summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-06-20 19:11:09 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-06-20 19:14:58 +0200
commita00a8b05f008faf072ef60c73193044d884ea0cf (patch)
treec54c93de5921a6abd0439affbbc878ed9f6e43da /security
parent73738dc3c661a8a6cc0f504e16079c057efa9b33 (diff)
downloaduxp-a00a8b05f008faf072ef60c73193044d884ea0cf.tar.gz
Fix SSL status ambiguity.
- Adds CipherSuite string with the full suite - Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
Diffstat (limited to 'security')
-rw-r--r--security/manager/ssl/TransportSecurityInfo.cpp4
-rw-r--r--security/manager/ssl/nsISSLStatus.idl3
-rw-r--r--security/manager/ssl/nsSSLStatus.cpp19
-rw-r--r--security/manager/ssl/nsSSLStatus.h5
4 files changed, 25 insertions, 6 deletions
diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp
index 101e2332c6..fe39f40171 100644
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -304,8 +304,8 @@ TransportSecurityInfo::GetInterface(const nsIID & uuid, void * *result)
// of the previous value. This is so when older versions attempt to
// read a newer serialized TransportSecurityInfo, they will actually
// fail and return NS_ERROR_FAILURE instead of silently failing.
-#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0x1faa, 0x4169, \
- { 0xb0, 0xd2, 0x81, 0x29, 0xec, 0x7c, 0xb1, 0xde } }
+#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0xa940, 0x4002, \
+ { 0x94, 0x3c, 0x43, 0xc4, 0x67, 0x38, 0x8f, 0x3d } }
static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC);
NS_IMETHODIMP
diff --git a/security/manager/ssl/nsISSLStatus.idl b/security/manager/ssl/nsISSLStatus.idl
index 52cb1df30a..d8b5c2164f 100644
--- a/security/manager/ssl/nsISSLStatus.idl
+++ b/security/manager/ssl/nsISSLStatus.idl
@@ -8,11 +8,12 @@
interface nsIX509Cert;
-[scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)]
+[scriptable, uuid(5415626b-2930-440e-bfc5-55c87dbc4511)]
interface nsISSLStatus : nsISupports {
readonly attribute nsIX509Cert serverCert;
readonly attribute ACString cipherName;
+ readonly attribute ACString cipherSuite;
readonly attribute unsigned long keyLength;
readonly attribute unsigned long secretKeyLength;
[must_use]
diff --git a/security/manager/ssl/nsSSLStatus.cpp b/security/manager/ssl/nsSSLStatus.cpp
index 7f9915cb2a..b2453d2718 100644
--- a/security/manager/ssl/nsSSLStatus.cpp
+++ b/security/manager/ssl/nsSSLStatus.cpp
@@ -72,7 +72,24 @@ nsSSLStatus::GetCipherName(nsACString& aCipherName)
return NS_ERROR_FAILURE;
}
- aCipherName.Assign(cipherInfo.cipherSuiteName);
+ aCipherName.Assign(cipherInfo.symCipherName);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetCipherSuite(nsACString& aCipherSuite)
+{
+ if (!mHaveCipherSuiteAndProtocol) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+ SSLCipherSuiteInfo cipherInfo;
+ if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
+ sizeof(cipherInfo)) != SECSuccess) {
+ return NS_ERROR_FAILURE;
+ }
+
+ aCipherSuite.Assign(cipherInfo.cipherSuiteName);
return NS_OK;
}
diff --git a/security/manager/ssl/nsSSLStatus.h b/security/manager/ssl/nsSSLStatus.h
index 74f9d0f018..acba1cb30d 100644
--- a/security/manager/ssl/nsSSLStatus.h
+++ b/security/manager/ssl/nsSSLStatus.h
@@ -69,8 +69,9 @@ private:
nsCOMPtr<nsIX509Cert> mServerCert;
};
+// 600cd77a-e45c-4184-bfc5-55c87dbc4511
#define NS_SSLSTATUS_CID \
-{ 0xe2f14826, 0x9e70, 0x4647, \
- { 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } }
+{ 0x600cd77a, 0xe45c, 0x4184, \
+ { 0xbf, 0xc5, 0x55, 0xc8, 0x7d, 0xbc, 0x45, 0x11 } }
#endif