summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsNSSIOLayer.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/nsNSSIOLayer.cpp')
-rw-r--r--security/manager/ssl/nsNSSIOLayer.cpp89
1 files changed, 1 insertions, 88 deletions
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
index 2d49540fb..d2549c52d 100644
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -237,9 +237,6 @@ nsNSSSocketInfo::NoteTimeUntilReady()
mNotedTimeUntilReady = true;
- // This will include TCP and proxy tunnel wait time
- Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY,
- mSocketCreationTimestamp, TimeStamp::Now());
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("[%p] nsNSSSocketInfo::NoteTimeUntilReady\n", mFd));
}
@@ -259,16 +256,6 @@ nsNSSSocketInfo::SetHandshakeCompleted()
: mFalseStarted ? FalseStarted
: mFalseStartCallbackCalled ? ChoseNotToFalseStart
: NotAllowedToFalseStart;
-
- // This will include TCP and proxy tunnel wait time
- Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_HANDSHAKE_FINISHED,
- mSocketCreationTimestamp, TimeStamp::Now());
-
- // If the handshake is completed for the first time from just 1 callback
- // that means that TLS session resumption must have been used.
- Telemetry::Accumulate(Telemetry::SSL_RESUMED_SESSION,
- handshakeType == Resumption);
- Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType);
}
@@ -623,11 +610,6 @@ nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode,
SetCanceled(errorCode, errorMessageType);
}
- if (mPlaintextBytesRead && !errorCode) {
- Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK,
- AssertedCast<uint32_t>(mPlaintextBytesRead));
- }
-
mCertVerificationState = after_cert_verification;
}
@@ -1121,8 +1103,6 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
PRErrorCode originalReason =
helpers.getIntoleranceReason(socketInfo->GetHostName(),
socketInfo->GetPort());
- Telemetry::Accumulate(Telemetry::SSL_VERSION_FALLBACK_INAPPROPRIATE,
- tlsIntoleranceTelemetryBucket(originalReason));
helpers.forgetIntolerance(socketInfo->GetHostName(),
socketInfo->GetPort());
@@ -1144,11 +1124,8 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
helpers.mUnrestrictedRC4Fallback) {
if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
socketInfo->GetPort(), err)) {
- Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
- tlsIntoleranceTelemetryBucket(err));
return true;
}
- Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
}
}
@@ -1191,18 +1168,12 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
return false;
}
- // The difference between _PRE and _POST represents how often we avoided
- // TLS intolerance fallback due to remembered tolerance.
- Telemetry::Accumulate(pre, reason);
-
if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(),
socketInfo->GetPort(),
range.min, range.max, err)) {
return false;
}
- Telemetry::Accumulate(post, reason);
-
return true;
}
@@ -1242,8 +1213,6 @@ reportHandshakeResult(int32_t bytesTransferred, bool wasReading, PRErrorCode err
} else {
bucket = 671;
}
-
- Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT, bucket);
}
int32_t
@@ -1947,59 +1916,12 @@ nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings,
}
SECItem* dername;
- SECStatus rv;
- int headerlen;
- uint32_t contentlen;
- SECItem newitem;
int n;
char* namestring;
for (n = 0; n < caNames->nnames; n++) {
- newitem.data = nullptr;
dername = &caNames->names[n];
- rv = DER_Lengths(dername, &headerlen, &contentlen);
-
- if (rv != SECSuccess) {
- goto loser;
- }
-
- if (headerlen + contentlen != dername->len) {
- // This must be from an enterprise 2.x server, which sent
- // incorrectly formatted der without the outer wrapper of type and
- // length. Fix it up by adding the top level header.
- if (dername->len <= 127) {
- newitem.data = (unsigned char*) PR_Malloc(dername->len + 2);
- if (!newitem.data) {
- goto loser;
- }
- newitem.data[0] = (unsigned char) 0x30;
- newitem.data[1] = (unsigned char) dername->len;
- (void) memcpy(&newitem.data[2], dername->data, dername->len);
- } else if (dername->len <= 255) {
- newitem.data = (unsigned char*) PR_Malloc(dername->len + 3);
- if (!newitem.data) {
- goto loser;
- }
- newitem.data[0] = (unsigned char) 0x30;
- newitem.data[1] = (unsigned char) 0x81;
- newitem.data[2] = (unsigned char) dername->len;
- (void) memcpy(&newitem.data[3], dername->data, dername->len);
- } else {
- // greater than 256, better be less than 64k
- newitem.data = (unsigned char*) PR_Malloc(dername->len + 4);
- if (!newitem.data) {
- goto loser;
- }
- newitem.data[0] = (unsigned char) 0x30;
- newitem.data[1] = (unsigned char) 0x82;
- newitem.data[2] = (unsigned char) ((dername->len >> 8) & 0xff);
- newitem.data[3] = (unsigned char) (dername->len & 0xff);
- memcpy(&newitem.data[4], dername->data, dername->len);
- }
- dername = &newitem;
- }
-
namestring = CERT_DerNameToAscii(dername);
if (!namestring) {
// XXX - keep going until we fail to convert the name
@@ -2008,21 +1930,12 @@ nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings,
caNameStrings[n] = PORT_ArenaStrdup(arena.get(), namestring);
PR_Free(namestring);
if (!caNameStrings[n]) {
- goto loser;
+ return SECFailure;
}
}
-
- if (newitem.data) {
- PR_Free(newitem.data);
- }
}
return SECSuccess;
-loser:
- if (newitem.data) {
- PR_Free(newitem.data);
- }
- return SECFailure;
}
// Possible behaviors for choosing a cert for client auth.
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-27 02:44:58 +0000