Google Git
Sign in
webrtc / src / 0967247662f6de824432992a7cc5e154e0fd6c29^! / .
commit0967247662f6de824432992a7cc5e154e0fd6c29[log] [tgz]
authorPhilipp Hancke <phancke@microsoft.com>Wed Nov 15 14:23:06 2023
committerWebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Nov 17 16:26:17 2023
treefc0453e7106d1a0bdc98f6cab7d680ff3d7c5617
parent4e1e5eae9e9b8290b71eb95641223b120a079f45 [diff]
Measure usage of fingerprints with SHA-1 certificates

at time of connect. This may allow deprecating SHA-1 which
is no longer used by browsers and not supported by the JS
API.

BUG=None

Change-Id: Iae1d800a61d46e0dcdb622ccb009acc6fb7db53f
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/327540
Commit-Queue: Philipp Hancke <phancke@microsoft.com>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Johannes Kron <kron@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#41187}

diff --git a/pc/peer_connection.cc b/pc/peer_connection.cc
index 8afc44e..8cb0825 100644
--- a/pc/peer_connection.cc
+++ b/pc/peer_connection.cc

@@ -2032,13 +2032,13 @@
   RTC_HISTOGRAM_ENUMERATION("WebRTC.PeerConnection.ProvisionalAnswer", pranswer,
                             kProvisionalAnswerMax);
 
-  // Record the number of valid / invalid ice-ufrag. We do allow certain
-  // non-spec ice-char for backward-compat reasons. At this point we know
-  // that the ufrag/pwd consists of a valid ice-char or one of the four
-  // not allowed characters since we have passed the IsIceChar check done
-  // by the p2p transport description on setRemoteDescription calls.
   auto transport_infos = remote_description()->description()->transport_infos();
-  if (transport_infos.size() > 0) {
+  if (!transport_infos.empty()) {
+    // Record the number of valid / invalid ice-ufrag. We do allow certain
+    // non-spec ice-char for backward-compat reasons. At this point we know
+    // that the ufrag/pwd consists of a valid ice-char or one of the four
+    // not allowed characters since we have passed the IsIceChar check done
+    // by the p2p transport description on setRemoteDescription calls.
     auto ice_parameters = transport_infos[0].description.GetIceParameters();
     auto is_invalid_char = [](char c) {
       return c == '-' || c == '=' || c == '#' || c == '_';
@@ -2050,6 +2050,16 @@
     RTC_HISTOGRAM_BOOLEAN(
         "WebRTC.PeerConnection.ValidIceChars",
         !(isUsingInvalidIceCharInUfrag || isUsingInvalidIceCharInPwd));
+
+    // Record whether the hash algorithm of the first transport's
+    // DTLS fingerprint is still using SHA-1.
+    if (transport_infos[0].description.identity_fingerprint) {
+      RTC_HISTOGRAM_BOOLEAN(
+          "WebRTC.PeerConnection.DtlsFingerprintLegacySha1",
+          absl::EqualsIgnoreCase(
+              transport_infos[0].description.identity_fingerprint->algorithm,
+              "sha-1"));
+    }
   }
 
   // Record RtcpMuxPolicy setting.