Expose SSL ciphersuite on the webrtc::DtlsTransport interface
This allows the ciphersuite to be accessed from Blink code, which is
useful if we want to emit deprecation messages.
Bug: none
Change-Id: Idcf1f5402948406e4cf7c6e54b67a622a1a403ec
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/132004
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27581}diff --git a/api/dtls_transport_interface.cc b/api/dtls_transport_interface.cc
index 2bb5049..7b50335 100644
--- a/api/dtls_transport_interface.cc
+++ b/api/dtls_transport_interface.cc
@@ -20,13 +20,16 @@
DtlsTransportInformation::DtlsTransportInformation(
DtlsTransportState state,
+ absl::optional<int> ssl_cipher_suite,
std::unique_ptr<rtc::SSLCertChain> remote_ssl_certificates)
: state_(state),
+ ssl_cipher_suite_(ssl_cipher_suite),
remote_ssl_certificates_(std::move(remote_ssl_certificates)) {}
DtlsTransportInformation::DtlsTransportInformation(
const DtlsTransportInformation& c)
: state_(c.state()),
+ ssl_cipher_suite_(c.ssl_cipher_suite_),
remote_ssl_certificates_(c.remote_ssl_certificates()
? c.remote_ssl_certificates()->Clone()
: nullptr) {}
@@ -34,6 +37,7 @@
DtlsTransportInformation& DtlsTransportInformation::operator=(
const DtlsTransportInformation& c) {
state_ = c.state();
+ ssl_cipher_suite_ = c.ssl_cipher_suite_;
remote_ssl_certificates_ = c.remote_ssl_certificates()
? c.remote_ssl_certificates()->Clone()
: nullptr;
diff --git a/api/dtls_transport_interface.h b/api/dtls_transport_interface.h
index 0270043..1170e0f 100644
--- a/api/dtls_transport_interface.h
+++ b/api/dtls_transport_interface.h
@@ -14,6 +14,7 @@
#include <memory>
#include <utility>
+#include "absl/types/optional.h"
#include "api/ice_transport_interface.h"
#include "api/rtc_error.h"
#include "api/scoped_refptr.h"
@@ -42,6 +43,7 @@
explicit DtlsTransportInformation(DtlsTransportState state);
DtlsTransportInformation(
DtlsTransportState state,
+ absl::optional<int> ssl_cipher_suite,
std::unique_ptr<rtc::SSLCertChain> remote_ssl_certificates);
// Copy and assign
DtlsTransportInformation(const DtlsTransportInformation& c);
@@ -52,6 +54,7 @@
default;
DtlsTransportState state() const { return state_; }
+ absl::optional<int> ssl_cipher_suite() const { return ssl_cipher_suite_; }
// The accessor returns a temporary pointer, it does not release ownership.
const rtc::SSLCertChain* remote_ssl_certificates() const {
return remote_ssl_certificates_.get();
@@ -59,6 +62,7 @@
private:
DtlsTransportState state_;
+ absl::optional<int> ssl_cipher_suite_;
std::unique_ptr<rtc::SSLCertChain> remote_ssl_certificates_;
};
diff --git a/p2p/base/fake_dtls_transport.h b/p2p/base/fake_dtls_transport.h
index c362618..841e196 100644
--- a/p2p/base/fake_dtls_transport.h
+++ b/p2p/base/fake_dtls_transport.h
@@ -177,7 +177,17 @@
return true;
}
void SetSrtpCryptoSuite(int crypto_suite) { crypto_suite_ = crypto_suite; }
- bool GetSslCipherSuite(int* cipher_suite) override { return false; }
+
+ bool GetSslCipherSuite(int* cipher_suite) override {
+ if (ssl_cipher_suite_) {
+ *cipher_suite = *ssl_cipher_suite_;
+ return true;
+ }
+ return false;
+ }
+ void SetSslCipherSuite(absl::optional<int> cipher_suite) {
+ ssl_cipher_suite_ = cipher_suite;
+ }
rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override {
return local_cert_;
}
@@ -278,6 +288,7 @@
rtc::SSLFingerprint dtls_fingerprint_;
absl::optional<rtc::SSLRole> dtls_role_;
int crypto_suite_ = rtc::SRTP_AES128_CM_SHA1_80;
+ absl::optional<int> ssl_cipher_suite_;
webrtc::CryptoOptions crypto_options_;
DtlsTransportState dtls_state_ = DTLS_TRANSPORT_NEW;
diff --git a/pc/dtls_transport.cc b/pc/dtls_transport.cc
index 9ce72a3..c261b43 100644
--- a/pc/dtls_transport.cc
+++ b/pc/dtls_transport.cc
@@ -118,9 +118,17 @@
if (internal_dtls_transport_) {
if (internal_dtls_transport_->dtls_state() ==
cricket::DTLS_TRANSPORT_CONNECTED) {
- info_ = DtlsTransportInformation(
- TranslateState(internal_dtls_transport_->dtls_state()),
- internal_dtls_transport_->GetRemoteSSLCertChain());
+ int ssl_cipher_suite;
+ if (internal_dtls_transport_->GetSslCipherSuite(&ssl_cipher_suite)) {
+ info_ = DtlsTransportInformation(
+ TranslateState(internal_dtls_transport_->dtls_state()),
+ ssl_cipher_suite,
+ internal_dtls_transport_->GetRemoteSSLCertChain());
+ } else {
+ info_ = DtlsTransportInformation(
+ TranslateState(internal_dtls_transport_->dtls_state()),
+ absl::nullopt, internal_dtls_transport_->GetRemoteSSLCertChain());
+ }
} else {
info_ = DtlsTransportInformation(
TranslateState(internal_dtls_transport_->dtls_state()));
diff --git a/pc/dtls_transport_unittest.cc b/pc/dtls_transport_unittest.cc
index 05f5440..c97c419 100644
--- a/pc/dtls_transport_unittest.cc
+++ b/pc/dtls_transport_unittest.cc
@@ -20,6 +20,7 @@
#include "test/gtest.h"
constexpr int kDefaultTimeout = 1000; // milliseconds
+constexpr int kNonsenseCipherSuite = 1234;
using cricket::FakeDtlsTransport;
using ::testing::ElementsAre;
@@ -60,6 +61,7 @@
if (certificate) {
cricket_transport->SetRemoteSSLCertificate(certificate);
}
+ cricket_transport->SetSslCipherSuite(kNonsenseCipherSuite);
transport_ =
new rtc::RefCountedObject<DtlsTransport>(std::move(cricket_transport));
}
@@ -142,4 +144,18 @@
EXPECT_FALSE(observer_.info_.remote_ssl_certificates());
}
+TEST_F(DtlsTransportTest, CipherSuiteVisibleWhenConnected) {
+ CreateTransport();
+ transport()->RegisterObserver(observer());
+ CompleteDtlsHandshake();
+ ASSERT_TRUE_WAIT(observer_.state() == DtlsTransportState::kConnected,
+ kDefaultTimeout);
+ ASSERT_TRUE(observer_.info_.ssl_cipher_suite());
+ EXPECT_EQ(kNonsenseCipherSuite, *observer_.info_.ssl_cipher_suite());
+ transport()->Clear();
+ ASSERT_TRUE_WAIT(observer_.state() == DtlsTransportState::kClosed,
+ kDefaultTimeout);
+ EXPECT_FALSE(observer_.info_.ssl_cipher_suite());
+}
+
} // namespace webrtc
