Bug 1784098 - make nsISocketTransport.securityInfo explicit as nsISSLSocketControl r=necko-reviewers,kershaw

Differential Revision: https://phabricator.services.mozilla.com/D154257

dom/media/webrtc/transport/test/webrtcproxychannel_unittest.cpp

@@ -84,7 +84,8 @@ class FakeSocketTransportProvider : public nsISocketTransport {
     MOZ_ASSERT(false);
     return NS_OK;
   }
-  NS_IMETHOD GetSecurityInfo(nsISupports** aSecurityInfo) override {
+  NS_IMETHOD GetTlsSocketControl(
+      nsISSLSocketControl** aTLSSocketControl) override {
     MOZ_ASSERT(false);
     return NS_OK;
   }

dom/network/TCPSocket.cpp

@@ -455,11 +455,10 @@ void TCPSocket::NotifyCopyComplete(nsresult aStatus) {
 }
 
 void TCPSocket::ActivateTLS() {
-  nsCOMPtr<nsISupports> securityInfo;
-  mTransport->GetSecurityInfo(getter_AddRefs(securityInfo));
-  nsCOMPtr<nsISSLSocketControl> socketControl = do_QueryInterface(securityInfo);
-  if (socketControl) {
-    socketControl->StartTLS();
+  nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
+  mTransport->GetTlsSocketControl(getter_AddRefs(tlsSocketControl));
+  if (tlsSocketControl) {
+    tlsSocketControl->StartTLS();
   }
 }
 

netwerk/base/nsISocketTransport.idl

@@ -8,6 +8,7 @@
 
 interface nsIInterfaceRequestor;
 interface nsINetAddr;
+interface nsISSLSocketControl;
 
 %{ C++
 #include "mozilla/BasePrincipal.h"
@@ -94,13 +95,11 @@ interface nsISocketTransport : nsITransport
     nsINetAddr getScriptableSelfAddr();
 
     /**
-     * Security info object returned from the secure socket provider.  This
-     * object supports nsISSLSocketControl, nsITransportSecurityInfo, and
-     * possibly other interfaces.
-     *
-     * This attribute is only available once the socket is connected.
+     * TLS socket control object. This attribute is only available once the
+     * socket is connected. The name `nsISSLSocketControl` is a holdover from
+     * when TLS was called SSL.
      */
-    readonly attribute nsISupports securityInfo;
+    readonly attribute nsISSLSocketControl tlsSocketControl;
 
     /**
      * Security notification callbacks passed to the secure socket provider

netwerk/base/nsSocketTransport2.cpp

@@ -1114,7 +1114,7 @@ nsresult nsSocketTransport::BuildSocket(PRFileDesc*& fd, bool& proxyTransparent,
     rv = spserv->GetSocketProvider(mTypes[i].get(), getter_AddRefs(provider));
     if (NS_FAILED(rv)) break;
 
-    nsCOMPtr<nsISupports> secinfo;
+    nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
     if (i == 0) {
       // if this is the first type, we'll want the
       // service to allocate a new socket
@@ -1145,7 +1145,7 @@ nsresult nsSocketTransport::BuildSocket(PRFileDesc*& fd, bool& proxyTransparent,
           mHttpsProxy ? mProxyHost.get() : socketProviderHost,
           mHttpsProxy ? mProxyPort : socketProviderPort, proxyInfo,
           mOriginAttributes, controlFlags, mTlsFlags, &fd,
-          getter_AddRefs(secinfo));
+          getter_AddRefs(tlsSocketControl));
 
       if (NS_SUCCEEDED(rv) && !fd) {
         MOZ_ASSERT_UNREACHABLE(
@@ -1159,7 +1159,7 @@ nsresult nsSocketTransport::BuildSocket(PRFileDesc*& fd, bool& proxyTransparent,
       // to the stack (such as pushing an io layer)
       rv = provider->AddToSocket(mNetAddr.raw.family, host, port, proxyInfo,
                                  mOriginAttributes, controlFlags, mTlsFlags, fd,
-                                 getter_AddRefs(secinfo));
+                                 getter_AddRefs(tlsSocketControl));
     }
 
