Backed out changeset 9ee10cfc0489 (bug 996238)
authorCarsten "Tomcat" Book <cbook@mozilla.com>
Wed, 01 Apr 2015 16:14:10 +0200
changeset 237056 d599b8a02a0c25cc64a1d9530e2f8335176078c7
parent 237055 7a5a0fe28e9c0bcfc8bbb42b38c0d8afc1cfcbdf
child 237057 f3d44e807d1bb3ed5ed96645f363e2bfbd752594
push id28523
push userkwierso@gmail.com
push dateThu, 02 Apr 2015 00:55:14 +0000
treeherderautoland@37ddc5e2eb72 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs996238
milestone40.0a1
backs out9ee10cfc0489ed25c23412bf68b3addc9a829aec
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 9ee10cfc0489 (bug 996238)
media/mtransport/test/gtest_utils.h
media/mtransport/test/transport_unittests.cpp
media/mtransport/transportlayerdtls.cpp
media/mtransport/transportlayerdtls.h
media/webrtc/signaling/src/peerconnection/MediaPipelineFactory.cpp
media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
--- a/media/mtransport/test/gtest_utils.h
+++ b/media/mtransport/test/gtest_utils.h
@@ -77,15 +77,10 @@
 
 #define EXPECT_TRUE_WAIT(expression, timeout) \
   do { \
     bool res; \
     WAIT_(expression, timeout, res); \
     EXPECT_TRUE(res); \
   } while(0)
 
-#define ASSERT_EQ_WAIT(expected, actual, timeout) \
-  do { \
-    WAIT(expected == actual, timeout); \
-    ASSERT_EQ(expected, actual); \
-  } while(0)
 
 #endif
--- a/media/mtransport/test/transport_unittests.cpp
+++ b/media/mtransport/test/transport_unittests.cpp
@@ -496,30 +496,16 @@ class TransportTestPeer : public sigslot
      flow_ = nullptr;
   }
 
   void SetDtlsAllowAll() {
     nsresult res = dtls_->SetVerificationAllowAll();
     ASSERT_TRUE(NS_SUCCEEDED(res));
   }
 
-  void SetAlpn(std::string str, bool withDefault, std::string extra = "") {
-    std::set<std::string> alpn;
-    alpn.insert(str); // the one we want to select
-    if (!extra.empty()) {
-      alpn.insert(extra);
-    }
-    nsresult res = dtls_->SetAlpn(alpn, withDefault ? str : "");
-    ASSERT_EQ(NS_OK, res);
-  }
-
-  const std::string& GetAlpn() const {
-    return dtls_->GetNegotiatedAlpn();
-  }
-
   void SetDtlsPeer(TransportTestPeer *peer, int digests, unsigned int damage) {
     unsigned int mask = 1;
 
     for (int i=0; i<digests; i++) {
       unsigned char fingerprint_to_set[TransportLayerDtls::kMaxDigestLength];
 
       memcpy(fingerprint_to_set,
              peer->fingerprint_,
@@ -863,53 +849,42 @@ class TransportTest : public ::testing::
     p2_->SetDtlsPeer(p1_, digests, damage);
   }
 
   void SetDtlsAllowAll() {
     p1_->SetDtlsAllowAll();
     p2_->SetDtlsAllowAll();
   }
 
-  void SetAlpn(std::string first, std::string second,
-               bool withDefaults = true) {
-    if (!first.empty()) {
-      p1_->SetAlpn(first, withDefaults, "bogus");
-    }
-    if (!second.empty()) {
-      p2_->SetAlpn(second, withDefaults);
-    }
-  }
+  void ConnectSocket() {
+    test_utils->sts_target()->Dispatch(
+      WrapRunnable(p1_, &TransportTestPeer::ConnectSocket, p2_),
+      NS_DISPATCH_SYNC);
+    test_utils->sts_target()->Dispatch(
+      WrapRunnable(p2_, &TransportTestPeer::ConnectSocket, p1_),
+      NS_DISPATCH_SYNC);
 
-  void CheckAlpn(std::string first, std::string second) {
-    ASSERT_EQ(first, p1_->GetAlpn());
-    ASSERT_EQ(second, p2_->GetAlpn());
-  }
-
-  void ConnectSocket() {
-    ConnectSocketInternal();
     ASSERT_TRUE_WAIT(p1_->connected(), 10000);
     ASSERT_TRUE_WAIT(p2_->connected(), 10000);
 
