Bug 1320252 - Send early-data even without alpn. r=keeler
authorDragana Damjanovic <dd.mozilla@gmail.com>
Fri, 06 Jan 2017 11:51:00 -0500
changeset 457404 5460aadc576101e5924ade45b265e0a72636c15e
parent 457403 8dc2ec20e9981c073363a839495dab1453f41f83
child 457405 1a9af299bd523c977310a25397655f9c0cd1dd1d
push id40743
push userjwein@mozilla.com
push dateSat, 07 Jan 2017 21:35:53 +0000
reviewerskeeler
bugs1320252
milestone53.0a1
Bug 1320252 - Send early-data even without alpn. r=keeler
security/manager/ssl/nsNSSIOLayer.cpp
security/nss.symbols
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -302,33 +302,44 @@ nsNSSSocketInfo::GetNegotiatedNPN(nsACSt
 
   aNegotiatedNPN = mNegotiatedNPN;
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::GetAlpnEarlySelection(nsACString& aAlpnSelected)
 {
+  aAlpnSelected.Truncate();
+
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown() || isPK11LoggedOut()) {
     return NS_ERROR_NOT_AVAILABLE;
   }
+
+  SSLPreliminaryChannelInfo info;
+  SECStatus rv = SSL_GetPreliminaryChannelInfo(mFd, &info, sizeof(info));
+  if (rv != SECSuccess || !info.canSendEarlyData) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
   SSLNextProtoState alpnState;
   unsigned char chosenAlpn[MAX_ALPN_LENGTH];
   unsigned int chosenAlpnLen;
-  SECStatus rv = SSL_GetNextProto(mFd, &alpnState, chosenAlpn, &chosenAlpnLen,
-                                  AssertedCast<unsigned int>(ArrayLength(chosenAlpn)));
+  rv = SSL_GetNextProto(mFd, &alpnState, chosenAlpn, &chosenAlpnLen,
+                        AssertedCast<unsigned int>(ArrayLength(chosenAlpn)));
 
-  if (rv != SECSuccess || alpnState != SSL_NEXT_PROTO_EARLY_VALUE ||
-      chosenAlpnLen == 0) {
+  if (rv != SECSuccess) {
     return NS_ERROR_NOT_AVAILABLE;
   }
 
-  aAlpnSelected.Assign(BitwiseCast<char*, unsigned char*>(chosenAlpn),
-                       chosenAlpnLen);
+  if (alpnState == SSL_NEXT_PROTO_EARLY_VALUE) {
+    aAlpnSelected.Assign(BitwiseCast<char*, unsigned char*>(chosenAlpn),
+                         chosenAlpnLen);
+  }
+
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::GetEarlyDataAccepted(bool* aAccepted)
 {
   *aAccepted = mEarlyDataAccepted;
   return NS_OK;
--- a/security/nss.symbols
+++ b/security/nss.symbols
@@ -663,16 +663,17 @@ SSL_ConfigServerSessionIDCache
 SSL_ExportKeyingMaterial
 SSL_ForceHandshake
 SSL_GetChannelInfo
 SSL_GetCipherSuiteInfo
 SSL_GetClientAuthDataHook
 SSL_GetImplementedCiphers
 SSL_GetNextProto
 SSL_GetNumImplementedCiphers
+SSL_GetPreliminaryChannelInfo
 SSL_GetSRTPCipher
 SSL_GetStatistics
 SSL_HandshakeCallback
 SSL_HandshakeNegotiatedExtension
 SSL_ImplementedCiphers @DATA@
 SSL_ImportFD
 SSL_NamedGroupConfig
 SSL_NumImplementedCiphers @DATA@