     // controlFlags = 0; not used below this point...
@@ -1173,14 +1173,15 @@ nsresult nsSocketTransport::BuildSocket(PRFileDesc*& fd, bool& proxyTransparent,
       nsCOMPtr<nsIInterfaceRequestor> callbacks;
       {
         MutexAutoLock lock(mLock);
-        mSecInfo = secinfo;
+        mTLSSocketControl = tlsSocketControl;
         callbacks = mCallbacks;
-        SOCKET_LOG(("  [secinfo=%p callbacks=%p]\n", mSecInfo.get(),
-                    mCallbacks.get()));
+        SOCKET_LOG(("  [tlsSocketControl=%p callbacks=%p]\n",
+                    mTLSSocketControl.get(), mCallbacks.get()));
       }
       // don't call into PSM while holding mLock!!
-      nsCOMPtr<nsISSLSocketControl> secCtrl(do_QueryInterface(secinfo));
-      if (secCtrl) secCtrl->SetNotificationCallbacks(callbacks);
+      if (tlsSocketControl) {
+        tlsSocketControl->SetNotificationCallbacks(callbacks);
+      }
       // remember if socket type is SSL so we can ProxyStartSSL if need be.
       usingSSL = isSSL;
     } else if (mTypes[i].EqualsLiteral("socks") ||
@@ -1330,8 +1331,7 @@ nsresult nsSocketTransport::InitiateSocket() {
     SOCKET_LOG(("Successfully attached fuzzing IOLayer.\n"));
 
     if (usingSSL) {
-      mSecInfo = static_cast<nsISupports*>(
-          static_cast<nsISSLSocketControl*>(new FuzzySecurityInfo()));
+      mTLSSocketControl = new FuzzySecurityInfo();
     }
   }
 #endif
@@ -1471,12 +1471,11 @@ nsresult nsSocketTransport::InitiateSocket() {
   }
 #endif
 
-  nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
-  if (secCtrl) {
+  if (mTLSSocketControl) {
     if (!mEchConfig.IsEmpty() &&
         !(mConnectionFlags & (DONT_TRY_ECH | BE_CONSERVATIVE))) {
       SOCKET_LOG(("nsSocketTransport::InitiateSocket set echconfig."));
-      rv = secCtrl->SetEchConfig(mEchConfig);
+      rv = mTLSSocketControl->SetEchConfig(mEchConfig);
       if (NS_FAILED(rv)) {
         return rv;
       }
@@ -1542,16 +1541,14 @@ nsresult nsSocketTransport::InitiateSocket() {
       //
       OnSocketConnected();
 
-      if (mSecInfo && !mProxyHost.IsEmpty() && proxyTransparent && usingSSL) {
+      if (mTLSSocketControl && !mProxyHost.IsEmpty() && proxyTransparent &&
+          usingSSL) {
         // if the connection phase is finished, and the ssl layer has
         // been pushed, and we were proxying (transparently; ie. nothing
         // has to happen in the protocol layer above us), it's time for
         // the ssl to start doing it's thing.
-        nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
-        if (secCtrl) {
-          SOCKET_LOG(("  calling ProxyStartSSL()\n"));
-          secCtrl->ProxyStartSSL();
-        }
+        SOCKET_LOG(("  calling ProxyStartSSL()\n"));
+        mTLSSocketControl->ProxyStartSSL();
         // XXX what if we were forced to poll on the socket for a successful
         // connection... wouldn't we need to call ProxyStartSSL after a call
         // to PR_ConnectContinue indicates that we are connected?
@@ -2228,8 +2225,9 @@ void nsSocketTransport::OnSocketDetached(PRFileDesc* fd) {
   // break any potential reference cycle between the security info object
   // and ourselves by resetting its notification callbacks object.  see
   // bug 285991 for details.
-  nsCOMPtr<nsISSLSocketControl> secCtrl = do_QueryInterface(mSecInfo);
-  if (secCtrl) secCtrl->SetNotificationCallbacks(nullptr);
+  if (mTLSSocketControl) {
+    mTLSSocketControl->SetNotificationCallbacks(nullptr);
+  }
 
   // finally, release our reference to the socket (must do this within
   // the transport lock) possibly closing the socket. Also release our
@@ -2394,9 +2392,9 @@ nsSocketTransport::Close(nsresult reason) {
 }
 
