Mercurial > mozreview > gecko / changeset / 9bab9be8e9343ac18eaa641592aeaaf5ce6735f6
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1286694 - Part 2: Add TLS version configuration function to nsITLSServerSocket. r?dragana draft
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Sat, 16 Jul 2016 22:50:12 +0900
changeset 389661 9bab9be8e9343ac18eaa641592aeaaf5ce6735f6
parent 389660 7214c64cf4798f0622df13eebbfc3e4ddbe0c952
child 389662 732dba5768d6da0ed766ca7ee1dde0b0268cfaaf
child 389727 734558698df8b4ed2a939e9f7c6cb98941802294
push id23481
push userVYV03354@nifty.ne.jp
push dateTue, 19 Jul 2016 20:05:43 +0000
reviewersdragana
bugs1286694
milestone50.0a1
Bug 1286694 - Part 2: Add TLS version configuration function to nsITLSServerSocket. r?dragana MozReview-Commit-ID: CNiDXV9Um27
netwerk/base/TLSServerSocket.cpp file | annotate | diff | comparison | revisions
netwerk/base/nsITLSServerSocket.idl file | annotate | diff | comparison | revisions 
--- a/netwerk/base/TLSServerSocket.cpp
+++ b/netwerk/base/TLSServerSocket.cpp
@@ -240,16 +240,33 @@ TLSServerSocket::SetCipherSuites(uint16_
     if (SSL_CipherPrefSet(mFD, aCipherSuites[i], true) != SECSuccess) {
       return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
     }
   }
 
   return NS_OK;
 }
 
+NS_IMETHODIMP
+TLSServerSocket::SetVersionRange(uint16_t aMinVersion, uint16_t aMaxVersion)
+{
+  // If AsyncListen was already called (and set mListener), it's too late to set
+  // this.
+  if (NS_WARN_IF(mListener)) {
+    return NS_ERROR_IN_PROGRESS;
+  }
+
+  SSLVersionRange range = {aMinVersion, aMaxVersion};
+  if (SSL_VersionRangeSet(mFD, &range) != SECSuccess) {
+    return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+  }
+
+  return NS_OK;
+}
+
 //-----------------------------------------------------------------------------
 // TLSServerConnectionInfo
 //-----------------------------------------------------------------------------
 
 namespace {
 
 class TLSServerSecurityObserverProxy final : public nsITLSServerSecurityObserver
 {
--- a/netwerk/base/nsITLSServerSocket.idl
+++ b/netwerk/base/nsITLSServerSocket.idl
@@ -64,16 +64,28 @@ interface nsITLSServerSocket : nsIServer
   /**
    * setCipherSuites
    *
    * The server's cipher suites that is used by the TLS handshake.
    * This is required to be set before calling |asyncListen|.
    */
   void setCipherSuites([array, size_is(aLength)] in unsigned short aCipherSuites,
                        in unsigned long aLength);
+
+  /**
+   * setVersionRange
+   *
+   * The server's TLS versions that is used by the TLS handshake.
+   * This is required to be set before calling |asyncListen|.
+   *
+   * aMinVersion and aMaxVersion is a TLS version value from
+   * |nsITLSClientStatus| constants.
+   */
+  void setVersionRange(in unsigned short aMinVersion,
+                       in unsigned short aMaxVersion);
 };
 
 /**
  * Security summary for a given TLS client connection being handled by a
  * |nsITLSServerSocket| server.
  *
  * This is accessible through the security info object on the transport, which
  * will be an instance of |nsITLSServerConnectionInfo| (see below).
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:59Z.