     ASSERT_EQ(p1_->cipherSuite(), p2_->cipherSuite());
     ASSERT_EQ(p1_->srtpCipher(), p2_->srtpCipher());
   }
 
   void ConnectSocketExpectFail() {
-    ConnectSocketInternal();
+    test_utils->sts_target()->Dispatch(
+      WrapRunnable(p1_, &TransportTestPeer::ConnectSocket, p2_),
+      NS_DISPATCH_SYNC);
+    test_utils->sts_target()->Dispatch(
+      WrapRunnable(p2_, &TransportTestPeer::ConnectSocket, p1_),
+      NS_DISPATCH_SYNC);
     ASSERT_TRUE_WAIT(p1_->failed(), 10000);
     ASSERT_TRUE_WAIT(p2_->failed(), 10000);
   }
 
-  void ConnectSocketExpectState(TransportLayer::State s1,
-                                TransportLayer::State s2) {
-    ConnectSocketInternal();
-    ASSERT_EQ_WAIT(s1, p1_->state(), 10000);
-    ASSERT_EQ_WAIT(s2, p2_->state(), 10000);
-  }
-
   void InitIce() {
     p1_->InitIce();
     p2_->InitIce();
   }
 
   void ConnectIce() {
     p1_->InitIce();
     p2_->InitIce();
@@ -928,25 +903,16 @@ class TransportTest : public ::testing::
       ASSERT_TRUE(rv > 0);
     }
 
     std::cerr << "Received == " << p2_->received() << std::endl;
     ASSERT_TRUE_WAIT(count == p2_->received(), 10000);
   }
 
  protected:
-  void ConnectSocketInternal() {
-    test_utils->sts_target()->Dispatch(
-      WrapRunnable(p1_, &TransportTestPeer::ConnectSocket, p2_),
-      NS_DISPATCH_SYNC);
-    test_utils->sts_target()->Dispatch(
-      WrapRunnable(p2_, &TransportTestPeer::ConnectSocket, p1_),
-      NS_DISPATCH_SYNC);
-  }
-
   PRFileDesc *fds_[2];
   TransportTestPeer *p1_;
   TransportTestPeer *p2_;
   nsCOMPtr<nsIEventTarget> target_;
 };
 
 
 TEST_F(TransportTest, TestNoDtlsVerificationSettings) {
@@ -984,66 +950,16 @@ TEST_F(TransportTest, TestConnectDestroy
   DestroyPeerFlows();
 }
 
 TEST_F(TransportTest, TestConnectAllowAll) {
   SetDtlsAllowAll();
   ConnectSocket();
 }
 
-TEST_F(TransportTest, TestConnectAlpn) {
-  SetDtlsPeer();
-  SetAlpn("a", "a");
-  ConnectSocket();
-  CheckAlpn("a", "a");
-}
-
-TEST_F(TransportTest, TestConnectAlpnMismatch) {
-  SetDtlsPeer();
-  SetAlpn("something", "different");
-  ConnectSocketExpectFail();
-}
-
-TEST_F(TransportTest, TestConnectAlpnServerDefault) {
-  SetDtlsPeer();
-  SetAlpn("def", "");
-  // server allows default, client doesn't support
-  ConnectSocket();
-  CheckAlpn("def", "");
-}
-
-TEST_F(TransportTest, TestConnectAlpnClientDefault) {
-  SetDtlsPeer();
-  SetAlpn("", "clientdef");
-  // client allows default, but server will ignore the extension
-  ConnectSocket();
-  CheckAlpn("", "clientdef");
-}
-
-TEST_F(TransportTest, TestConnectClientNoAlpn) {
-  SetDtlsPeer();
-  // Here the server has ALPN, but no default is allowed.
-  // Reminder: p1 == server, p2 == client
-  SetAlpn("server-nodefault", "", false);
-  // The server doesn't see the extension, so negotiates without it.
-  // But then the server is forced to close when it discovers that ALPN wasn't
-  // negotiated; the client sees a close.
-  ConnectSocketExpectState(TransportLayer::TS_ERROR,
-                           TransportLayer::TS_CLOSED);
-}
-
-TEST_F(TransportTest, TestConnectServerNoAlpn) {
-  SetDtlsPeer();
-  SetAlpn("", "client-nodefault", false);
-  // The client aborts; the server doesn't realize this is a problem and just
-  // sees the close.
-  ConnectSocketExpectState(TransportLayer::TS_CLOSED,
-                           TransportLayer::TS_ERROR);
-}
-
 TEST_F(TransportTest, TestConnectNoDigest) {
   SetDtlsPeer(0, 0);
 
   ConnectSocketExpectFail();
 }
 
 TEST_F(TransportTest, TestConnectBadDigest) {
   SetDtlsPeer(1, 1);
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -3,17 +3,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Original author: ekr@rtfm.com
 
 #include <queue>
 #include <algorithm>
-#include <sstream>
 
 #include "mozilla/UniquePtr.h"
 
 #include "logging.h"
 #include "ssl.h"
 #include "sslerr.h"
 #include "sslproto.h"
 #include "keyhi.h"
@@ -40,17 +39,16 @@ static PRDescIdentity transport_layer_id
 // (e.g., after cert check).
 