 NS_IMETHODIMP
-nsSocketTransport::GetSecurityInfo(nsISupports** secinfo) {
+nsSocketTransport::GetTlsSocketControl(nsISSLSocketControl** tlsSocketControl) {
   MutexAutoLock lock(mLock);
-  *secinfo = do_AddRef(mSecInfo).take();
+  *tlsSocketControl = do_AddRef(mTLSSocketControl).take();
   return NS_OK;
 }
 
@@ -2414,19 +2412,20 @@ nsSocketTransport::SetSecurityCallbacks(nsIInterfaceRequestor* callbacks) {
                                          GetCurrentEventTarget(),
                                          getter_AddRefs(threadsafeCallbacks));
 
-  nsCOMPtr<nsISupports> secinfo;
+  nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
   {
     MutexAutoLock lock(mLock);
     mCallbacks = threadsafeCallbacks;
-    SOCKET_LOG(("Reset callbacks for secinfo=%p callbacks=%p\n", mSecInfo.get(),
-                mCallbacks.get()));
+    SOCKET_LOG(("Reset callbacks for tlsSocketInfo=%p callbacks=%p\n",
+                mTLSSocketControl.get(), mCallbacks.get()));
 
-    secinfo = mSecInfo;
+    tlsSocketControl = mTLSSocketControl;
   }
 
   // don't call into PSM while holding mLock!!
-  nsCOMPtr<nsISSLSocketControl> secCtrl(do_QueryInterface(secinfo));
-  if (secCtrl) secCtrl->SetNotificationCallbacks(threadsafeCallbacks);
+  if (tlsSocketControl) {
+    tlsSocketControl->SetNotificationCallbacks(threadsafeCallbacks);
+  }
 
   return NS_OK;
 }

netwerk/base/nsSocketTransport2.h

@@ -380,7 +380,7 @@ class nsSocketTransport final : public nsASocketHandler,
 
   nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
   nsCOMPtr<nsITransportEventSink> mEventSink;
-  nsCOMPtr<nsISupports> mSecInfo;
+  nsCOMPtr<nsISSLSocketControl> mTLSSocketControl;
 
   nsSocketInputStream mInput;
   nsSocketOutputStream mOutput;

netwerk/protocol/http/Http2ConnectTransaction.cpp

@@ -1181,7 +1181,7 @@ FWD_TS_PTR(GetPeerAddr, mozilla::net::NetAddr);
 FWD_TS_PTR(GetSelfAddr, mozilla::net::NetAddr);
 FWD_TS_ADDREF(GetScriptablePeerAddr, nsINetAddr);
 FWD_TS_ADDREF(GetScriptableSelfAddr, nsINetAddr);
-FWD_TS_ADDREF(GetSecurityInfo, nsISupports);
+FWD_TS_ADDREF(GetTlsSocketControl, nsISSLSocketControl);
 FWD_TS_PTR(IsAlive, bool);
 FWD_TS_PTR(GetConnectionFlags, uint32_t);
 FWD_TS(SetConnectionFlags, uint32_t);

netwerk/protocol/http/Http2StreamTunnel.cpp

@@ -206,7 +206,7 @@ FWD_TS_T_PTR(GetPeerAddr, mozilla::net::NetAddr);
 FWD_TS_T_PTR(GetSelfAddr, mozilla::net::NetAddr);
 FWD_TS_T_ADDREF(GetScriptablePeerAddr, nsINetAddr);
 FWD_TS_T_ADDREF(GetScriptableSelfAddr, nsINetAddr);
-FWD_TS_T_ADDREF(GetSecurityInfo, nsISupports);
+FWD_TS_T_ADDREF(GetTlsSocketControl, nsISSLSocketControl);
 FWD_TS_T_PTR(GetConnectionFlags, uint32_t);
 FWD_TS_T(SetConnectionFlags, uint32_t);
 FWD_TS_T(SetIsPrivate, bool);

netwerk/protocol/http/TLSTransportLayer.cpp

@@ -8,6 +8,7 @@
 #include "HttpLog.h"
 
