Bug 1336507 - Part 2: Move some TLS related stuff from |connect| to |create|, so it is better reflected in candidate labels/codeword. r?drno
MozReview-Commit-ID: GnaJa1EPw0j
--- a/media/mtransport/nr_socket_prsock.cpp
+++ b/media/mtransport/nr_socket_prsock.cpp
@@ -642,16 +642,20 @@ int NrSocket::create(nr_transport_addr *
} else {
r_log(LOG_GENERIC, LOG_CRIT,
"Couldn't get socket send buffer size: %d", status);
}
}
#endif
break;
case IPPROTO_TCP:
+ // TODO: Add TLS layer with nsISocketProviderService?
+ if (my_addr_.tls_host[0] != '\0')
+ ABORT(R_INTERNAL);
+
if (!(fd_ = PR_OpenTCPSocket(naddr.raw.family))) {
r_log(LOG_GENERIC,LOG_CRIT,"Couldn't create TCP socket, "
"family=%d, err=%d", naddr.raw.family, PR_GetError());
ABORT(R_INTERNAL);
}
// Set ReuseAddr for TCP sockets to enable having several
// sockets bound to same local IP and port
PRSocketOptionData opt_reuseaddr;
@@ -868,20 +872,16 @@ void NrSocket::close() {
int NrSocket::connect(nr_transport_addr *addr) {
ASSERT_ON_THREAD(ststhread_);
int r,_status;
PRNetAddr naddr;
int32_t connect_status, getsockname_status;
- // TODO: Add TLS layer with nsISocketProviderService?
- if (addr->tls_host[0] != '\0')
- ABORT(R_INTERNAL);
-
if ((r=nr_transport_addr_to_praddr(addr, &naddr)))
ABORT(r);
if(!fd_)
ABORT(R_EOD);
// Note: this just means we tried to connect, not that we
// are actually live.
@@ -1854,43 +1854,41 @@ void NrTcpSocketIpc::close() {
NS_DISPATCH_NORMAL);
//remove all enqueued messages
std::queue<RefPtr<nr_tcp_message>> empty;
std::swap(msg_queue_, empty);
}
int NrTcpSocketIpc::connect(nr_transport_addr *addr) {
- nsCString remote_addr, local_addr, tls_host;
+ nsCString remote_addr, local_addr;
int32_t remote_port, local_port;
int r, _status;
if ((r=nr_transport_addr_get_addrstring_and_port(addr,
&remote_addr,
&remote_port))) {
ABORT(r);
}
if ((r=nr_transport_addr_get_addrstring_and_port(&my_addr_,
&local_addr,
&local_port))) {
MOZ_ASSERT(false); // shouldn't fail as it was sanity-checked in ::create()
ABORT(r);
}
- tls_host = addr->tls_host;
-
state_ = mirror_state_ = NR_CONNECTING;
RUN_ON_THREAD(io_thread_,
mozilla::WrapRunnable(RefPtr<NrTcpSocketIpc>(this),
&NrTcpSocketIpc::connect_i,
remote_addr,
static_cast<uint16_t>(remote_port),
local_addr,
static_cast<uint16_t>(local_port),
- tls_host),
+ nsCString(my_addr_.tls_host)),
NS_DISPATCH_NORMAL);
// Make caller wait for ready to write.
_status = R_WOULDBLOCK;
abort:
return _status;
}
--- a/media/mtransport/nricectx.cpp
+++ b/media/mtransport/nricectx.cpp
@@ -209,16 +209,20 @@ nsresult NrIceStunServer::ToNicerStunStr
memset(server, 0, sizeof(nr_ice_stun_server));
if (transport_ == kNrIceTransportUdp) {
server->transport = IPPROTO_UDP;
} else if (transport_ == kNrIceTransportTcp) {
server->transport = IPPROTO_TCP;
} else if (transport_ == kNrIceTransportTls) {
server->transport = IPPROTO_TCP;
+ if (has_addr_) {
+ // Refuse to try TLS without an FQDN
+ return NS_ERROR_INVALID_ARG;
+ }
server->tls = 1;
} else {
MOZ_MTLOG(ML_ERROR, "Unsupported STUN server transport: " << transport_);
return NS_ERROR_FAILURE;
}
if (has_addr_) {
r = nr_praddr_to_transport_addr(&addr_, &server->u.addr,
--- a/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_candidate.c
@@ -675,24 +675,16 @@ static int nr_ice_candidate_resolved_cb(
cand->ctx->label,cand->label);
ABORT(R_NOT_FOUND);
}
/* Copy the address */
if(r=nr_transport_addr_copy(&cand->stun_server_addr,addr))
ABORT(r);
- if (cand->stun_server->tls) {
- /* Copy over the DNS name; needed for TLS. There is already a null at the
- * end of the buffer, leave it there. */
- strncpy(cand->stun_server_addr.tls_host,
- cand->stun_server->u.dnsname.host,
- sizeof(cand->stun_server_addr.tls_host) - 1);
- }
-
if (cand->tcp_type == TCP_TYPE_PASSIVE || cand->tcp_type == TCP_TYPE_SO){
if (r=nr_socket_multi_tcp_stun_server_connect(cand->osock, addr))
ABORT(r);
}
/* Now start initializing */
if(r=nr_ice_candidate_initialize2(cand))
ABORT(r);
--- a/media/mtransport/third_party/nICEr/src/ice/ice_component.c
+++ b/media/mtransport/third_party/nICEr/src/ice/ice_component.c
@@ -544,16 +544,24 @@ static int nr_ice_component_initialize_t
cand=0;
}
}
/* Create relay candidate */
if ((r=nr_transport_addr_copy(&addr, &addrs[i].addr)))
ABORT(r);
addr.protocol = IPPROTO_TCP;
+
+ /* If we're going to use TLS, make sure that's recorded */
+ if (ctx->turn_servers[j].turn_server.tls) {
+ strncpy(addr.tls_host,
+ ctx->turn_servers[j].turn_server.u.dnsname.host,
+ sizeof(addr.tls_host) - 1);
+ }
+
if ((r=nr_transport_addr_fmt_addr_string(&addr)))
ABORT(r);
/* Create a local socket */
if((r=nr_socket_factory_create_socket(ctx->socket_factory,&addr,&local_sock))){
r_log(LOG_ICE,LOG_DEBUG,"ICE(%s): couldn't create socket for address %s",ctx->label,addr.as_string);
continue;
}
--- a/media/mtransport/third_party/nICEr/src/net/transport_addr.c
+++ b/media/mtransport/third_party/nICEr/src/net/transport_addr.c
@@ -57,17 +57,21 @@ int nr_transport_addr_fmt_addr_string(nr
{
int _status;
/* Max length for normalized IPv6 address string representation is 39 */
char buffer[40];
const char *protocol;
switch(addr->protocol){
case IPPROTO_TCP:
- protocol = "TCP";
+ if (addr->tls_host[0]) {
+ protocol = "TLS";
+ } else {
+ protocol = "TCP";
+ }
break;
case IPPROTO_UDP:
protocol = "UDP";
break;
default:
ABORT(R_INTERNAL);
}