Obtain the cipher suite from the Mac Secure Transport and

Windows SChannel.

R=agl
BUG=49699
TEST=Run Chrome with the --use-system-ssl command-line option on
Mac and Windows.  Visit an HTTPS site.  Click the lock icon on
the left of the location bar.  The Security Information dialog
should display the SSL cipher suite info.
Review URL: http://codereview.chromium.org/3042015

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53511 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 17 insertions, 0 deletions

diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc
index 0484ebd..77a553c 100644
--- a/net/socket/ssl_client_socket_win.cc
+++ b/net/socket/ssl_client_socket_win.cc
@@ -353,6 +353,23 @@ void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) {
     // normalized.
     ssl_info->security_bits = connection_info.dwCipherStrength;
   }
+  // SecPkgContext_CipherInfo comes from CNG and is available on Vista or
+  // later only.  On XP, the next QueryContextAttributes call fails with
+  // SEC_E_UNSUPPORTED_FUNCTION (0x80090302), so ssl_info->connection_status
+  // won't contain the cipher suite.  If this is a problem, we can build the
+  // cipher suite from the aiCipher, aiHash, and aiExch fields of
+  // SecPkgContext_ConnectionInfo based on Appendix C of RFC 5246.
+  SecPkgContext_CipherInfo cipher_info = { SECPKGCONTEXT_CIPHERINFO_V1 };
+  status = QueryContextAttributes(
+      &ctxt_, SECPKG_ATTR_CIPHER_INFO, &cipher_info);
+  if (status == SEC_E_OK) {
+    // TODO(wtc): find out what the cipher_info.dwBaseCipherSuite field is.
+    ssl_info->connection_status |=
+        (cipher_info.dwCipherSuite & SSL_CONNECTION_CIPHERSUITE_MASK) <<
+        SSL_CONNECTION_CIPHERSUITE_SHIFT;
+    // SChannel doesn't support TLS compression, so cipher_info doesn't have
+    // any field related to the compression method.
+  }
 
   if (ssl_config_.ssl3_fallback)
     ssl_info->connection_status |= SSL_CONNECTION_SSL3_FALLBACK;