 #include "TLSTransportLayer.h"
+#include "nsISSLSocketControl.h"
 #include "nsISocketProvider.h"
 #include "Http2StreamTunnel.h"
 #include "nsQueryObject.h"
@@ -317,7 +318,7 @@ TLSTransportLayer::~TLSTransportLayer() {
     PR_Close(mFD);
     mFD = nullptr;
   }
-  mSecInfo = nullptr;
+  mTLSSocketControl = nullptr;
 }
 
 bool TLSTransportLayer::Init(const char* aTLSHost, int32_t aTLSPort) {
@@ -361,9 +362,9 @@ bool TLSTransportLayer::Init(const char* aTLSHost, int32_t aTLSPort) {
 
   mFD->secret = reinterpret_cast<PRFilePrivate*>(this);
 
-  return NS_SUCCEEDED(provider->AddToSocket(PR_AF_INET, aTLSHost, aTLSPort,
-                                            nullptr, OriginAttributes(), 0, 0,
-                                            mFD, getter_AddRefs(mSecInfo)));
+  return NS_SUCCEEDED(provider->AddToSocket(
+      PR_AF_INET, aTLSHost, aTLSPort, nullptr, OriginAttributes(), 0, 0, mFD,
+      getter_AddRefs(mTLSSocketControl)));
 }
 
 NS_IMETHODIMP
@@ -555,12 +556,13 @@ FWD_TS_PTR(GetRecvBufferSize, uint32_t);
 FWD_TS(SetRecvBufferSize, uint32_t);
 FWD_TS_PTR(GetResetIPFamilyPreference, bool);
 
-nsresult TLSTransportLayer::GetSecurityInfo(nsISupports** secinfo) {
-  if (!mSecInfo) {
+nsresult TLSTransportLayer::GetTlsSocketControl(
+    nsISSLSocketControl** tlsSocketControl) {
+  if (!mTLSSocketControl) {
     return NS_ERROR_ABORT;
   }
 
-  *secinfo = do_AddRef(mSecInfo).take();
+  *tlsSocketControl = do_AddRef(mTLSSocketControl).take();
   return NS_OK;
 }
 

netwerk/protocol/http/TLSTransportLayer.h

@@ -151,7 +151,7 @@ class TLSTransportLayer final : public nsISocketTransport,
   nsCOMPtr<nsISocketTransport> mSocketTransport;
   InputStreamWrapper mSocketInWrapper;
   OutputStreamWrapper mSocketOutWrapper;
-  nsCOMPtr<nsISupports> mSecInfo;
+  nsCOMPtr<nsISSLSocketControl> mTLSSocketControl;
   nsCOMPtr<nsIInputStreamCallback> mInputCallback;
   nsCOMPtr<nsIOutputStreamCallback> mOutputCallback;
   PRFileDesc* mFD{nullptr};

netwerk/protocol/http/nsHttpConnection.cpp

@@ -1199,9 +1199,13 @@ void nsHttpConnection::GetSecurityInfo(nsISupports** secinfo) {
     return;
   }
 
-  if (mSocketTransport &&
-      NS_SUCCEEDED(mSocketTransport->GetSecurityInfo(secinfo))) {
-    return;
+  if (mSocketTransport) {
+    nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
+    if (NS_SUCCEEDED(mSocketTransport->GetTlsSocketControl(
+            getter_AddRefs(tlsSocketControl)))) {
+      tlsSocketControl.forget(secinfo);
+      return;
+    }
   }
 
   *secinfo = nullptr;
@@ -2195,18 +2199,13 @@ bool nsHttpConnection::NoClientCertAuth() const {
     return false;
   }
 
-  nsCOMPtr<nsISupports> secInfo;
-  mSocketTransport->GetSecurityInfo(getter_AddRefs(secInfo));
-  if (!secInfo) {
+  nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
+  mSocketTransport->GetTlsSocketControl(getter_AddRefs(tlsSocketControl));
+  if (!tlsSocketControl) {
     return false;
   }
 
