From 7d3b69729b68d80e7b301e7e1fd05e68e13cc133 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Wed, 20 Jun 2018 19:11:09 +0200
Subject: Fix SSL status ambiguity.

- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
---
 netwerk/base/TLSServerSocket.cpp    | 10 +++++++++-
 netwerk/base/TLSServerSocket.h      |  1 +
 netwerk/base/nsITLSServerSocket.idl | 12 ++++++++++--
 3 files changed, 20 insertions(+), 3 deletions(-)

(limited to 'netwerk/base')

diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp
index b32a9a188..257a7f5da 100644
--- a/netwerk/base/TLSServerSocket.cpp
+++ b/netwerk/base/TLSServerSocket.cpp
@@ -418,6 +418,13 @@ TLSServerConnectionInfo::GetCipherName(nsACString& aCipherName)
   return NS_OK;
 }
 
+NS_IMETHODIMP
+TLSServerConnectionInfo::GetCipherSuite(nsACString& aCipherSuite)
+{
+  aCipherSuite.Assign(mCipherSuite);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 TLSServerConnectionInfo::GetKeyLength(uint32_t* aKeyLength)
 {
@@ -490,7 +497,8 @@ TLSServerConnectionInfo::HandshakeCallback(PRFileDesc* aFD)
   if (NS_FAILED(rv)) {
     return rv;
   }
-  mCipherName.Assign(cipherInfo.cipherSuiteName);
+  mCipherName.Assign(cipherInfo.symCipherName);
+  mCipherSuite.Assign(cipherInfo.cipherSuiteName);
   mKeyLength = cipherInfo.effectiveKeyBits;
   mMacLength = cipherInfo.macBits;
 
diff --git a/netwerk/base/TLSServerSocket.h b/netwerk/base/TLSServerSocket.h
index 9fb57e0cc..fd47fc918 100644
--- a/netwerk/base/TLSServerSocket.h
+++ b/netwerk/base/TLSServerSocket.h
@@ -68,6 +68,7 @@ private:
   nsCOMPtr<nsIX509Cert>                  mPeerCert;
   int16_t                                mTlsVersionUsed;
   nsCString                              mCipherName;
+  nsCString                              mCipherSuite;
   uint32_t                               mKeyLength;
   uint32_t                               mMacLength;
   // lock protects access to mSecurityObserver
diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl
index 9a03c2ead..57485357f 100644
--- a/netwerk/base/nsITLSServerSocket.idl
+++ b/netwerk/base/nsITLSServerSocket.idl
@@ -94,7 +94,7 @@ interface nsITLSServerSocket : nsIServerSocket
  * method of the security observer has been called (see
  * |nsITLSServerSecurityObserver| below).
  */
-[scriptable, uuid(19668ea4-e5ad-4182-9698-7e890d48f327)]
+[scriptable, uuid(205e273d-2439-449b-bfc5-fc555c87dbc4)]
 interface nsITLSClientStatus : nsISupports
 {
   /**
@@ -125,11 +125,19 @@ interface nsITLSClientStatus : nsISupports
   /**
    * cipherName
    *
+   * Name of the symetric cipher used, such as
+   * "AES-GCM" or "CAMELLIA".
+   */
+  readonly attribute ACString cipherName;
+
+  /**
+   * cipherSuite
+   *
    * Name of the cipher suite used, such as
    * "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256".
    * See security/nss/lib/ssl/sslinfo.c for the possible values.
    */
-  readonly attribute ACString cipherName;
+  readonly attribute ACString cipherSuite;
 
   /**
    * keyLength
-- 
cgit v1.2.3