[tor-commits] [torbutton/master] Bug 10078: clearing crypto auth tokens; removing own handling of SSL session identifier cache as we get that for free when calling logoutAndTeardown()

mikeperry at torproject.org mikeperry at torproject.org
Mon Dec 2 08:11:40 UTC 2013 

commit 553789b32ad3cb26e854038e3db508072a72c2a2
Author: Georg Koppen <g.koppen at jondos.de>
Date:   Thu Nov 28 13:15:41 2013 +0100

    Bug 10078: clearing crypto auth tokens; removing own handling of SSL session identifier cache as we get that for free when calling logoutAndTeardown()
---
 src/chrome/content/torbutton.js |   22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index fcdc0d8..b47d394 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -1465,22 +1465,12 @@ function torbutton_do_new_identity() {
 
   torbutton_log(3, "New Identity: Clearing Crypto Tokens");
 
-  try {
-    // This clears the SSL identifier cache.
-    // See https://bugzilla.mozilla.org/show_bug.cgi?id=448747. But bug 683262
-    // removes nsIDOMCrypto.logout(). We need to resort to our previous fallback
-    // method: switching a proper preference that triggers clearing the SSL
-    // identifier cache.
-    // See: https://mxr.mozilla.org/comm-esr24/source/mozilla/security/manager/ssl/src/nsNSSComponent.cpp#1625 for the ones being available.
-    // secruity.enable_md5_signatures seems to be a good choice as it is still
-    // available on trunk.
-    m_tb_prefs.setBoolPref("security.enable_md5_signatures", !m_tb_prefs.
-                           getBoolPref("security.enable_md5_signatures"));
-    m_tb_prefs.setBoolPref("security.enable_md5_signatures", !m_tb_prefs.
-                           getBoolPref("security.enable_md5_signatures"));
-  } catch(e) {
-    torbutton_log(4, "Failed to clear SSL session ids: "+e);
-  }
+  // Clear all crypto auth tokens. This includes calls to PK11_LogoutAll(),
+  // nsNSSComponent::LogoutAuthenticatedPK11() and clearing the SSL session
+  // cache.
+  let sdr = Components.classes["@mozilla.org/security/sdr;1"].
+                       getService(Components.interfaces.nsISecretDecoderRing);
+  sdr.logoutAndTeardown();
 
   // This clears the OCSP cache.
   //

More information about the tor-commits mailing list