-  nsCOMPtr<nsISSLSocketControl> ssc(do_QueryInterface(secInfo));
-  if (!ssc) {
-    return false;
-  }
-
-  return !ssc->GetClientCertSent();
+  return !tlsSocketControl->GetClientCertSent();
 }
 
 bool nsHttpConnection::CanAcceptWebsocket() {

netwerk/protocol/websocket/WebSocketChannel.cpp

@@ -36,6 +36,7 @@
 #include "nsIProtocolHandler.h"
 #include "nsIRandomGenerator.h"
 #include "nsISocketTransport.h"
+#include "nsISSLSocketControl.h"
 #include "nsThreadUtils.h"
 #include "nsINetworkLinkService.h"
 #include "nsIObserverService.h"
@@ -3335,7 +3336,11 @@ WebSocketChannel::GetSecurityInfo(nsISupports** aSecurityInfo) {
   }
 
   if (mTransport) {
-    if (NS_FAILED(mTransport->GetSecurityInfo(aSecurityInfo))) {
+    nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
+    if (NS_SUCCEEDED(mTransport->GetTlsSocketControl(
+            getter_AddRefs(tlsSocketControl)))) {
+      tlsSocketControl.forget(aSecurityInfo);
+    } else {
       *aSecurityInfo = nullptr;
     }
   }

netwerk/protocol/websocket/WebSocketConnection.cpp

@@ -10,6 +10,7 @@
 #include "WebSocketLog.h"
 #include "mozilla/net/WebSocketConnectionListener.h"
 #include "nsIOService.h"
+#include "nsISSLSocketControl.h"
 #include "nsISocketTransport.h"
 #include "nsSocketTransportService2.h"
 
@@ -143,10 +144,13 @@ void WebSocketConnection::DrainSocketData() {
 nsresult WebSocketConnection::GetSecurityInfo(nsISupports** aSecurityInfo) {
   LOG(("WebSocketConnection::GetSecurityInfo() %p\n", this));
   MOZ_ASSERT(OnSocketThread());
+  *aSecurityInfo = nullptr;
 
   if (mTransport) {
-    if (NS_FAILED(mTransport->GetSecurityInfo(aSecurityInfo))) {
-      *aSecurityInfo = nullptr;
+    nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
+    if (NS_SUCCEEDED(mTransport->GetTlsSocketControl(
+            getter_AddRefs(tlsSocketControl)))) {
+      tlsSocketControl.forget(aSecurityInfo);
     }
   }
   return NS_OK;

netwerk/protocol/websocket/WebSocketConnectionChild.cpp

@@ -10,6 +10,7 @@
 #include "mozilla/ipc/BackgroundChild.h"
 #include "mozilla/ipc/PBackgroundChild.h"
 #include "nsISerializable.h"
+#include "nsISSLSocketControl.h"
 #include "nsSerializationHelper.h"
 #include "nsThreadUtils.h"
 #include "WebSocketConnection.h"
@@ -81,10 +82,10 @@ WebSocketConnectionChild::OnTransportAvailable(
   }
 
   nsAutoCString serializedSecurityInfo;
-  nsCOMPtr<nsISupports> secInfoSupp;
-  aTransport->GetSecurityInfo(getter_AddRefs(secInfoSupp));
-  if (secInfoSupp) {
-    nsCOMPtr<nsISerializable> secInfoSer = do_QueryInterface(secInfoSupp);
+  nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
+  aTransport->GetTlsSocketControl(getter_AddRefs(tlsSocketControl));
+  if (tlsSocketControl) {
+    nsCOMPtr<nsISerializable> secInfoSer = do_QueryInterface(tlsSocketControl);
     if (secInfoSer) {
       NS_SerializeToString(secInfoSer, serializedSecurityInfo);
     }

netwerk/socket/nsISocketProvider.idl

@@ -6,6 +6,7 @@
 #include "nsISupports.idl"
 
 interface nsIProxyInfo;
+interface nsISSLSocketControl;
 [ptr] native PRFileDescStar(struct PRFileDesc);
 native OriginAttributes(mozilla::OriginAttributes);
 [ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
@@ -41,9 +42,9 @@ interface nsISocketProvider : nsISupports
      *        studies relating to the TLS implementation.
      * @param aFileDesc
      *        The resulting PRFileDesc.
-     * @param aSecurityInfo
-     *        Any security info that should be associated with aFileDesc.  This
-     *        object typically implements nsITransportSecurityInfo.
+     * @param aTLSSocketControl
+     *        TLS socket control object that should be associated with
+     *        aFileDesc, if applicable.
      */
     [noscript]
     void newSocket(in long                      aFamily,
@@ -54,7 +55,7 @@ interface nsISocketProvider : nsISupports
                    in unsigned long             aFlags,
                    in unsigned long             aTlsFlags,
                    out PRFileDescStar           aFileDesc,
-                   out nsISupports              aSecurityInfo);
+                   out nsISSLSocketControl      aTLSSocketControl);
 
