summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-09-04 07:41:14 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-09-04 07:41:14 +0200
commit45ec2bceb4822646805136b8874a3681b14e78ef (patch)
treed1db6daa9b40f85e6bc36a6768d1b74d735454f8 /security/manager/ssl
parent7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9 (diff)
parent2e00eb87ef299e6eb7521670e6a6720fee19f5fc (diff)
downloadUXP-45ec2bceb4822646805136b8874a3681b14e78ef.tar
UXP-45ec2bceb4822646805136b8874a3681b14e78ef.tar.gz
UXP-45ec2bceb4822646805136b8874a3681b14e78ef.tar.lz
UXP-45ec2bceb4822646805136b8874a3681b14e78ef.tar.xz
UXP-45ec2bceb4822646805136b8874a3681b14e78ef.zip
Merge branch 'master' of https://github.com/MoonchildProductions/UXP
Diffstat (limited to 'security/manager/ssl')
-rw-r--r--security/manager/ssl/DataStorage.cpp3
-rw-r--r--security/manager/ssl/SSLServerCertVerification.cpp147
-rw-r--r--security/manager/ssl/nsKeygenHandler.cpp43
-rw-r--r--security/manager/ssl/nsNSSCallbacks.cpp49
-rw-r--r--security/manager/ssl/nsNSSComponent.cpp17
-rw-r--r--security/manager/ssl/nsNSSIOLayer.cpp31
-rw-r--r--security/manager/ssl/nsNTLMAuthModule.cpp5
-rw-r--r--security/manager/ssl/nsPKCS11Slot.cpp4
8 files changed, 4 insertions, 295 deletions
diff --git a/security/manager/ssl/DataStorage.cpp b/security/manager/ssl/DataStorage.cpp
index 2d9dbf5c4..c765fed00 100644
--- a/security/manager/ssl/DataStorage.cpp
+++ b/security/manager/ssl/DataStorage.cpp
@@ -276,9 +276,6 @@ DataStorage::Reader::Run()
}
}
} while (true);
-
- Telemetry::Accumulate(Telemetry::DATA_STORAGE_ENTRIES,
- mDataStorage->mPersistentDataTable.Count());
}
return NS_OK;
diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp
index 4ef79f54a..757534955 100644
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -567,15 +567,12 @@ CertErrorRunnable::CheckCertOverrides()
// want a ballpark answer, we don't care.
if (mErrorCodeTrust != 0) {
uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTrust);
- Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
}
if (mErrorCodeMismatch != 0) {
uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeMismatch);
- Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
}
if (mErrorCodeTime != 0) {
uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTime);
- Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
}
// all errors are covered by override rules, so let's accept the cert
@@ -660,7 +657,6 @@ CreateCertErrorRunnable(CertVerifier& certVerifier,
MOZ_ASSERT(cert);
uint32_t probeValue = MapCertErrorToProbeValue(defaultErrorCodeToReport);
- Telemetry::Accumulate(Telemetry::SSL_CERT_VERIFICATION_ERRORS, probeValue);
uint32_t collected_errors = 0;
PRErrorCode errorCodeTrust = 0;
@@ -869,19 +865,11 @@ void
AccumulateSubjectCommonNameTelemetry(const char* commonName,
bool commonNameInSubjectAltNames)
{
- if (!commonName) {
- // 1 means no common name present
- Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 1);
- } else if (!commonNameInSubjectAltNames) {
+ if (!commonNameInSubjectAltNames) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("BR telemetry: common name '%s' not in subject alt. names "
"(or the subject alt. names extension is not present)\n",
commonName));
- // 2 means the common name is not present in subject alt names
- Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 2);
- } else {
- // 0 means the common name is present in subject alt names
- Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 0);
}
}
@@ -947,8 +935,6 @@ GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList)
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("BR telemetry: no subject alt names extension for '%s'\n",
commonName.get()));
- // 1 means there is no subject alt names extension
- Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 1);
AccumulateSubjectCommonNameTelemetry(commonName.get(), false);
return;
}
@@ -960,8 +946,6 @@ GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList)
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("BR telemetry: could not decode subject alt names for '%s'\n",
