diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2016-09-06 13:04:14 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2016-09-06 13:04:14 +0200 |
| commit | 40c7711f91256c58b0a79e9083491de48851929f (patch) | |
| tree | f318bbf2719df6d8311bd394d0a91d16c2839647 /netwerk | |
| parent | 6a9ad973b279cc32b55bf5fd071b2205c0e03771 (diff) | |
| download | palemoon-gre-40c7711f91256c58b0a79e9083491de48851929f.tar.gz | |
Fix SSL status ambiguity.
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
This is a reimplementation of 811ce3ff4939b7ece26ad5f99878fc58b92edf7c for Tycho.
Diffstat (limited to 'netwerk')
| -rw-r--r-- | netwerk/base/TLSServerSocket.cpp | 10 | ||||
| -rw-r--r-- | netwerk/base/TLSServerSocket.h | 1 | ||||
| -rw-r--r-- | netwerk/base/nsITLSServerSocket.idl | 12 |
3 files changed, 20 insertions, 3 deletions
diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp index d02fa974f..b1fc5fa9d 100644 --- a/netwerk/base/TLSServerSocket.cpp +++ b/netwerk/base/TLSServerSocket.cpp @@ -380,6 +380,13 @@ TLSServerConnectionInfo::GetCipherName(nsACString& aCipherName) } NS_IMETHODIMP +TLSServerConnectionInfo::GetCipherSuite(nsACString& aCipherSuite) +{ + aCipherSuite.Assign(mCipherSuite); + return NS_OK; +} + +NS_IMETHODIMP TLSServerConnectionInfo::GetKeyLength(uint32_t* aKeyLength) { if (NS_WARN_IF(!aKeyLength)) { @@ -451,7 +458,8 @@ TLSServerConnectionInfo::HandshakeCallback(PRFileDesc* aFD) if (NS_FAILED(rv)) { return rv; } - mCipherName.Assign(cipherInfo.cipherSuiteName); + mCipherName.Assign(cipherInfo.symCipherName); + mCipherSuite.Assign(cipherInfo.cipherSuiteName); mKeyLength = cipherInfo.effectiveKeyBits; mMacLength = cipherInfo.macBits; diff --git a/netwerk/base/TLSServerSocket.h b/netwerk/base/TLSServerSocket.h index 6adc4134a..179873e0a 100644 --- a/netwerk/base/TLSServerSocket.h +++ b/netwerk/base/TLSServerSocket.h @@ -68,6 +68,7 @@ private: nsCOMPtr<nsIX509Cert> mPeerCert; int16_t mTlsVersionUsed; nsCString mCipherName; + nsCString mCipherSuite; uint32_t mKeyLength; uint32_t mMacLength; // lock protects access to mSecurityObserver diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl index e22596072..c7ce6a539 100644 --- a/netwerk/base/nsITLSServerSocket.idl +++ b/netwerk/base/nsITLSServerSocket.idl @@ -73,7 +73,7 @@ interface nsITLSServerSocket : nsIServerSocket * method of the security observer has been called (see * |nsITLSServerSecurityObserver| below). */ -[scriptable, uuid(19668ea4-e5ad-4182-9698-7e890d48f327)] +[scriptable, uuid(205e273d-2439-449b-bfc5-fc555c87dbc4)] interface nsITLSClientStatus : nsISupports { /** @@ -103,11 +103,19 @@ interface nsITLSClientStatus : nsISupports /** * cipherName * + * Name of the symetric cipher used, such as + * "AES-GCM" or "CAMELLIA". + */ + readonly attribute ACString cipherName; + + /** + * cipherSuite + * * Name of the cipher suite used, such as * "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256". * See security/nss/lib/ssl/sslinfo.c for the possible values. */ - readonly attribute ACString cipherName; + readonly attribute ACString cipherSuite; /** * keyLength |