On 8/22/2013 9:17 AM, Mark Hammond wrote:
> What I believe is happening is that this speculative connection is
> being reused for the connection made by the "anonymous" docShell, and
> as a result mCaps on the transport isn't getting the
> NS_HTTP_LOAD_ANONYMOUS flag, which in turn means the nsNSSSocketInfo
> for the request doesn't get the nsISocketProvider::ANONYMOUS_CONNECT
> flag, which in turn doesn't suppress the SSL certificate prompt for
> the request.
This is actually bad. The non-anonymous connection should not be used
for anonymous usage. If that happens, that something is wrong.
Anon and non-anon connections have separete pools. If those can
exchanged, it is a bug.