 #define UNIMPLEMENTED                                           \
   MOZ_MTLOG(ML_ERROR,                                           \
        "Call to unimplemented function "<< __FUNCTION__);       \
   MOZ_ASSERT(false);                                            \
   PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0)
 
-#define MAX_ALPN_LENGTH 255
 
 // We need to adapt the NSPR/libssl model to the TransportFlow model.
 // The former wants pull semantics and TransportFlow wants push.
 //
 // - A TransportLayerDtls assumes it is sitting on top of another
 //   TransportLayer, which means that events come in asynchronously.
 // - NSS (libssl) wants to sit on top of a PRFileDesc and poll.
 // - The TransportLayerNSPRAdapter is a PRFileDesc containing a
@@ -385,34 +383,16 @@ nsresult TransportLayerDtls::InitInterna
 void TransportLayerDtls::WasInserted() {
   // Connect to the lower layers
   if (!Setup()) {
     TL_SET_STATE(TS_ERROR);
   }
 }
 
 
-// Set the permitted and default ALPN identifiers.
-// The default is here to allow for peers that don't want to negotiate ALPN
-// in that case, the default string will be reported from GetNegotiatedAlpn().
-// Setting the default to the empty string causes the transport layer to fail
-// if ALPN is not negotiated.
-// Note: we only support Unicode strings here, which are encoded into UTF-8,
-// even though ALPN ostensibly allows arbitrary octet sequences.
-nsresult TransportLayerDtls::SetAlpn(
-  const std::set<std::string>& alpn_allowed,
-  const std::string& alpn_default) {
-
-  alpn_allowed_ = alpn_allowed;
-  alpn_default_ = alpn_default;
-
-  return NS_OK;
-}
-
-
 nsresult TransportLayerDtls::SetVerificationAllowAll() {
   // Defensive programming
   if (verification_mode_ != VERIFY_UNSET)
     return NS_ERROR_ALREADY_INITIALIZED;
 
   verification_mode_ = VERIFY_ALLOW_ALL;
 
   return NS_OK;
@@ -579,20 +559,16 @@ bool TransportLayerDtls::Setup() {
   // Certificate validation
   rv = SSL_AuthCertificateHook(ssl_fd, AuthCertificateHook,
                                reinterpret_cast<void *>(this));
   if (rv != SECSuccess) {
     MOZ_MTLOG(ML_ERROR, "Couldn't set certificate validation hook");
     return false;
   }
 
-  if (!SetupAlpn(ssl_fd)) {
-    return false;
-  }
-
   // Now start the handshake
   rv = SSL_ResetHandshake(ssl_fd, role_ == SERVER ? PR_TRUE : PR_FALSE);
   if (rv != SECSuccess) {
     MOZ_MTLOG(ML_ERROR, "Couldn't reset handshake");
     return false;
   }
   ssl_fd_ = ssl_fd.forget();
 
@@ -603,53 +579,16 @@ bool TransportLayerDtls::Setup() {
   if (downward_->state() == TS_OPEN) {
     TL_SET_STATE(TS_CONNECTING);
     Handshake();
   }
 
