diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-09-04 07:41:14 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-09-04 07:41:14 +0200 |
commit | 45ec2bceb4822646805136b8874a3681b14e78ef (patch) | |
tree | d1db6daa9b40f85e6bc36a6768d1b74d735454f8 /security/manager/ssl | |
parent | 7d73b3fbfe1cd4f3a45b569f98f19041f95a50b9 (diff) | |
parent | 2e00eb87ef299e6eb7521670e6a6720fee19f5fc (diff) | |
download | UXP-45ec2bceb4822646805136b8874a3681b14e78ef.tar UXP-45ec2bceb4822646805136b8874a3681b14e78ef.tar.gz UXP-45ec2bceb4822646805136b8874a3681b14e78ef.tar.lz UXP-45ec2bceb4822646805136b8874a3681b14e78ef.tar.xz UXP-45ec2bceb4822646805136b8874a3681b14e78ef.zip |
Merge branch 'master' of https://github.com/MoonchildProductions/UXP
Diffstat (limited to 'security/manager/ssl')
-rw-r--r-- | security/manager/ssl/DataStorage.cpp | 3 | ||||
-rw-r--r-- | security/manager/ssl/SSLServerCertVerification.cpp | 147 | ||||
-rw-r--r-- | security/manager/ssl/nsKeygenHandler.cpp | 43 | ||||
-rw-r--r-- | security/manager/ssl/nsNSSCallbacks.cpp | 49 | ||||
-rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 17 | ||||
-rw-r--r-- | security/manager/ssl/nsNSSIOLayer.cpp | 31 | ||||
-rw-r--r-- | security/manager/ssl/nsNTLMAuthModule.cpp | 5 | ||||
-rw-r--r-- | security/manager/ssl/nsPKCS11Slot.cpp | 4 |
8 files changed, 4 insertions, 295 deletions
diff --git a/security/manager/ssl/DataStorage.cpp b/security/manager/ssl/DataStorage.cpp index 2d9dbf5c4..c765fed00 100644 --- a/security/manager/ssl/DataStorage.cpp +++ b/security/manager/ssl/DataStorage.cpp @@ -276,9 +276,6 @@ DataStorage::Reader::Run() } } } while (true); - - Telemetry::Accumulate(Telemetry::DATA_STORAGE_ENTRIES, - mDataStorage->mPersistentDataTable.Count()); } return NS_OK; diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp index 4ef79f54a..757534955 100644 --- a/security/manager/ssl/SSLServerCertVerification.cpp +++ b/security/manager/ssl/SSLServerCertVerification.cpp @@ -567,15 +567,12 @@ CertErrorRunnable::CheckCertOverrides() // want a ballpark answer, we don't care. if (mErrorCodeTrust != 0) { uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTrust); - Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue); } if (mErrorCodeMismatch != 0) { uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeMismatch); - Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue); } if (mErrorCodeTime != 0) { uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTime); - Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue); } // all errors are covered by override rules, so let's accept the cert @@ -660,7 +657,6 @@ CreateCertErrorRunnable(CertVerifier& certVerifier, MOZ_ASSERT(cert); uint32_t probeValue = MapCertErrorToProbeValue(defaultErrorCodeToReport); - Telemetry::Accumulate(Telemetry::SSL_CERT_VERIFICATION_ERRORS, probeValue); uint32_t collected_errors = 0; PRErrorCode errorCodeTrust = 0; @@ -869,19 +865,11 @@ void AccumulateSubjectCommonNameTelemetry(const char* commonName, bool commonNameInSubjectAltNames) { - if (!commonName) { - // 1 means no common name present - Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 1); - } else if (!commonNameInSubjectAltNames) { + if (!commonNameInSubjectAltNames) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("BR telemetry: common name '%s' not in subject alt. names " "(or the subject alt. names extension is not present)\n", commonName)); - // 2 means the common name is not present in subject alt names - Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 2); - } else { - // 0 means the common name is present in subject alt names - Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 0); } } @@ -947,8 +935,6 @@ GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList) MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("BR telemetry: no subject alt names extension