Bug 1286694 - Part 1: Add TLS version configuration function to nsITLSServerSocket. r?dragana draft
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Sat, 16 Jul 2016 22:50:12 +0900
changeset 388629 7a78b531389913bc644d5bcdcb5c0a4fe38eed4b
parent 388620 4c05938a64a7fde3ac2d7f4493aee1c5f2ad8a0a
child 388630 59f49675395307a5888b551a78952ae8a7af9cb4
push id23214
push userVYV03354@nifty.ne.jp
push dateSat, 16 Jul 2016 15:24:57 +0000
reviewersdragana
bugs1286694
milestone50.0a1
Bug 1286694 - Part 1: Add TLS version configuration function to nsITLSServerSocket. r?dragana MozReview-Commit-ID: CNiDXV9Um27
netwerk/base/TLSServerSocket.cpp
netwerk/base/nsITLSServerSocket.idl
--- a/netwerk/base/TLSServerSocket.cpp
+++ b/netwerk/base/TLSServerSocket.cpp
@@ -240,16 +240,33 @@ TLSServerSocket::SetCipherSuites(uint16_
     if (SSL_CipherPrefSet(mFD, aCipherSuites[i], true) != SECSuccess) {
       return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
     }
   }
 
   return NS_OK;
 }
 
+NS_IMETHODIMP
+TLSServerSocket::SetVersionRange(uint16_t aMinVersion, uint16_t aMaxVersion)
+{
+  // If AsyncListen was already called (and set mListener), it's too late to set
+  // this.
+  if (NS_WARN_IF(mListener)) {
+    return NS_ERROR_IN_PROGRESS;
+  }
+
+  SSLVersionRange range = {aMinVersion, aMaxVersion};
+  if (SSL_VersionRangeSet(mFD, &range) != SECSuccess) {
+    return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+  }
+
+  return NS_OK;
+}
+
 //-----------------------------------------------------------------------------
 // TLSServerConnectionInfo
 //-----------------------------------------------------------------------------
 
 namespace {
 
 class TLSServerSecurityObserverProxy final : public nsITLSServerSecurityObserver
 {
--- a/netwerk/base/nsITLSServerSocket.idl
+++ b/netwerk/base/nsITLSServerSocket.idl
@@ -64,16 +64,28 @@ interface nsITLSServerSocket : nsIServer
   /**
    * setCipherSuites
    *
    * The server's cipher suites that is used by the TLS handshake.
    * This is required to be set before calling |asyncListen|.
    */
   void setCipherSuites([array, size_is(aLength)] in unsigned short aCipherSuites,
                        in unsigned long aLength);
+
+  /**
+   * setVersionRange
+   *
+   * The server's TLS versions that is used by the TLS handshake.
+   * This is required to be set before calling |asyncListen|.
+   *
+   * aMinVersion and aMaxVersion is a TLS version value from
+   * |nsITLSClientStatus| constants.
+   */
+  void setVersionRange(in unsigned short aMinVersion,
+                       in unsigned short aMaxVersion);
 };
 
 /**
  * Security summary for a given TLS client connection being handled by a
  * |nsITLSServerSocket| server.
  *
  * This is accessible through the security info object on the transport, which
  * will be an instance of |nsITLSServerConnectionInfo| (see below).