     /**
      * addToSocket
@@ -75,7 +76,7 @@ interface nsISocketProvider : nsISupports
                      in unsigned long             aFlags,
                      in unsigned long             aTlsFlags,
                      in PRFileDescStar            aFileDesc,
-                     out nsISupports              aSecurityInfo);
+                     out nsISSLSocketControl      aTLSSocketControl);
 
     /**
      * PROXY_RESOLVES_HOST

netwerk/socket/nsSOCKSIOLayer.cpp

@@ -1409,8 +1409,7 @@ static PRStatus nsSOCKSIOLayerListen(PRFileDesc* fd, int backlog) {
 nsresult nsSOCKSIOLayerAddToSocket(int32_t family, const char* host,
                                    int32_t port, nsIProxyInfo* proxy,
                                    int32_t socksVersion, uint32_t flags,
-                                   uint32_t tlsFlags, PRFileDesc* fd,
-                                   nsISupports** info) {
+                                   uint32_t tlsFlags, PRFileDesc* fd) {
   NS_ENSURE_TRUE((socksVersion == 4) || (socksVersion == 5),
                  NS_ERROR_NOT_INITIALIZED);
 
@@ -1484,8 +1483,6 @@ nsresult nsSOCKSIOLayerAddToSocket(int32_t family, const char* host,
     return NS_ERROR_FAILURE;
   }
 
-  *info = static_cast<nsISOCKSSocketInfo*>(infoObject);
-  NS_ADDREF(*info);
   return NS_OK;
 }
 

netwerk/socket/nsSOCKSIOLayer.h

@@ -14,8 +14,7 @@
 nsresult nsSOCKSIOLayerAddToSocket(int32_t family, const char* host,
                                    int32_t port, nsIProxyInfo* proxyInfo,
                                    int32_t socksVersion, uint32_t flags,
-                                   uint32_t tlsFlags, PRFileDesc* fd,
-                                   nsISupports** info);
+                                   uint32_t tlsFlags, PRFileDesc* fd);
 
 bool IsHostLocalTarget(const nsACString& aHost);
 

netwerk/socket/nsSOCKSSocketProvider.cpp

@@ -66,14 +66,15 @@ nsSOCKSSocketProvider::NewSocket(int32_t family, const char* host, int32_t port,
                                  nsIProxyInfo* proxy,
                                  const OriginAttributes& originAttributes,
                                  uint32_t flags, uint32_t tlsFlags,
-                                 PRFileDesc** result, nsISupports** socksInfo) {
+                                 PRFileDesc** result,
+                                 nsISSLSocketControl** tlsSocketControl) {
   PRFileDesc* sock = OpenTCPSocket(family, proxy);
   if (!sock) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   nsresult rv = nsSOCKSIOLayerAddToSocket(family, host, port, proxy, mVersion,
-                                          flags, tlsFlags, sock, socksInfo);
+                                          flags, tlsFlags, sock);
   if (NS_SUCCEEDED(rv)) {
     *result = sock;
     return NS_OK;
@@ -87,9 +88,10 @@ nsSOCKSSocketProvider::AddToSocket(int32_t family, const char* host,
                                    int32_t port, nsIProxyInfo* proxy,
                                    const OriginAttributes& originAttributes,
                                    uint32_t flags, uint32_t tlsFlags,
-                                   PRFileDesc* sock, nsISupports** socksInfo) {
+                                   PRFileDesc* sock,
+                                   nsISSLSocketControl** tlsSocketControl) {
   nsresult rv = nsSOCKSIOLayerAddToSocket(family, host, port, proxy, mVersion,
-                                          flags, tlsFlags, sock, socksInfo);
+                                          flags, tlsFlags, sock);
 
   if (NS_FAILED(rv)) rv = NS_ERROR_SOCKET_CREATE_FAILED;
   return rv;

netwerk/socket/nsUDPSocketProvider.cpp

@@ -16,7 +16,7 @@ nsUDPSocketProvider::NewSocket(int32_t aFamily, const char* aHost,
                                const OriginAttributes& originAttributes,
                                uint32_t aFlags, uint32_t aTlsFlags,
                                PRFileDesc** aFileDesc,
-                               nsISupports** aSecurityInfo) {
+                               nsISSLSocketControl** aTLSSocketControl) {
   NS_ENSURE_ARG_POINTER(aFileDesc);
 