for '%s'\n", commonName.get())); - // 1 means there is no subject alt names extension - Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 1); AccumulateSubjectCommonNameTelemetry(commonName.get(), false); return; } @@ -960,8 +946,6 @@ GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList) MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("BR telemetry: could not decode subject alt names for '%s'\n", commonName.get())); - // 2 means the subject alt names extension could not be decoded - Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 2); AccumulateSubjectCommonNameTelemetry(commonName.get(), false); return; } @@ -1044,24 +1028,6 @@ GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList) currentName = CERT_GetNextGeneralName(currentName); } while (currentName && currentName != subjectAltNames); - if (nonDNSNameOrIPAddressPresent) { - // 3 means there's an entry that isn't an ip address or dns name - Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 3); - } - if (malformedDNSNameOrIPAddressPresent) { - // 4 means there's a malformed ip address or dns name entry - Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 4); - } - if (nonFQDNPresent) { - // 5 means there's a DNS name entry with a non-fully-qualified domain name - Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 5); - } - if (!nonDNSNameOrIPAddressPresent && !malformedDNSNameOrIPAddressPresent && - !nonFQDNPresent) { - // 0 means the extension is acceptable - Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 0); - } - AccumulateSubjectCommonNameTelemetry(commonName.get(), commonNameInSubjectAltNames); } @@ -1111,7 +1077,6 @@ GatherEKUTelemetry(const UniqueCERTCertList& certList) } if (!foundEKU) { - Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 0); return; } @@ -1133,18 +1098,6 @@ GatherEKUTelemetry(const UniqueCERTCertList& certList) foundOther = true; } } - - // Cases 3 is included only for completeness. It should never - // appear in these statistics, because CheckExtendedKeyUsage() - // should require the EKU extension, if present, to contain the - // value id_kp_serverAuth. - if (foundServerAuth && !foundOther) { - Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 1); - } else if (foundServerAuth && foundOther) { - Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 2); - } else if (!foundServerAuth) { - Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 3); - } } // Gathers telemetry on which CA is the root of a given cert chain. @@ -1210,9 +1163,6 @@ GatherEndEntityTelemetry(const UniqueCERTCertList& certList) if (durationInWeeks > (2 * ONE_YEAR_IN_WEEKS)) { durationInWeeks = (2 * ONE_YEAR_IN_WEEKS) + 1; } - - Telemetry::Accumulate(Telemetry::SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME, - durationInWeeks); } // There are various things that we want to measure about certificate @@ -1229,75 +1179,14 @@ GatherSuccessfulValidationTelemetry(const UniqueCERTCertList& certList) void GatherTelemetryForSingleSCT(const ct::SignedCertificateTimestamp& sct) { - // See SSL_SCTS_ORIGIN in Histograms.json. - uint32_t origin = 0; - switch (sct.origin) { - case ct::SignedCertificateTimestamp::Origin::Embedded: - origin = 1; - break; - case ct::SignedCertificateTimestamp::Origin::TLSExtension: - origin = 2; - break; - case ct::SignedCertificateTimestamp::Origin::OCSPResponse: - origin = 3; - break; - default: - MOZ_ASSERT_UNREACHABLE("Unexpected SCT::Origin type"); - } - Telemetry::Accumulate(Telemetry::SSL_SCTS_ORIGIN, origin); - - // See SSL_SCTS_VERIFICATION_STATUS in Histograms.json. - uint32_t verificationStatus = 0; - switch (sct.verificationStatus) { - case ct::SignedCertificateTimestamp::VerificationStatus::OK: - verificationStatus = 1; - break; - case ct::SignedCertificateTimestamp::VerificationStatus::UnknownLog: - verificationStatus = 2; - break; - case