commonName.get()));
- // 2 means the subject alt names extension could not be decoded
- Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 2);
AccumulateSubjectCommonNameTelemetry(commonName.get(), false);
return;
}
@@ -1044,24 +1028,6 @@ GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList)
currentName = CERT_GetNextGeneralName(currentName);
} while (currentName && currentName != subjectAltNames);
- if (nonDNSNameOrIPAddressPresent) {
- // 3 means there's an entry that isn't an ip address or dns name
- Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 3);
- }
- if (malformedDNSNameOrIPAddressPresent) {
- // 4 means there's a malformed ip address or dns name entry
- Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 4);
- }
- if (nonFQDNPresent) {
- // 5 means there's a DNS name entry with a non-fully-qualified domain name
- Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 5);
- }
- if (!nonDNSNameOrIPAddressPresent && !malformedDNSNameOrIPAddressPresent &&
- !nonFQDNPresent) {
- // 0 means the extension is acceptable
- Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 0);
- }
-
AccumulateSubjectCommonNameTelemetry(commonName.get(),
commonNameInSubjectAltNames);
}
@@ -1111,7 +1077,6 @@ GatherEKUTelemetry(const UniqueCERTCertList& certList)
}
if (!foundEKU) {
- Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 0);
return;
}
@@ -1133,18 +1098,6 @@ GatherEKUTelemetry(const UniqueCERTCertList& certList)
foundOther = true;
}
}
-
- // Cases 3 is included only for completeness. It should never
- // appear in these statistics, because CheckExtendedKeyUsage()
- // should require the EKU extension, if present, to contain the
- // value id_kp_serverAuth.
- if (foundServerAuth && !foundOther) {
- Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 1);
- } else if (foundServerAuth && foundOther) {
- Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 2);
- } else if (!foundServerAuth) {
- Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 3);
- }
}
// Gathers telemetry on which CA is the root of a given cert chain.
@@ -1210,9 +1163,6 @@ GatherEndEntityTelemetry(const UniqueCERTCertList& certList)
if (durationInWeeks > (2 * ONE_YEAR_IN_WEEKS)) {
durationInWeeks = (2 * ONE_YEAR_IN_WEEKS) + 1;
}
-
- Telemetry::Accumulate(Telemetry::SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME,
- durationInWeeks);
}
// There are various things that we want to measure about certificate
@@ -1229,75 +1179,14 @@ GatherSuccessfulValidationTelemetry(const UniqueCERTCertList& certList)
void
GatherTelemetryForSingleSCT(const ct::SignedCertificateTimestamp& sct)
{
- // See SSL_SCTS_ORIGIN in Histograms.json.
- uint32_t origin = 0;
- switch (sct.origin) {
- case ct::SignedCertificateTimestamp::Origin::Embedded:
- origin = 1;
- break;
- case ct::SignedCertificateTimestamp::Origin::TLSExtension:
- origin = 2;
- break;
- case ct::SignedCertificateTimestamp::Origin::OCSPResponse:
- origin = 3;
- break;
- default:
- MOZ_ASSERT_UNREACHABLE("Unexpected SCT::Origin type");
- }
- Telemetry::Accumulate(Telemetry::SSL_SCTS_ORIGIN, origin);
-
- // See SSL_SCTS_VERIFICATION_STATUS in Histograms.json.
- uint32_t verificationStatus = 0;
- switch (sct.verificationStatus) {
- case ct::SignedCertificateTimestamp::VerificationStatus::OK:
- verificationStatus = 1;
- break;
- case ct::SignedCertificateTimestamp::VerificationStatus::UnknownLog:
- verificationStatus = 2;
- break;
- case ct::SignedCertificateTimestamp::VerificationStatus::InvalidSignature:
- verificationStatus = 3;
- break;
- case ct::SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp:
- verificationStatus = 4;
- break;
- default:
- MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type");
- }
- Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS,
- verificationStatus);
+/* STUB */
}
void
GatherCertificateTransparencyTelemetry(const UniqueCERTCertList& certList,
const CertificateTransparencyInfo& info)
{
- if (!info.enabled) {
- // No telemetry is gathered when CT is disabled.
