Bug 1495120 - Wire up ESNI r=dragana
authorEKR <ekr@rtfm.com>
Fri, 28 Sep 2018 22:37:20 +0000
changeset 494608 4d786f9a4ba01d567e6c6072efdf85fbf2bc59e0
parent 494607 dddc696490f879565d67445acefcb638138e3d4a
child 494609 4c208d905a9d49216f0a53c4aaa1ca3f38f3d2e6
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdragana
bugs1495120
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1495120 - Wire up ESNI r=dragana Differential Revision: https://phabricator.services.mozilla.com/D7221
security/manager/ssl/nsNSSIOLayer.cpp
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -10,16 +10,17 @@
 
 #include "NSSCertDBTrustDomain.h"
 #include "NSSErrorsService.h"
 #include "PSMRunnable.h"
 #include "SSLServerCertVerification.h"
 #include "ScopedNSSTypes.h"
 #include "SharedSSLState.h"
 #include "keyhi.h"
+#include "mozilla/Base64.h"
 #include "mozilla/Casting.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Logging.h"
 #include "mozilla/Move.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Telemetry.h"
 #include "nsArray.h"
 #include "nsArrayUtils.h"
@@ -1015,26 +1016,32 @@ nsNSSSocketInfo::GetEsniTxt(nsACString &
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::SetEsniTxt(const nsACString & aEsniTxt)
 {
   mEsniTxt = aEsniTxt;
 
   if (mEsniTxt.Length()) {
-    fprintf(stderr,"\n\nTODO - SSL_EnableSNI() [%s] (%d bytes)\n",
-            mEsniTxt.get(), mEsniTxt.Length());
-
-#if 0
+    nsAutoCString esniBin;
+    if (NS_OK != Base64Decode(mEsniTxt, esniBin)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+              ("[%p] Invalid ESNIKeys record. Couldn't base64 decode\n",
+               (void*) mFd));
+      return NS_OK;
+    }
+
     if (SECSuccess != SSL_EnableESNI(mFd,
-                                     reinterpret_cast<const PRUint8*>(mEsniTxt.get()),
-                                     mEsniTxt.Length(), "dummy.invalid")) {
-      return NS_ERROR_FAILURE;
+                                     reinterpret_cast<const PRUint8*>(esniBin.get()),
+                                     esniBin.Length(), nullptr)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("[%p] Invalid ESNIKeys record %s\n",
+                                            (void*) mFd,
+                                            PR_ErrorToName(PR_GetError())));
+      return NS_OK;
     }
-#endif
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::GetServerRootCertIsBuiltInRoot(bool *aIsBuiltInRoot)
 {