ct::SignedCertificateTimestamp::VerificationStatus::InvalidSignature: - verificationStatus = 3; - break; - case ct::SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp: - verificationStatus = 4; - break; - default: - MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type"); - } - Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS, - verificationStatus); +/* STUB */ } void GatherCertificateTransparencyTelemetry(const UniqueCERTCertList& certList, const CertificateTransparencyInfo& info) { - if (!info.enabled) { - // No telemetry is gathered when CT is disabled. - return; - } - - if (!info.processedSCTs) { - // We didn't receive any SCT data for this connection. - Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, 0); - return; - } - - for (const ct::SignedCertificateTimestamp& sct : info.verifyResult.scts) { - GatherTelemetryForSingleSCT(sct); - } - - // Decoding errors are reported to the 0th bucket - // of the SSL_SCTS_VERIFICATION_STATUS enumerated probe. - for (size_t i = 0; i < info.verifyResult.decodingErrors; ++i) { - Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS, 0); - } - - // Handle the histogram of SCTs counts. - uint32_t sctsCount = static_cast<uint32_t>(info.verifyResult.scts.length()); - // Note that sctsCount can be 0 in case we've received SCT binary data, - // but it failed to parse (e.g. due to unsupported CT protocol version). - Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, sctsCount); +/* STUB */ } // Note: Takes ownership of |peerCertChain| if SECSuccess is not returned. @@ -1350,29 +1239,6 @@ AuthCertificate(CertVerifier& certVerifier, uint32_t evStatus = (rv != Success) ? 0 // 0 = Failure : (evOidPolicy == SEC_OID_UNKNOWN) ? 1 // 1 = DV : 2; // 2 = EV - Telemetry::Accumulate(Telemetry::CERT_EV_STATUS, evStatus); - - if (ocspStaplingStatus != CertVerifier::OCSP_STAPLING_NEVER_CHECKED) { - Telemetry::Accumulate(Telemetry::SSL_OCSP_STAPLING, ocspStaplingStatus); - } - if (keySizeStatus != KeySizeStatus::NeverChecked) { - Telemetry::Accumulate(Telemetry::CERT_CHAIN_KEY_SIZE_STATUS, - static_cast<uint32_t>(keySizeStatus)); - } - if (sha1ModeResult != SHA1ModeResult::NeverChecked) { - Telemetry::Accumulate(Telemetry::CERT_CHAIN_SHA1_POLICY_STATUS, - static_cast<uint32_t>(sha1ModeResult)); - } - - if (pinningTelemetryInfo.accumulateForRoot) { - Telemetry::Accumulate(Telemetry::CERT_PINNING_FAILURES_BY_CA, - pinningTelemetryInfo.rootBucket); - } - - if (pinningTelemetryInfo.accumulateResult) { - Telemetry::Accumulate(pinningTelemetryInfo.certPinningResultHistogram, - pinningTelemetryInfo.certPinningResultBucket); - } if (rv == Success) { // Certificate verification succeeded. Delete any potential record of @@ -1517,7 +1383,6 @@ SSLServerCertVerificationJob::Run() new SSLServerCertVerificationResult(mInfoObject, 0, successTelemetry, interval)); restart->Dispatch(); - Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1); return NS_OK; } @@ -1527,7 +1392,6 @@ SSLServerCertVerificationJob::Run() { TimeStamp now = TimeStamp::Now(); MutexAutoLock telemetryMutex(*gSSLVerificationTelemetryMutex); - Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now); } if (error != 0) { RefPtr<CertErrorRunnable> runnable( @@ -1694,7 +1558,6 @@ AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig, PRBool isServer) MOZ_ASSERT(peerCertChain || rv != SECSuccess, "AuthCertificate() should take ownership of chain on failure"); if (rv == SECSuccess) { - Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1); return SECSuccess; } @@ -1782,10 +1645,6 @@ SSLServerCertVerificationResult::Dispatch() NS_IMETHODIMP SSLServerCertVerificationResult::Run() { - // TODO: Assert that we're on the socket transport thread - if (mTelemetryID != Telemetry::HistogramCount) { - Telemetry::Accumulate(mTelemetryID, mTelemetryValue); - } // XXX: This cast will be