- return;
- }
-
- if (!info.processedSCTs) {
- // We didn't receive any SCT data for this connection.
- Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, 0);
- return;
- }
-
- for (const ct::SignedCertificateTimestamp& sct : info.verifyResult.scts) {
- GatherTelemetryForSingleSCT(sct);
- }
-
- // Decoding errors are reported to the 0th bucket
- // of the SSL_SCTS_VERIFICATION_STATUS enumerated probe.
- for (size_t i = 0; i < info.verifyResult.decodingErrors; ++i) {
- Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS, 0);
- }
-
- // Handle the histogram of SCTs counts.
- uint32_t sctsCount = static_cast<uint32_t>(info.verifyResult.scts.length());
- // Note that sctsCount can be 0 in case we've received SCT binary data,
- // but it failed to parse (e.g. due to unsupported CT protocol version).
- Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, sctsCount);
+/* STUB */
}
// Note: Takes ownership of |peerCertChain| if SECSuccess is not returned.
@@ -1350,29 +1239,6 @@ AuthCertificate(CertVerifier& certVerifier,
uint32_t evStatus = (rv != Success) ? 0 // 0 = Failure
: (evOidPolicy == SEC_OID_UNKNOWN) ? 1 // 1 = DV
: 2; // 2 = EV
- Telemetry::Accumulate(Telemetry::CERT_EV_STATUS, evStatus);
-
- if (ocspStaplingStatus != CertVerifier::OCSP_STAPLING_NEVER_CHECKED) {
- Telemetry::Accumulate(Telemetry::SSL_OCSP_STAPLING, ocspStaplingStatus);
- }
- if (keySizeStatus != KeySizeStatus::NeverChecked) {
- Telemetry::Accumulate(Telemetry::CERT_CHAIN_KEY_SIZE_STATUS,
- static_cast<uint32_t>(keySizeStatus));
- }
- if (sha1ModeResult != SHA1ModeResult::NeverChecked) {
- Telemetry::Accumulate(Telemetry::CERT_CHAIN_SHA1_POLICY_STATUS,
- static_cast<uint32_t>(sha1ModeResult));
- }
-
- if (pinningTelemetryInfo.accumulateForRoot) {
- Telemetry::Accumulate(Telemetry::CERT_PINNING_FAILURES_BY_CA,
- pinningTelemetryInfo.rootBucket);
- }
-
- if (pinningTelemetryInfo.accumulateResult) {
- Telemetry::Accumulate(pinningTelemetryInfo.certPinningResultHistogram,
- pinningTelemetryInfo.certPinningResultBucket);
- }
if (rv == Success) {
// Certificate verification succeeded. Delete any potential record of
@@ -1517,7 +1383,6 @@ SSLServerCertVerificationJob::Run()
new SSLServerCertVerificationResult(mInfoObject, 0,
successTelemetry, interval));
restart->Dispatch();
- Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
return NS_OK;
}
@@ -1527,7 +1392,6 @@ SSLServerCertVerificationJob::Run()
{
TimeStamp now = TimeStamp::Now();
MutexAutoLock telemetryMutex(*gSSLVerificationTelemetryMutex);
- Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now);
}
if (error != 0) {
RefPtr<CertErrorRunnable> runnable(
@@ -1694,7 +1558,6 @@ AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig, PRBool isServer)
MOZ_ASSERT(peerCertChain || rv != SECSuccess,
"AuthCertificate() should take ownership of chain on failure");
if (rv == SECSuccess) {
- Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
return SECSuccess;
}
@@ -1782,10 +1645,6 @@ SSLServerCertVerificationResult::Dispatch()
NS_IMETHODIMP
SSLServerCertVerificationResult::Run()
{
- // TODO: Assert that we're on the socket transport thread
- if (mTelemetryID != Telemetry::HistogramCount) {
- Telemetry::Accumulate(mTelemetryID, mTelemetryValue);
- }
// XXX: This cast will be removed by the next patch
((nsNSSSocketInfo*) mInfoObject.get())
->SetCertVerificationResult(mErrorCode, mErrorMessageType);
