Bug 402726, Allow to view cert on SSL protocol errors r=rrelyea, r=neil, r=gavin, a=dsicore
authorkaie@kuix.de
Tue, 20 Nov 2007 09:59:33 -0800
changeset 8223 6b1f67fccbd40dcd38128466389d1f7efe3846eb
parent 8222 3de520a03e1effb4d98206bc66b7d0c193bc704a
child 8224 88b2a48fa4ca7e4d39a22692ebec902d3c60671b
push id1
push userbsmedberg@mozilla.com
push dateThu, 20 Mar 2008 16:49:24 +0000
treeherderautoland@61007906a1f8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrrelyea, neil, gavin, dsicore
bugs402726
milestone1.9b2pre
Bug 402726, Allow to view cert on SSL protocol errors r=rrelyea, r=neil, r=gavin, a=dsicore
browser/base/content/pageinfo/security.js
security/manager/ssl/src/nsNSSCallbacks.cpp
--- a/browser/base/content/pageinfo/security.js
+++ b/browser/base/content/pageinfo/security.js
@@ -72,25 +72,34 @@ var security = {
     var status = ui.SSLStatus;
 
     if (status) {
       status.QueryInterface(nsISSLStatus);
       var cert = status.serverCert;
       var issuerName =
         this.mapIssuerOrganization(cert.issuerOrganization) || cert.issuerName;
 
-      return {
+      var retval = {
         hostName : hName,
         cAName : issuerName,
-        encryptionAlgorithm : status.cipherName,
-        encryptionStrength : status.secretKeyLength,
+        encryptionAlgorithm : undefined,
+        encryptionStrength : undefined,
         isBroken : isBroken,
         cert : cert,
         fullLocation : gWindow.location
       };
+
+      try {
+        retval.encryptionAlgorithm = status.cipherName;
+        retval.encryptionStrength = status.secretKeyLength;
+      }
+      catch (e) {
+      }
+
+      return retval;
     } else {
       return {
         hostName : hName,
         cAName : "",
         encryptionAlgorithm : "",
         encryptionStrength : 0,
         isBroken : isBroken,
         cert : null,
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -848,27 +848,27 @@ SECStatus PR_CALLBACK AuthCertificateCal
                             const_cast<char*>(nickname.get()), PR_FALSE);
             PK11_FreeSlot(slot);
           }
         }
       }
 
       CERT_DestroyCertList(certList);
     }
-    else {
-      // The connection will be terminated, let's provide a minimal SSLStatus
-      // to the caller that contains at least the cert and its status.
-      nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+
+    // The connection may get terminated, for example, if the server requires
+    // a client cert. Let's provide a minimal SSLStatus
+    // to the caller that contains at least the cert and its status.
+    nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
 
-      nsCOMPtr<nsSSLStatus> status;
-      infoObject->GetSSLStatus(getter_AddRefs(status));
-      if (!status) {
-        status = new nsSSLStatus();
-        infoObject->SetSSLStatus(status);
-      }
-      if (status) {
-        status->mServerCert = new nsNSSCertificate(serverCert);
-      }
+    nsCOMPtr<nsSSLStatus> status;
+    infoObject->GetSSLStatus(getter_AddRefs(status));
+    if (!status) {
+      status = new nsSSLStatus();
+      infoObject->SetSSLStatus(status);
+    }
+    if (status) {
+      status->mServerCert = new nsNSSCertificate(serverCert);
     }
   }
 
   return rv;
 }