removed by the next patch ((nsNSSSocketInfo*) mInfoObject.get()) ->SetCertVerificationResult(mErrorCode, mErrorMessageType); diff --git a/security/manager/ssl/nsKeygenHandler.cpp b/security/manager/ssl/nsKeygenHandler.cpp index c4529f877..9196e200c 100644 --- a/security/manager/ssl/nsKeygenHandler.cpp +++ b/security/manager/ssl/nsKeygenHandler.cpp @@ -399,48 +399,7 @@ loser: void GatherKeygenTelemetry(uint32_t keyGenMechanism, int keysize, char* curve) { - if (keyGenMechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) { - if (keysize > 8196 || keysize < 0) { - return; - } - - nsCString telemetryValue("rsa"); - telemetryValue.AppendPrintf("%d", keysize); - mozilla::Telemetry::Accumulate( - mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, telemetryValue); - } else if (keyGenMechanism == CKM_EC_KEY_PAIR_GEN) { - nsCString secp384r1 = NS_LITERAL_CSTRING("secp384r1"); - nsCString secp256r1 = NS_LITERAL_CSTRING("secp256r1"); - - mozilla::UniqueSECItem decoded = DecodeECParams(curve); - if (!decoded) { - switch (keysize) { - case 2048: - mozilla::Telemetry::Accumulate( - mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1); - break; - case 1024: - case 512: - mozilla::Telemetry::Accumulate( - mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1); - break; - } - } else { - if (secp384r1.EqualsIgnoreCase(curve, secp384r1.Length())) { - mozilla::Telemetry::Accumulate( - mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1); - } else if (secp256r1.EqualsIgnoreCase(curve, secp256r1.Length())) { - mozilla::Telemetry::Accumulate( - mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1); - } else { - mozilla::Telemetry::Accumulate( - mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, NS_LITERAL_CSTRING("other_ec")); - } - } - } else { - MOZ_CRASH("Unknown keygen algorithm"); - return; - } +/* STUB */ } nsresult diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp index 941101265..6bac59f51 100644 --- a/security/manager/ssl/nsNSSCallbacks.cpp +++ b/security/manager/ssl/nsNSSCallbacks.cpp @@ -490,31 +490,6 @@ nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error, } } - if (!event->mStartTime.IsNull()) { - if (request_canceled) { - Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 0); - Telemetry::AccumulateTimeDelta( - Telemetry::CERT_VALIDATION_HTTP_REQUEST_CANCELED_TIME, - event->mStartTime, TimeStamp::Now()); - } - else if (NS_SUCCEEDED(mListener->mResultCode) && - mListener->mHttpResponseCode == 200) { - Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 1); - Telemetry::AccumulateTimeDelta( - Telemetry::CERT_VALIDATION_HTTP_REQUEST_SUCCEEDED_TIME, - event->mStartTime, TimeStamp::Now()); - } - else { - Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 2); - Telemetry::AccumulateTimeDelta( - Telemetry::CERT_VALIDATION_HTTP_REQUEST_FAILED_TIME, - event->mStartTime, TimeStamp::Now()); - } - } - else { - Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 3); - } - if (request_canceled) { return Result::ERROR_OCSP_SERVER_ERROR; } @@ -996,7 +971,6 @@ PreliminaryHandshakeDone(PRFileDesc* fd) } else { infoObject->SetNegotiatedNPN(nullptr, 0); } - mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state); } else { infoObject->SetNegotiatedNPN(nullptr, 0); } @@ -1091,9 +1065,6 @@ CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart) } } - Telemetry::Accumulate(Telemetry::SSL_REASONS_FOR_NOT_FALSE_STARTING, - reasonsForNotFalseStarting); - if (reasonsForNotFalseStarting == 0) { *canFalseStart = PR_TRUE; infoObject->SetFalseStarted(); @@ -1118,7 +1089,6 @@ AccumulateNonECCKeySize(Telemetry::ID probe, uint32_t bits) : bits < 8192 ? 17 : bits == 8192 ? 18 : bits < 16384 ? 19 : bits == 16384 ? 20 : 0; - Telemetry::Accumulate(probe, value); } // XXX: This attempts to map a bit count to an ECC named curve identifier. In @@ -1134,7 +1104,6 @@ AccumulateECCCurve(Telemetry::ID probe, uint32_t bits) : bits == 384 ? 