diff --git a/security/manager/ssl/nsKeygenHandler.cpp b/security/manager/ssl/nsKeygenHandler.cpp
index c4529f877..9196e200c 100644
--- a/security/manager/ssl/nsKeygenHandler.cpp
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@@ -399,48 +399,7 @@ loser:
void
GatherKeygenTelemetry(uint32_t keyGenMechanism, int keysize, char* curve)
{
- if (keyGenMechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) {
- if (keysize > 8196 || keysize < 0) {
- return;
- }
-
- nsCString telemetryValue("rsa");
- telemetryValue.AppendPrintf("%d", keysize);
- mozilla::Telemetry::Accumulate(
- mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, telemetryValue);
- } else if (keyGenMechanism == CKM_EC_KEY_PAIR_GEN) {
- nsCString secp384r1 = NS_LITERAL_CSTRING("secp384r1");
- nsCString secp256r1 = NS_LITERAL_CSTRING("secp256r1");
-
- mozilla::UniqueSECItem decoded = DecodeECParams(curve);
- if (!decoded) {
- switch (keysize) {
- case 2048:
- mozilla::Telemetry::Accumulate(
- mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
- break;
- case 1024:
- case 512:
- mozilla::Telemetry::Accumulate(
- mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
- break;
- }
- } else {
- if (secp384r1.EqualsIgnoreCase(curve, secp384r1.Length())) {
- mozilla::Telemetry::Accumulate(
- mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
- } else if (secp256r1.EqualsIgnoreCase(curve, secp256r1.Length())) {
- mozilla::Telemetry::Accumulate(
- mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
- } else {
- mozilla::Telemetry::Accumulate(
- mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, NS_LITERAL_CSTRING("other_ec"));
- }
- }
- } else {
- MOZ_CRASH("Unknown keygen algorithm");
- return;
- }
+/* STUB */
}
nsresult
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp
index 941101265..6bac59f51 100644
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -490,31 +490,6 @@ nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error,
}
}
- if (!event->mStartTime.IsNull()) {
- if (request_canceled) {
- Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 0);
- Telemetry::AccumulateTimeDelta(
- Telemetry::CERT_VALIDATION_HTTP_REQUEST_CANCELED_TIME,
- event->mStartTime, TimeStamp::Now());
- }
- else if (NS_SUCCEEDED(mListener->mResultCode) &&
- mListener->mHttpResponseCode == 200) {
- Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 1);
- Telemetry::AccumulateTimeDelta(
- Telemetry::CERT_VALIDATION_HTTP_REQUEST_SUCCEEDED_TIME,
- event->mStartTime, TimeStamp::Now());
- }
- else {
- Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 2);
- Telemetry::AccumulateTimeDelta(
- Telemetry::CERT_VALIDATION_HTTP_REQUEST_FAILED_TIME,
- event->mStartTime, TimeStamp::Now());
- }
- }
- else {
- Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 3);
- }
-
if (request_canceled) {
return Result::ERROR_OCSP_SERVER_ERROR;
}
@@ -996,7 +971,6 @@ PreliminaryHandshakeDone(PRFileDesc* fd)
} else {
infoObject->SetNegotiatedNPN(nullptr, 0);
}
- mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state);
} else {
infoObject->SetNegotiatedNPN(nullptr, 0);
}
@@ -1091,9 +1065,6 @@ CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart)
}
}
- Telemetry::Accumulate(Telemetry::SSL_REASONS_FOR_NOT_FALSE_STARTING,
- reasonsForNotFalseStarting);
-
if (reasonsForNotFalseStarting == 0) {
*canFalseStart = PR_TRUE;
infoObject->SetFalseStarted();
@@ -1118,7 +1089,6 @@ AccumulateNonECCKeySize(Telemetry::ID probe, uint32_t bits)