   return true;
 }
 
-bool TransportLayerDtls::SetupAlpn(PRFileDesc* ssl_fd) const {
-  if (alpn_allowed_.empty()) {
-    return true;
-  }
-
-  SECStatus rv = SSL_OptionSet(ssl_fd, SSL_ENABLE_NPN, PR_FALSE);
-  if (rv != SECSuccess) {
-    MOZ_MTLOG(ML_ERROR, "Couldn't disable NPN");
-    return false;
-  }
-
-  rv = SSL_OptionSet(ssl_fd, SSL_ENABLE_ALPN, PR_TRUE);
-  if (rv != SECSuccess) {
-    MOZ_MTLOG(ML_ERROR, "Couldn't enable ALPN");
-    return false;
-  }
-
-  unsigned char buf[MAX_ALPN_LENGTH];
-  size_t offset = 0;
-  for (auto tag = alpn_allowed_.begin();
-       tag != alpn_allowed_.end(); ++tag) {
-    if ((offset + 1 + tag->length()) >= sizeof(buf)) {
-      MOZ_MTLOG(ML_ERROR, "ALPN too long");
-      return false;
-    }
-    buf[offset++] = tag->length();
-    memcpy(buf + offset, tag->c_str(), tag->length());
-    offset += tag->length();
-  }
-  rv = SSL_SetNextProtoNego(ssl_fd, buf, offset);
-  if (rv != SECSuccess) {
-    MOZ_MTLOG(ML_ERROR, "Couldn't set ALPN string");
-    return false;
-  }
-  return true;
-}
-
 // Ciphers we need to enable.  These are on by default in standard firefox
 // builds, but can be disabled with prefs and they aren't on in our unit tests
 // since that uses NSS default configuration.
 // Only override prefs to comply with MUST statements in the security-arch.
 static const uint32_t EnabledCiphers[] = {
   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 };
@@ -833,23 +772,16 @@ void TransportLayerDtls::Handshake() {
   if (rv == SECSuccess) {
     MOZ_MTLOG(ML_NOTICE,
               LAYER_INFO << "****** SSL handshake completed ******");
     if (!cert_ok_) {
       MOZ_MTLOG(ML_ERROR, LAYER_INFO << "Certificate check never occurred");
       TL_SET_STATE(TS_ERROR);
       return;
     }
-    if (!CheckAlpn()) {
-      // Report an error. Note that failure to negotiate the correct ALPN label
-      // doesn't result in a failure at the NSS layer.
-      TL_SET_STATE(TS_ERROR);
-      return;
-    }
-
     TL_SET_STATE(TS_OPEN);
   } else {
     int32_t err = PR_GetError();
     switch(err) {
       case SSL_ERROR_RX_MALFORMED_HANDSHAKE:
         MOZ_MTLOG(ML_ERROR, LAYER_INFO << "Malformed DTLS message; ignoring");
         // If this were TLS (and not DTLS), this would be fatal, but
         // here we're required to ignore bad messages, so fall through
@@ -871,71 +803,16 @@ void TransportLayerDtls::Handshake() {
       default:
         MOZ_MTLOG(ML_ERROR, LAYER_INFO << "SSL handshake error "<< err);
         TL_SET_STATE(TS_ERROR);
         break;
     }
   }
 }
 
-// Checks if ALPN was negotiated correctly and returns false if it wasn't.
-// After this returns successfully, alpn_ will be set to the negotiated
-// protocol.
-bool TransportLayerDtls::CheckAlpn() {
-  if (alpn_allowed_.empty()) {
-    return true;
-  }
-
-  SSLNextProtoState alpnState;
-  char chosenAlpn[MAX_ALPN_LENGTH];
-  unsigned int chosenAlpnLen;
-  SECStatus rv = SSL_GetNextProto(ssl_fd_, &alpnState,
-                                  reinterpret_cast<unsigned char*>(chosenAlpn),
-                                  &chosenAlpnLen, sizeof(chosenAlpn));
-  if (rv != SECSuccess) {
-    MOZ_MTLOG(ML_ERROR, LAYER_INFO << "ALPN error");
-    return false;
-  }
-  switch (alpnState) {
-    case SSL_NEXT_PROTO_SELECTED:
-    case SSL_NEXT_PROTO_NEGOTIATED:
-      break; // OK
-
-    case SSL_NEXT_PROTO_NO_SUPPORT:
-      MOZ_MTLOG(ML_NOTICE, LAYER_INFO << "ALPN not negotiated, "
-                << (alpn_default_.empty() ? "failing" : "selecting default"));
-      alpn_ = alpn_default_;
-      return !alpn_.empty();
-
-    case SSL_NEXT_PROTO_NO_OVERLAP:
-      // This only happens if there is a custom NPN/ALPN callback installed and
-      // that callback doesn't properly handle ALPN.
-      MOZ_MTLOG(ML_ERROR, LAYER_INFO << "error in ALPN selection callback");
-      return false;
-  }
-
-  // Warning: NSS won't null terminate the ALPN string for us.
-  std::string chosen(chosenAlpn, chosenAlpnLen);
-  MOZ_MTLOG(ML_NOTICE, LAYER_INFO << "Selected ALPN string: " << chosen);
-  if (alpn_allowed_.find(chosen) == alpn_allowed_.end()) {
-    // Maybe our peer chose a protocol we didn't offer (when we are client), or
-    // something is seriously wrong.
-    std::ostringstream ss;
-    for (auto i = alpn_allowed_.begin(); i != alpn_allowed_.end(); ++i) {
-      ss << (i == alpn_allowed_.begin() ? " '" : ", '") << *i << "'";
-    }
-    MOZ_MTLOG(ML_ERROR, LAYER_INFO << "Bad ALPN string: '" << chosen
-              << "'; permitted:" << ss.str());
-    return false;
-  }
-  alpn_ = chosen;
-  return true;
-}
-
-
 void TransportLayerDtls::PacketReceived(TransportLayer* layer,
                                         const unsigned char *data,
                                         size_t len) {
   CheckThread();
   MOZ_MTLOG(ML_DEBUG, LAYER_INFO << "PacketReceived(" << len << ")");
 
