Bug 1495120 - Wire up ESNI r=dragana
☠☠ backed out by 669ffcf8bc71 ☠ ☠
authorEKR <ekr@rtfm.com>
Fri, 28 Sep 2018 22:37:20 +0000
changeset 494467 d2edbb87f3d283ab2c2fb6f8ad3408f792a6bd27
parent 494466 2bb54a57856e9eb57aafd38d399ba9391f57dad9
child 494468 ff322e379a4d0c7a837b89ecb5f12eca38538492
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdragana
bugs1495120
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1495120 - Wire up ESNI r=dragana Differential Revision: https://phabricator.services.mozilla.com/D7221
security/manager/ssl/nsNSSIOLayer.cpp
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -10,16 +10,17 @@
 
 #include "NSSCertDBTrustDomain.h"
 #include "NSSErrorsService.h"
 #include "PSMRunnable.h"
 #include "SSLServerCertVerification.h"
 #include "ScopedNSSTypes.h"
 #include "SharedSSLState.h"
 #include "keyhi.h"
+#include "mozilla/Base64.h"
 #include "mozilla/Casting.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Logging.h"
 #include "mozilla/Move.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Telemetry.h"
 #include "nsArray.h"
 #include "nsArrayUtils.h"
@@ -1015,26 +1016,32 @@ nsNSSSocketInfo::GetEsniTxt(nsACString &
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::SetEsniTxt(const nsACString & aEsniTxt)
 {
   mEsniTxt = aEsniTxt;
 
   if (mEsniTxt.Length()) {
-    fprintf(stderr,"\n\nTODO - SSL_EnableSNI() [%s] (%d bytes)\n",
-            mEsniTxt.get(), mEsniTxt.Length());
-
-#if 0
+    nsAutoCString esniBin;
+    if (NS_OK != Base64Decode(mEsniTxt, esniBin)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+              ("[%p] Invalid ESNIKeys record. Couldn't base64 decode\n",
+               (void*) mFd));
+      return NS_OK;
+    }
+
     if (SECSuccess != SSL_EnableESNI(mFd,
-                                     reinterpret_cast<const PRUint8*>(mEsniTxt.get()),
-                                     mEsniTxt.Length(), "dummy.invalid")) {
-      return NS_ERROR_FAILURE;
+                                     reinterpret_cast<const PRUint8*>(esniBin.get()),
+                                     esniBin.Length(), nullptr)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("[%p] Invalid ESNIKeys record %s\n",
+                                            (void*) mFd,
+                                            PR_ErrorToName(PR_GetError())));
+      return NS_OK;
     }
-#endif
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSSocketInfo::GetServerRootCertIsBuiltInRoot(bool *aIsBuiltInRoot)
 {