diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-06-20 19:11:09 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-06-20 19:14:58 +0200 |
commit | 7d3b69729b68d80e7b301e7e1fd05e68e13cc133 (patch) | |
tree | c54c93de5921a6abd0439affbbc878ed9f6e43da | |
parent | 5c0b3b7d3224778c9421f8dcd7f8dd1d09f62675 (diff) | |
download | UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.tar UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.tar.gz UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.tar.lz UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.tar.xz UXP-7d3b69729b68d80e7b301e7e1fd05e68e13cc133.zip |
Fix SSL status ambiguity.
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
-rw-r--r-- | netwerk/base/TLSServerSocket.cpp | 10 | ||||
-rw-r--r-- | netwerk/base/TLSServerSocket.h | 1 | ||||
-rw-r--r-- | netwerk/base/nsITLSServerSocket.idl | 12 | ||||
-rw-r--r-- | security/manager/ssl/TransportSecurityInfo.cpp | 4 | ||||
-rw-r--r-- | security/manager/ssl/nsISSLStatus.idl | 3 | ||||
-rw-r--r-- | security/manager/ssl/nsSSLStatus.cpp | 19 | ||||
-rw-r--r-- | security/manager/ssl/nsSSLStatus.h | 5 |
7 files changed, 45 insertions, 9 deletions
diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp index b32a9a188..257a7f5da 100644 --- a/netwerk/base/TLSServerSocket.cpp +++ b/netwerk/base/TLSServerSocket.cpp @@ -419,6 +419,13 @@ TLSServerConnectionInfo::GetCipherName(nsACString& aCipherName) } NS_IMETHODIMP +TLSServerConnectionInfo::GetCipherSuite(nsACString& aCipherSuite) +{ + aCipherSuite.Assign(mCipherSuite); + return NS_OK; +} + +NS_IMETHODIMP TLSServerConnectionInfo::GetKeyLength(uint32_t* aKeyLength) { if (NS_WARN_IF(!aKeyLength)) { @@ -490,7 +497,8 @@ TLSServerConnectionInfo::HandshakeCallback(PRFileDesc* aFD) if (NS_FAILED(rv)) { return rv; } - mCipherName.Assign(cipherInfo.cipherSuiteName); + mCipherName.Assign(cipherInfo.symCipherName); + mCipherSuite.Assign(cipherInfo.cipherSuiteName); mKeyLength = cipherInfo.effectiveKeyBits; mMacLength = cipherInfo.macBits; diff --git a/netwerk/base/TLSServerSocket.h b/netwerk/base/TLSServerSocket.h index 9fb57e0cc..fd47fc918 100644 --- a/netwerk/base/TLSServerSocket.h +++ b/netwerk/base/TLSServerSocket.h @@ -68,6 +68,7 @@ private: nsCOMPtr<nsIX509Cert> mPeerCert; int16_t mTlsVersionUsed; nsCString mCipherName; + nsCString mCipherSuite; uint32_t mKeyLength; uint32_t mMacLength; // lock protects access to mSecurityObserver diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl index 9a03c2ead..57485357f 100644 --- a/netwerk/base/nsITLSServerSocket.idl +++ b/netwerk/base/nsITLSServerSocket.idl @@ -94,7 +94,7 @@ interface nsITLSServerSocket : nsIServerSocket * method of the security observer has been called (see * |nsITLSServerSecurityObserver| below). */ -[scriptable, uuid(19668ea4-e5ad-4182-9698-7e890d48f327)] +[scriptable, uuid(205e273d-2439-449b-bfc5-fc555c87dbc4)] interface nsITLSClientStatus : nsISupports { /** @@ -125,11 +125,19 @@ interface nsITLSClientStatus : nsISupports /** * cipherName * + * Name of the symetric cipher used, such as + * "AES-GCM" or "CAMELLIA". + */ + readonly attribute ACString cipherName; + + /** + * cipherSuite + * * Name of the cipher suite used, such as * "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256". * See security/nss/lib/ssl/sslinfo.c for the possible values. */ - readonly attribute ACString cipherName; + readonly attribute ACString cipherSuite; /** * keyLength diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp index 101e2332c..fe39f4017 100644 --- a/security/manager/ssl/TransportSecurityInfo.cpp +++ b/security/manager/ssl/TransportSecurityInfo.cpp @@ -304,8 +304,8 @@ TransportSecurityInfo::GetInterface(const nsIID & uuid, void * *result) // of the previous value. This is so when older versions attempt to // read a newer serialized TransportSecurityInfo, they will actually // fail and return NS_ERROR_FAILURE instead of silently failing. -#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0x1faa, 0x4169, \ - { 0xb0, 0xd2, 0x81, 0x29, 0xec, 0x7c, 0xb1, 0xde } } +#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0xa940, 0x4002, \ + { 0x94, 0x3c, 0x43, 0xc4, 0x67, 0x38, 0x8f, 0x3d } } static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC); NS_IMETHODIMP diff --git a/security/manager/ssl/nsISSLStatus.idl b/security/manager/ssl/nsISSLStatus.idl index 52cb1df30..d8b5c2164 100644 --- a/security/manager/ssl/nsISSLStatus.idl +++ b/security/manager/ssl/nsISSLStatus.idl @@ -8,11 +8,12 @@ interface nsIX509Cert; -[scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)] +[scriptable, uuid(5415626b-2930-440e-bfc5-55c87dbc4511)] interface nsISSLStatus : nsISupports { readonly attribute nsIX509Cert serverCert; readonly attribute ACString cipherName; + readonly attribute ACString cipherSuite; readonly attribute unsigned long keyLength; readonly attribute unsigned long secretKeyLength; [must_use] diff --git a/security/manager/ssl/nsSSLStatus.cpp b/security/manager/ssl/nsSSLStatus.cpp index 7f9915cb2..b2453d271 100644 --- a/security/manager/ssl/nsSSLStatus.cpp +++ b/security/manager/ssl/nsSSLStatus.cpp @@ -72,7 +72,24 @@ nsSSLStatus::GetCipherName(nsACString& aCipherName) return NS_ERROR_FAILURE; } - aCipherName.Assign(cipherInfo.cipherSuiteName); + aCipherName.Assign(cipherInfo.symCipherName); + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetCipherSuite(nsACString& aCipherSuite) +{ + if (!mHaveCipherSuiteAndProtocol) { + return NS_ERROR_NOT_AVAILABLE; + } + + SSLCipherSuiteInfo cipherInfo; + if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo, + sizeof(cipherInfo)) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + aCipherSuite.Assign(cipherInfo.cipherSuiteName); return NS_OK; } diff --git a/security/manager/ssl/nsSSLStatus.h b/security/manager/ssl/nsSSLStatus.h index 74f9d0f01..acba1cb30 100644 --- a/security/manager/ssl/nsSSLStatus.h +++ b/security/manager/ssl/nsSSLStatus.h @@ -69,8 +69,9 @@ private: nsCOMPtr<nsIX509Cert> mServerCert; }; +// 600cd77a-e45c-4184-bfc5-55c87dbc4511 #define NS_SSLSTATUS_CID \ -{ 0xe2f14826, 0x9e70, 0x4647, \ - { 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } } +{ 0x600cd77a, 0xe45c, 0x4184, \ + { 0xbf, 0xc5, 0x55, 0xc8, 0x7d, 0xbc, 0x45, 0x11 } } #endif |