   if (state_ != TS_CONNECTING && state_ != TS_OPEN) {
     MOZ_MTLOG(ML_DEBUG,
@@ -1046,38 +923,31 @@ nsresult TransportLayerDtls::SetSrtpCiph
   // TODO: We should check these
   srtp_ciphers_ = ciphers;
 
   return NS_OK;
 }
 
 nsresult TransportLayerDtls::GetSrtpCipher(uint16_t *cipher) const {
   CheckThread();
-  if (state_ != TS_OPEN) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
   SECStatus rv = SSL_GetSRTPCipher(ssl_fd_, cipher);
   if (rv != SECSuccess) {
     MOZ_MTLOG(ML_DEBUG, "No SRTP cipher negotiated");
     return NS_ERROR_FAILURE;
   }
 
   return NS_OK;
 }
 
 nsresult TransportLayerDtls::ExportKeyingMaterial(const std::string& label,
                                                   bool use_context,
                                                   const std::string& context,
                                                   unsigned char *out,
                                                   unsigned int outlen) {
   CheckThread();
-  if (state_ != TS_OPEN) {
-    MOZ_ASSERT(false, "Transport must be open for ExportKeyingMaterial");
-    return NS_ERROR_NOT_AVAILABLE;
-  }
   SECStatus rv = SSL_ExportKeyingMaterial(ssl_fd_,
                                           label.c_str(),
                                           label.size(),
                                           use_context,
                                           reinterpret_cast<const unsigned char *>(
                                               context.c_str()),
                                           context.size(),
                                           out,
--- a/media/mtransport/transportlayerdtls.h
+++ b/media/mtransport/transportlayerdtls.h
@@ -5,17 +5,16 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Original author: ekr@rtfm.com
 
 #ifndef transportlayerdtls_h__
 #define transportlayerdtls_h__
 
 #include <queue>
-#include <set>
 
 #include "sigslot.h"
 
 #include "mozilla/RefPtr.h"
 #include "mozilla/Scoped.h"
 #include "nsCOMPtr.h"
 #include "nsIEventTarget.h"
 #include "nsITimer.h"
@@ -63,20 +62,16 @@ class TransportLayerDtls final : public 
 
   // DTLS-specific operations
   void SetRole(Role role) { role_ = role;}
   Role role() { return role_; }
 
   void SetIdentity(const RefPtr<DtlsIdentity>& identity) {
     identity_ = identity;
   }
-  nsresult SetAlpn(const std::set<std::string>& allowedAlpn,
-                   const std::string& alpnDefault);
-  const std::string& GetNegotiatedAlpn() const { return alpn_; }
-
   nsresult SetVerificationAllowAll();
   nsresult SetVerificationDigest(const std::string digest_algorithm,
                                  const unsigned char *digest_value,
                                  size_t digest_len);
 
   nsresult GetCipherSuite(uint16_t* cipherSuite) const;
 
   nsresult SetSrtpCiphers(std::vector<uint16_t> ciphers);
@@ -131,21 +126,18 @@ class TransportLayerDtls final : public 
    private:
     ~VerificationDigest() {}
     DISALLOW_COPY_ASSIGN(VerificationDigest);
   };
 
 
   bool Setup();
   bool SetupCipherSuites(PRFileDesc* ssl_fd) const;
-  bool SetupAlpn(PRFileDesc* ssl_fd) const;
   void Handshake();
 
