Bug 1286694 - Part 2: Add TLS version configuration function to nsITLSServerSocket. r=dragana a=gchang
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Sat, 16 Jul 2016 22:50:12 +0900
changeset 462162 bdc4df57a2234d32aefe8470593dee3f2e682ce1
parent 462161 e7fb3b64ad2df6f3ad035ab17fc9c8444bce6af6
child 462163 87cdc832e054458169a65c54fdde29a83faae925
push id41678
push userfelipc@gmail.com
push dateMon, 16 Jan 2017 20:19:38 +0000
reviewersdragana, gchang
bugs1286694
milestone51.0
Bug 1286694 - Part 2: Add TLS version configuration function to nsITLSServerSocket. r=dragana a=gchang MozReview-Commit-ID: CNiDXV9Um27
netwerk/base/TLSServerSocket.cpp
netwerk/base/nsITLSServerSocket.idl
--- a/netwerk/base/TLSServerSocket.cpp
+++ b/netwerk/base/TLSServerSocket.cpp
@@ -240,16 +240,33 @@ TLSServerSocket::SetCipherSuites(uint16_
     if (SSL_CipherPrefSet(mFD, aCipherSuites[i], true) != SECSuccess) {
       return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
     }
   }
 
   return NS_OK;
 }
 
+NS_IMETHODIMP
+TLSServerSocket::SetVersionRange(uint16_t aMinVersion, uint16_t aMaxVersion)
+{
+  // If AsyncListen was already called (and set mListener), it's too late to set
+  // this.
+  if (NS_WARN_IF(mListener)) {
+    return NS_ERROR_IN_PROGRESS;
+  }
+
+  SSLVersionRange range = {aMinVersion, aMaxVersion};
+  if (SSL_VersionRangeSet(mFD, &range) != SECSuccess) {
+    return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+  }
+
+  return NS_OK;
+}
+
 //-----------------------------------------------------------------------------
 // TLSServerConnectionInfo
 //-----------------------------------------------------------------------------
 
 namespace {
 
 class TLSServerSecurityObserverProxy final : public nsITLSServerSecurityObserver
 {
--- a/netwerk/base/nsITLSServerSocket.idl
+++ b/netwerk/base/nsITLSServerSocket.idl
@@ -64,16 +64,28 @@ interface nsITLSServerSocket : nsIServer
   /**
    * setCipherSuites
    *
    * The server's cipher suites that is used by the TLS handshake.
    * This is required to be set before calling |asyncListen|.
    */
   void setCipherSuites([array, size_is(aLength)] in unsigned short aCipherSuites,
                        in unsigned long aLength);
+
+  /**
+   * setVersionRange
+   *
+   * The server's TLS versions that is used by the TLS handshake.
+   * This is required to be set before calling |asyncListen|.
+   *
+   * aMinVersion and aMaxVersion is a TLS version value from
+   * |nsITLSClientStatus| constants.
+   */
+  void setVersionRange(in unsigned short aMinVersion,
+                       in unsigned short aMaxVersion);
 };
 
 /**
  * Security summary for a given TLS client connection being handled by a
  * |nsITLSServerSocket| server.
  *
  * This is accessible through the security info object on the transport, which
  * will be an instance of |nsITLSServerConnectionInfo| (see below).