsHttpHandler::Observe(nsISupports *subject, + mConnMgr->PruneDeadConnections(); + } + } ++ else if (strcmp(topic, "net:prune-all-connections") == 0) { ++ if (mConnMgr) { ++ mConnMgr->ClosePersistentConnections(); ++ mConnMgr->PruneDeadConnections(); ++ } ++ } + + return NS_OK; + } +-- +1.7.3.4 +
tor-commits@lists.torproject.org
-
erinn@torproject.org