24 // P-384 : bits == 521 ? 25 // P-521 : 0; // Unknown - Telemetry::Accumulate(probe, value); } static void @@ -1197,7 +1166,6 @@ AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo) break; } MOZ_ASSERT(value != 0); - Telemetry::Accumulate(probe, value); } // In the case of session resumption, the AuthCertificate hook has been bypassed @@ -1318,7 +1286,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { // 1=tls1, 2=tls1.1, 3=tls1.2 unsigned int versionEnum = channelInfo.protocolVersion & 0xFF; MOZ_ASSERT(versionEnum > 0); - Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum); AccumulateCipherSuite( infoObject->IsFullHandshake() ? Telemetry::SSL_CIPHER_SUITE_FULL : Telemetry::SSL_CIPHER_SUITE_RESUMED, @@ -1331,13 +1298,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { if (rv == SECSuccess) { usesFallbackCipher = channelInfo.keaType == ssl_kea_dh; - // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4 - Telemetry::Accumulate( - infoObject->IsFullHandshake() - ? Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_FULL - : Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_RESUMED, - channelInfo.keaType); - MOZ_ASSERT(infoObject->GetKEAUsed() == channelInfo.keaType); if (infoObject->IsFullHandshake()) { @@ -1359,9 +1319,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { break; } - Telemetry::Accumulate(Telemetry::SSL_AUTH_ALGORITHM_FULL, - channelInfo.authType); - // RSA key exchange doesn't use a signature for auth. if (channelInfo.keaType != ssl_kea_rsa) { switch (channelInfo.authType) { @@ -1380,12 +1337,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { } } } - - Telemetry::Accumulate( - infoObject->IsFullHandshake() - ? Telemetry::SSL_SYMMETRIC_CIPHER_FULL - : Telemetry::SSL_SYMMETRIC_CIPHER_RESUMED, - cipherInfo.symCipher); } } diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 14b1312de..4fc8c142e 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -805,29 +805,22 @@ nsNSSComponent::MaybeEnableFamilySafetyCompatibility() if (familySafetyMode > 2) { familySafetyMode = 0; } - Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, familySafetyMode); if (familySafetyMode == 0) { return; } bool familySafetyEnabled; nsresult rv = AccountHasFamilySafetyEnabled(familySafetyEnabled); if (NS_FAILED(rv)) { - Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 3); return; } if (!familySafetyEnabled) { - Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 4); return; } - Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 5); if (familySafetyMode == 2) { rv = LoadFamilySafetyRoot(); if (NS_FAILED(rv)) { - Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 6); MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to load Family Safety root")); - } else { - Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 7); } } #endif // XP_WIN @@ -1580,13 +1573,6 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, bool ocspRequired = ocspEnabled && Preferences::GetBool("security.OCSP.require", false); - // We measure the setting of the pref at startup only to minimize noise by - // addons that may muck with the settings, though it probably doesn't matter. - if (isInitialSetting) { - Telemetry::Accumulate(Telemetry::CERT_OCSP_ENABLED, ocspEnabled); - Telemetry::Accumulate(Telemetry::CERT_OCSP_REQUIRED, ocspRequired); - } - bool ocspStaplingEnabled = Preferences::GetBool("security.ssl.enable_ocsp_stapling", true); PublicSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled); @@ -1978,9 +1964,6 @@ nsNSSComponent::InitializeNSS() return NS_ERROR_FAILURE; } - if (PK11_IsFIPS()) { - Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true); - } MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization done\n")); return NS_OK; } diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp index 2d49540fb..93fca396b 100644 --- a/security/manager/ssl/nsNSSIOLayer.cpp +++ b/security/manager/ssl/nsNSSIOLayer.cpp @@ -237,9 +237,6 @@ nsNSSSocketInfo::NoteTimeUntilReady() mNotedTimeUntilReady = true; - // This will include TCP and proxy tunnel wait time - Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY, - mSocketCreationTimestamp, TimeStamp::Now()); MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] nsNSSSocketInfo::NoteTimeUntilReady\n", mFd)); } @@ -259,16 +256,6 @@ nsNSSSocketInfo::SetHandshakeCompleted() : mFalseStarted ? FalseStarted : mFalseStartCallbackCalled ? ChoseNotToFalseStart : NotAllowedToFalseStart; - - // This will include TCP and proxy tunnel wait time - Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_HANDSHAKE_FINISHED, - mSocketCreationTimestamp, TimeStamp::Now()); - - // If the handshake is completed for the first time from just 1 callback - // that means that TLS session resumption must have been used. - Telemetry::Accumulate(Telemetry::SSL_RESUMED_SESSION, - handshakeType == Resumption); - Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType); } @@ -623,11 +610,6 @@ nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode, SetCanceled(errorCode, errorMessageType); } - if (mPlaintextBytesRead && !errorCode) { - Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK, - AssertedCast<uint32_t>(mPlaintextBytesRead)); - } - mCertVerificationState = after_cert_verification; } @@ -1121,8 +1103,6 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) PRErrorCode originalReason = helpers.getIntoleranceReason(socketInfo->GetHostName(), socketInfo->GetPort()); - Telemetry::Accumulate(Telemetry::SSL_VERSION_FALLBACK_INAPPROPRIATE, - tlsIntoleranceTelemetryBucket(originalReason)); helpers.forgetIntolerance(socketInfo->GetHostName(), socketInfo->GetPort()); @@ -1144,11 +1124,8 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) helpers.mUnrestrictedRC4Fallback) { if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(), socketInfo->GetPort(), err)) { - Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, - tlsIntoleranceTelemetryBucket(err)); return true; } - Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0); } } @@ -1191,18 +1168,12 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) return false; } - // The difference between _PRE and _POST represents how often we avoided - // TLS intolerance fallback due to remembered tolerance. - Telemetry::Accumulate(pre, reason); - if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(), socketInfo->GetPort(), range.min, range.max, err)) { return false; } - Telemetry::Accumulate(post, reason); - return true; } @@ -1242,8 +1213,6 @@ reportHandshakeResult(int32_t bytesTransferred, bool wasReading, PRErrorCode err } else { bucket = 671; } - - Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT, bucket); } int32_t diff --git a/security/manager/ssl/nsNTLMAuthModule.cpp b/security/manager/ssl/nsNTLMAuthModule.cpp index a0564118a..46a4a21a0 100644 --- a/security/manager/ssl/nsNTLMAuthModule.cpp +++ b/security/manager/ssl/nsNTLMAuthModule.cpp @@ -1009,11 +1009,6 @@ nsNTLMAuthModule::Init(const char *serviceName, static bool sTelemetrySent = false; if (!sTelemetrySent) { - mozilla::Telemetry::Accumulate( - mozilla::Telemetry::NTLM_MODULE_USED_2, - serviceFlags & nsIAuthModule::REQ_PROXY_AUTH - ? NTLM_MODULE_GENERIC_PROXY - : NTLM_MODULE_GENERIC_DIRECT); sTelemetrySent = true; } diff --git a/security/manager/ssl/nsPKCS11Slot.cpp b/security/manager/ssl/nsPKCS11Slot.cpp index 780a7c4b2..015f86901 100644 --- a/security/manager/ssl/nsPKCS11Slot.cpp +++ b/security/manager/ssl/nsPKCS11Slot.cpp @@ -541,10 +541,6 @@ nsPKCS11ModuleDB::ToggleFIPSMode() return NS_ERROR_FAILURE; } - if (PK11_IsFIPS()) { - Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true); - } - return NS_OK; } |