summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-06-20 19:11:09 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-06-20 19:14:58 +0200
commit7d3b69729b68d80e7b301e7e1fd05e68e13cc133 (patch)
treec54c93de5921a6abd0439affbbc878ed9f6e43da
parent5c0b3b7d3224778c9421f8dcd7f8dd1d09f62675 (diff)
downloadUXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.tar
UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.tar.gz
UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.tar.lz
UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.tar.xz
UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.zip
Fix SSL status ambiguity.
- Adds CipherSuite string with the full suite - Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
-rw-r--r--netwerk/base/TLSServerSocket.cpp10
-rw-r--r--netwerk/base/TLSServerSocket.h1
-rw-r--r--netwerk/base/nsITLSServerSocket.idl12
-rw-r--r--security/manager/ssl/TransportSecurityInfo.cpp4
-rw-r--r--security/manager/ssl/nsISSLStatus.idl3
-rw-r--r--security/manager/ssl/nsSSLStatus.cpp19
-rw-r--r--security/manager/ssl/nsSSLStatus.h5
7 files changed, 45 insertions, 9 deletions
diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp
index b32a9a188..257a7f5da 100644
--- a/netwerk/base/TLSServerSocket.cpp
+++ b/netwerk/base/TLSServerSocket.cpp
@@ -419,6 +419,13 @@ TLSServerConnectionInfo::GetCipherName(nsACString& aCipherName)
}
NS_IMETHODIMP
+TLSServerConnectionInfo::GetCipherSuite(nsACString& aCipherSuite)
+{
+ aCipherSuite.Assign(mCipherSuite);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
TLSServerConnectionInfo::GetKeyLength(uint32_t* aKeyLength)
{
if (NS_WARN_IF(!aKeyLength)) {
@@ -490,7 +497,8 @@ TLSServerConnectionInfo::HandshakeCallback(PRFileDesc* aFD)
if (NS_FAILED(rv)) {
return rv;
}
- mCipherName.Assign(cipherInfo.cipherSuiteName);
+ mCipherName.Assign(cipherInfo.symCipherName);
+ mCipherSuite.Assign(cipherInfo.cipherSuiteName);
mKeyLength = cipherInfo.effectiveKeyBits;
mMacLength = cipherInfo.macBits;
diff --git a/netwerk/base/TLSServerSocket.h b/netwerk/base/TLSServerSocket.h
index 9fb57e0cc..fd47fc918 100644
--- a/netwerk/base/TLSServerSocket.h
+++ b/netwerk/base/TLSServerSocket.h
@@ -68,6 +68,7 @@ private:
nsCOMPtr<nsIX509Cert> mPeerCert;
int16_t mTlsVersionUsed;
nsCString mCipherName;
+ nsCString mCipherSuite;
uint32_t mKeyLength;
uint32_t mMacLength;
// lock protects access to mSecurityObserver
diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl
index 9a03c2ead..57485357f 100644
--- a/netwerk/base/nsITLSServerSocket.idl
+++ b/netwerk/base/nsITLSServerSocket.idl
@@ -94,7 +94,7 @@ interface nsITLSServerSocket : nsIServerSocket
* method of the security observer has been called (see
* |nsITLSServerSecurityObserver| below).
*/
-[scriptable, uuid(19668ea4-e5ad-4182-9698-7e890d48f327)]
+[scriptable, uuid(205e273d-2439-449b-bfc5-fc555c87dbc4)]
interface nsITLSClientStatus : nsISupports
{
/**
@@ -125,11 +125,19 @@ interface nsITLSClientStatus : nsISupports
/**
* cipherName
*
+ * Name of the symetric cipher used, such as
+ * "AES-GCM" or "CAMELLIA".
+ */
+ readonly attribute ACString cipherName;
+
+ /**
+ * cipherSuite
+ *
* Name of the cipher suite used, such as
* "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256".
* See security/nss/lib/ssl/sslinfo.c for the possible values.
*/
- readonly attribute ACString cipherName;
+ readonly attribute ACString cipherSuite;
/**
* keyLength
diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp
index 101e2332c..fe39f4017 100644
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -304,8 +304,8 @@ TransportSecurityInfo::GetInterface(const nsIID & uuid, void * *result)
// of the previous value. This is so when older versions attempt to
// read a newer serialized TransportSecurityInfo, they will actually
// fail and return NS_ERROR_FAILURE instead of silently failing.
-#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0x1faa, 0x4169, \
- { 0xb0, 0xd2, 0x81, 0x29, 0xec, 0x7c, 0xb1, 0xde } }
+#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0xa940, 0x4002, \
+ { 0x94, 0x3c, 0x43, 0xc4, 0x67, 0x38, 0x8f, 0x3d } }
static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC);
NS_IMETHODIMP
diff --git a/security/manager/ssl/nsISSLStatus.idl b/security/manager/ssl/nsISSLStatus.idl
index 52cb1df30..d8b5c2164 100644
--- a/security/manager/ssl/nsISSLStatus.idl
+++ b/security/manager/ssl/nsISSLStatus.idl
@@ -8,11 +8,12 @@
interface nsIX509Cert;
-[scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)]
+[scriptable, uuid(5415626b-2930-440e-bfc5-55c87dbc4511)]
interface nsISSLStatus : nsISupports {
readonly attribute nsIX509Cert serverCert;
readonly attribute ACString cipherName;
+ readonly attribute ACString cipherSuite;
readonly attribute unsigned long keyLength;
readonly attribute unsigned long secretKeyLength;
[must_use]
diff --git a/security/manager/ssl/nsSSLStatus.cpp b/security/manager/ssl/nsSSLStatus.cpp
index 7f9915cb2..b2453d271 100644
--- a/security/manager/ssl/nsSSLStatus.cpp
+++ b/security/manager/ssl/nsSSLStatus.cpp
@@ -72,7 +72,24 @@ nsSSLStatus::GetCipherName(nsACString& aCipherName)
return NS_ERROR_FAILURE;
}
- aCipherName.Assign(cipherInfo.cipherSuiteName);
+ aCipherName.Assign(cipherInfo.symCipherName);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetCipherSuite(nsACString& aCipherSuite)
+{
+ if (!mHaveCipherSuiteAndProtocol) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+ SSLCipherSuiteInfo cipherInfo;
+ if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
+ sizeof(cipherInfo)) != SECSuccess) {
+ return NS_ERROR_FAILURE;
+ }
+
+ aCipherSuite.Assign(cipherInfo.cipherSuiteName);
return NS_OK;
}
diff --git a/security/manager/ssl/nsSSLStatus.h b/security/manager/ssl/nsSSLStatus.h
index 74f9d0f01..acba1cb30 100644
--- a/security/manager/ssl/nsSSLStatus.h
+++ b/security/manager/ssl/nsSSLStatus.h
@@ -69,8 +69,9 @@ private:
nsCOMPtr<nsIX509Cert> mServerCert;
};
+// 600cd77a-e45c-4184-bfc5-55c87dbc4511
#define NS_SSLSTATUS_CID \
-{ 0xe2f14826, 0x9e70, 0x4647, \
- { 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } }
+{ 0x600cd77a, 0xe45c, 0x4184, \
+ { 0xbf, 0xc5, 0x55, 0xc8, 0x7d, 0xbc, 0x45, 0x11 } }
#endif