: bits < 8192 ? 17 : bits == 8192 ? 18
: bits < 16384 ? 19 : bits == 16384 ? 20
: 0;
- Telemetry::Accumulate(probe, value);
}
// XXX: This attempts to map a bit count to an ECC named curve identifier. In
@@ -1134,7 +1104,6 @@ AccumulateECCCurve(Telemetry::ID probe, uint32_t bits)
: bits == 384 ? 24 // P-384
: bits == 521 ? 25 // P-521
: 0; // Unknown
- Telemetry::Accumulate(probe, value);
}
static void
@@ -1197,7 +1166,6 @@ AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
break;
}
MOZ_ASSERT(value != 0);
- Telemetry::Accumulate(probe, value);
}
// In the case of session resumption, the AuthCertificate hook has been bypassed
@@ -1318,7 +1286,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
// 1=tls1, 2=tls1.1, 3=tls1.2
unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
MOZ_ASSERT(versionEnum > 0);
- Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum);
AccumulateCipherSuite(
infoObject->IsFullHandshake() ? Telemetry::SSL_CIPHER_SUITE_FULL
: Telemetry::SSL_CIPHER_SUITE_RESUMED,
@@ -1331,13 +1298,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
if (rv == SECSuccess) {
usesFallbackCipher = channelInfo.keaType == ssl_kea_dh;
- // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
- Telemetry::Accumulate(
- infoObject->IsFullHandshake()
- ? Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_FULL
- : Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_RESUMED,
- channelInfo.keaType);
-
MOZ_ASSERT(infoObject->GetKEAUsed() == channelInfo.keaType);
if (infoObject->IsFullHandshake()) {
@@ -1359,9 +1319,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
break;
}
- Telemetry::Accumulate(Telemetry::SSL_AUTH_ALGORITHM_FULL,
- channelInfo.authType);
-
// RSA key exchange doesn't use a signature for auth.
if (channelInfo.keaType != ssl_kea_rsa) {
switch (channelInfo.authType) {
@@ -1380,12 +1337,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
}
}
}
-
- Telemetry::Accumulate(
- infoObject->IsFullHandshake()
- ? Telemetry::SSL_SYMMETRIC_CIPHER_FULL
- : Telemetry::SSL_SYMMETRIC_CIPHER_RESUMED,
- cipherInfo.symCipher);
}
}
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index 14b1312de..4fc8c142e 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -805,29 +805,22 @@ nsNSSComponent::MaybeEnableFamilySafetyCompatibility()
if (familySafetyMode > 2) {
familySafetyMode = 0;
}
- Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, familySafetyMode);
if (familySafetyMode == 0) {
return;
}
bool familySafetyEnabled;
nsresult rv = AccountHasFamilySafetyEnabled(familySafetyEnabled);
if (NS_FAILED(rv)) {
- Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 3);
return;
}
if (!familySafetyEnabled) {
- Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 4);
return;
}
- Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 5);
if (familySafetyMode == 2) {
rv = LoadFamilySafetyRoot();
if (NS_FAILED(rv)) {
- Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 6);
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("failed to load Family Safety root"));
- } else {
- Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 7);
}
}
#endif // XP_WIN
@@ -1580,13 +1573,6 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
bool ocspRequired = ocspEnabled &&
Preferences::GetBool("security.OCSP.require", false);
- // We measure the setting of the pref at startup only to minimize noise by
- // addons that may muck with the settings, though it probably doesn't matter.
