From 7d3b69729b68d80e7b301e7e1fd05e68e13cc133 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Wed, 20 Jun 2018 19:11:09 +0200 Subject: Fix SSL status ambiguity. - Adds CipherSuite string with the full suite - Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does. --- security/manager/ssl/TransportSecurityInfo.cpp | 4 ++-- security/manager/ssl/nsISSLStatus.idl | 3 ++- security/manager/ssl/nsSSLStatus.cpp | 19 ++++++++++++++++++- security/manager/ssl/nsSSLStatus.h | 5 +++-- 4 files changed, 25 insertions(+), 6 deletions(-) (limited to 'security/manager') diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp index 101e2332c..fe39f4017 100644 --- a/security/manager/ssl/TransportSecurityInfo.cpp +++ b/security/manager/ssl/TransportSecurityInfo.cpp @@ -304,8 +304,8 @@ TransportSecurityInfo::GetInterface(const nsIID & uuid, void * *result) // of the previous value. This is so when older versions attempt to // read a newer serialized TransportSecurityInfo, they will actually // fail and return NS_ERROR_FAILURE instead of silently failing. -#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0x1faa, 0x4169, \ - { 0xb0, 0xd2, 0x81, 0x29, 0xec, 0x7c, 0xb1, 0xde } } +#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0xa940, 0x4002, \ + { 0x94, 0x3c, 0x43, 0xc4, 0x67, 0x38, 0x8f, 0x3d } } static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC); NS_IMETHODIMP diff --git a/security/manager/ssl/nsISSLStatus.idl b/security/manager/ssl/nsISSLStatus.idl index 52cb1df30..d8b5c2164 100644 --- a/security/manager/ssl/nsISSLStatus.idl +++ b/security/manager/ssl/nsISSLStatus.idl @@ -8,11 +8,12 @@ interface nsIX509Cert; -[scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)] +[scriptable, uuid(5415626b-2930-440e-bfc5-55c87dbc4511)] interface nsISSLStatus : nsISupports { readonly attribute nsIX509Cert serverCert; readonly attribute ACString cipherName; + readonly attribute ACString cipherSuite; readonly attribute unsigned long keyLength; readonly attribute unsigned long secretKeyLength; [must_use] diff --git a/security/manager/ssl/nsSSLStatus.cpp b/security/manager/ssl/nsSSLStatus.cpp index 7f9915cb2..b2453d271 100644 --- a/security/manager/ssl/nsSSLStatus.cpp +++ b/security/manager/ssl/nsSSLStatus.cpp @@ -72,7 +72,24 @@ nsSSLStatus::GetCipherName(nsACString& aCipherName) return NS_ERROR_FAILURE; } - aCipherName.Assign(cipherInfo.cipherSuiteName); + aCipherName.Assign(cipherInfo.symCipherName); + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetCipherSuite(nsACString& aCipherSuite) +{ + if (!mHaveCipherSuiteAndProtocol) { + return NS_ERROR_NOT_AVAILABLE; + } + + SSLCipherSuiteInfo cipherInfo; + if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo, + sizeof(cipherInfo)) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + aCipherSuite.Assign(cipherInfo.cipherSuiteName); return NS_OK; } diff --git a/security/manager/ssl/nsSSLStatus.h b/security/manager/ssl/nsSSLStatus.h index 74f9d0f01..acba1cb30 100644 --- a/security/manager/ssl/nsSSLStatus.h +++ b/security/manager/ssl/nsSSLStatus.h @@ -69,8 +69,9 @@ private: nsCOMPtr mServerCert; }; +// 600cd77a-e45c-4184-bfc5-55c87dbc4511 #define NS_SSLSTATUS_CID \ -{ 0xe2f14826, 0x9e70, 0x4647, \ - { 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } } +{ 0x600cd77a, 0xe45c, 0x4184, \ + { 0xbf, 0xc5, 0x55, 0xc8, 0x7d, 0xbc, 0x45, 0x11 } } #endif -- cgit v1.2.3