-  bool CheckAlpn();
-
   static SECStatus GetClientAuthDataHook(void *arg, PRFileDesc *fd,
                                          CERTDistNames *caNames,
                                          CERTCertificate **pRetCert,
                                          SECKEYPrivateKey **pRetKey);
   static SECStatus AuthCertificateHook(void *arg,
                                        PRFileDesc *fd,
                                        PRBool checksig,
                                        PRBool isServer);
@@ -154,23 +146,16 @@ class TransportLayerDtls final : public 
                                 PRBool isServer);
 
   static void TimerCallback(nsITimer *timer, void *arg);
 
   SECStatus CheckDigest(const RefPtr<VerificationDigest>& digest,
                         CERTCertificate *cert);
 
   RefPtr<DtlsIdentity> identity_;
-  // What ALPN identifiers are permitted.
-  std::set<std::string> alpn_allowed_;
-  // What ALPN identifier is used if ALPN is not supported.
-  // The empty string indicates that ALPN is required.
-  std::string alpn_default_;
-  // What ALPN string was negotiated.
-  std::string alpn_;
   std::vector<uint16_t> srtp_ciphers_;
 
   Role role_;
   Verification verification_mode_;
   std::vector<RefPtr<VerificationDigest> > digests_;
 
   // Must delete nspr_io_adapter after ssl_fd_ b/c ssl_fd_ causes an alert
   // (ssl_fd_ contains an un-owning pointer to nspr_io_adapter_)
--- a/media/webrtc/signaling/src/peerconnection/MediaPipelineFactory.cpp
+++ b/media/webrtc/signaling/src/peerconnection/MediaPipelineFactory.cpp
@@ -194,32 +194,16 @@ MediaPipelineFactory::CreateOrGetTranspo
   srtpCiphers.push_back(SRTP_AES128_CM_HMAC_SHA1_32);
 
   rv = dtls->SetSrtpCiphers(srtpCiphers);
   if (NS_FAILED(rv)) {
     MOZ_MTLOG(ML_ERROR, "Couldn't set SRTP ciphers");
     return rv;
   }
 
-  // Always permits negotiation of the confidential mode.
-  // Only allow non-confidential (which is an allowed default),
-  // if we aren't confidential.
-  std::set<std::string> alpn;
-  std::string alpnDefault = "";
-  alpn.insert("c-webrtc");
-  if (!mPC->PrivacyRequested()) {
-    alpnDefault = "webrtc";
-    alpn.insert(alpnDefault);
-  }
-  rv = dtls->SetAlpn(alpn, alpnDefault);
-  if (NS_FAILED(rv)) {
-    MOZ_MTLOG(ML_ERROR, "Couldn't set ALPN");
-    return rv;
-  }
-
   nsAutoPtr<PtrVector<TransportLayer> > layers(new PtrVector<TransportLayer>);
   layers->values.push_back(ice.release());
   layers->values.push_back(dtls.release());
 
   rv = mPCMedia->GetSTSThread()->Dispatch(
       WrapRunnableNM(FinalizeTransportFlow_s, mPCMedia, flow, aLevel, aIsRtcp,
                      layers),
       NS_DISPATCH_NORMAL);
--- a/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
+++ b/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
@@ -951,24 +951,24 @@ PeerConnectionMedia::OnCandidateFound_m(
 void
 PeerConnectionMedia::EndOfLocalCandidates_m(const std::string& aDefaultAddr,
                                             uint16_t aDefaultPort,
                                             uint16_t aMLine) {
   SignalEndOfLocalCandidates(aDefaultAddr, aDefaultPort, aMLine);
 }
 
 void
-PeerConnectionMedia::DtlsConnected_s(TransportLayer *layer,
+PeerConnectionMedia::DtlsConnected_s(TransportLayer *dtlsLayer,
                                      TransportLayer::State state)
 {
-  MOZ_ASSERT(layer->id() == "dtls");
-  TransportLayerDtls* dtlsLayer = static_cast<TransportLayerDtls*>(layer);
   dtlsLayer->SignalStateChange.disconnect(this);
 
-  bool privacyRequested = (dtlsLayer->GetNegotiatedAlpn() == "c-webrtc");
+  bool privacyRequested = false;
+  // TODO (Bug 952678) set privacy mode, ask the DTLS layer about that
+  // This has to be a dispatch to a static method, we could be going away
   GetMainThread()->Dispatch(
     WrapRunnableNM(&PeerConnectionMedia::DtlsConnected_m,
                    mParentHandle, privacyRequested),
     NS_DISPATCH_NORMAL);
 }
 
 void
 PeerConnectionMedia::DtlsConnected_m(const std::string& aParentHandle,