- if (isInitialSetting) {
- Telemetry::Accumulate(Telemetry::CERT_OCSP_ENABLED, ocspEnabled);
- Telemetry::Accumulate(Telemetry::CERT_OCSP_REQUIRED, ocspRequired);
- }
-
bool ocspStaplingEnabled = Preferences::GetBool("security.ssl.enable_ocsp_stapling",
true);
PublicSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
@@ -1978,9 +1964,6 @@ nsNSSComponent::InitializeNSS()
return NS_ERROR_FAILURE;
}
- if (PK11_IsFIPS()) {
- Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true);
- }
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization done\n"));
return NS_OK;
}
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
index 2d49540fb..93fca396b 100644
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -237,9 +237,6 @@ nsNSSSocketInfo::NoteTimeUntilReady()
mNotedTimeUntilReady = true;
- // This will include TCP and proxy tunnel wait time
- Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY,
- mSocketCreationTimestamp, TimeStamp::Now());
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("[%p] nsNSSSocketInfo::NoteTimeUntilReady\n", mFd));
}
@@ -259,16 +256,6 @@ nsNSSSocketInfo::SetHandshakeCompleted()
: mFalseStarted ? FalseStarted
: mFalseStartCallbackCalled ? ChoseNotToFalseStart
: NotAllowedToFalseStart;
-
- // This will include TCP and proxy tunnel wait time
- Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_HANDSHAKE_FINISHED,
- mSocketCreationTimestamp, TimeStamp::Now());
-
- // If the handshake is completed for the first time from just 1 callback
- // that means that TLS session resumption must have been used.
- Telemetry::Accumulate(Telemetry::SSL_RESUMED_SESSION,
- handshakeType == Resumption);
- Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType);
}
@@ -623,11 +610,6 @@ nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode,
SetCanceled(errorCode, errorMessageType);
}
- if (mPlaintextBytesRead && !errorCode) {
- Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK,
- AssertedCast<uint32_t>(mPlaintextBytesRead));
- }
-
mCertVerificationState = after_cert_verification;
}
@@ -1121,8 +1103,6 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
PRErrorCode originalReason =
helpers.getIntoleranceReason(socketInfo->GetHostName(),
socketInfo->GetPort());
- Telemetry::Accumulate(Telemetry::SSL_VERSION_FALLBACK_INAPPROPRIATE,
- tlsIntoleranceTelemetryBucket(originalReason));
helpers.forgetIntolerance(socketInfo->GetHostName(),
socketInfo->GetPort());
@@ -1144,11 +1124,8 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
helpers.mUnrestrictedRC4Fallback) {
if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
socketInfo->GetPort(), err)) {
- Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
- tlsIntoleranceTelemetryBucket(err));
return true;
}
- Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
}
}
@@ -1191,18 +1168,12 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
return false;
}
- // The difference between _PRE and _POST represents how often we avoided
- // TLS intolerance fallback due to remembered tolerance.
- Telemetry::Accumulate(pre, reason);
-
if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(),
socketInfo->GetPort(),
range.min, range.max, err)) {
return false;
}
- Telemetry::Accumulate(post, reason);
-
return true;
}
@@ -1242,8 +1213,6 @@ reportHandshakeResult(int32_t bytesTransferred, bool wasReading, PRErrorCode err
} else {
bucket = 671;
}
-
- Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT, bucket);
}
int32_t
diff --git a/security/manager/ssl/nsNTLMAuthModule.cpp b/security/manager/ssl/nsNTLMAuthModule.cpp
index a0564118a..46a4a21a0 100644
--- a/security/manager/ssl/nsNTLMAuthModule.cpp
+++ b/security/manager/ssl/nsNTLMAuthModule.cpp
@@ -1009,11 +1009,6 @@ nsNTLMAuthModule::Init(const char *serviceName,
static bool sTelemetrySent = false;
if (!sTelemetrySent) {
- mozilla::Telemetry::Accumulate(
- mozilla::Telemetry::NTLM_MODULE_USED_2,
- serviceFlags & nsIAuthModule::REQ_PROXY_AUTH
- ? NTLM_MODULE_GENERIC_PROXY
- : NTLM_MODULE_GENERIC_DIRECT);
sTelemetrySent = true;
}
diff --git a/security/manager/ssl/nsPKCS11Slot.cpp b/security/manager/ssl/nsPKCS11Slot.cpp
index 780a7c4b2..015f86901 100644
--- a/security/manager/ssl/nsPKCS11Slot.cpp
+++ b/security/manager/ssl/nsPKCS11Slot.cpp
@@ -541,10 +541,6 @@ nsPKCS11ModuleDB::ToggleFIPSMode()
return NS_ERROR_FAILURE;
}
- if (PK11_IsFIPS()) {
- Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true);
- }
-
return NS_OK;
}