   PRFileDesc* udpFD = PR_OpenUDPSocket(aFamily);
@@ -32,7 +32,7 @@ nsUDPSocketProvider::AddToSocket(int32_t aFamily, const char* aHost,
                                  const OriginAttributes& originAttributes,
                                  uint32_t aFlags, uint32_t aTlsFlags,
                                  struct PRFileDesc* aFileDesc,
-                                 nsISupports** aSecurityInfo) {
+                                 nsISSLSocketControl** aTLSSocketControl) {
   // does not make sense to strap a UDP socket onto an existing socket
   MOZ_ASSERT_UNREACHABLE("Cannot layer UDP socket on an existing socket");
   return NS_ERROR_UNEXPECTED;

security/manager/ssl/nsNSSIOLayer.cpp

@@ -1819,7 +1819,8 @@ bool nsSSLIOLayerHelpers::treatUnsafeNegotiationAsBroken() {
 nsresult nsSSLIOLayerNewSocket(int32_t family, const char* host, int32_t port,
                                nsIProxyInfo* proxy,
                                const OriginAttributes& originAttributes,
-                               PRFileDesc** fd, nsISupports** info,
+                               PRFileDesc** fd,
+                               nsISSLSocketControl** tlsSocketControl,
                                bool forSTARTTLS, uint32_t flags,
                                uint32_t tlsFlags) {
   PRFileDesc* sock = PR_OpenTCPSocket(family);
@@ -1827,7 +1828,7 @@ nsresult nsSSLIOLayerNewSocket(int32_t family, const char* host, int32_t port,
 
   nsresult rv =
       nsSSLIOLayerAddToSocket(family, host, port, proxy, originAttributes, sock,
-                              info, forSTARTTLS, flags, tlsFlags);
+                              tlsSocketControl, forSTARTTLS, flags, tlsFlags);
   if (NS_FAILED(rv)) {
     PR_Close(sock);
     return rv;
@@ -2123,7 +2124,8 @@ SECStatus StoreResumptionToken(PRFileDesc* fd, const PRUint8* resumptionToken,
 nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
                                  nsIProxyInfo* proxy,
                                  const OriginAttributes& originAttributes,
-                                 PRFileDesc* fd, nsISupports** info,
+                                 PRFileDesc* fd,
+                                 nsISSLSocketControl** tlsSocketControl,
                                  bool forSTARTTLS, uint32_t providerFlags,
                                  uint32_t providerTlsFlags) {
   PRFileDesc* layer = nullptr;
@@ -2207,9 +2209,8 @@ nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
     goto loser;
   }
 
-  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
-          ("[%p] Socket set up\n", (void*)sslSock));
-  infoObject->QueryInterface(NS_GET_IID(nsISupports), (void**)(info));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Socket set up", (void*)sslSock));
+  *tlsSocketControl = do_AddRef(infoObject).take();
 
   // We are going use a clear connection first //
   if (forSTARTTLS || haveProxy) {

security/manager/ssl/nsNSSIOLayer.h

@@ -327,14 +327,16 @@ class nsSSLIOLayerHelpers {
 nsresult nsSSLIOLayerNewSocket(int32_t family, const char* host, int32_t port,
                                nsIProxyInfo* proxy,
                                const OriginAttributes& originAttributes,
-                               PRFileDesc** fd, nsISupports** securityInfo,
+                               PRFileDesc** fd,
+                               nsISSLSocketControl** tlsSocketControl,
                                bool forSTARTTLS, uint32_t flags,
                                uint32_t tlsFlags);
 
 nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
                                  nsIProxyInfo* proxy,
                                  const OriginAttributes& originAttributes,
-                                 PRFileDesc* fd, nsISupports** securityInfo,
+                                 PRFileDesc* fd,
+                                 nsISSLSocketControl** tlsSocketControl,
                                  bool forSTARTTLS, uint32_t flags,
                                  uint32_t tlsFlags);
 

security/manager/ssl/nsSSLSocketProvider.cpp

@@ -23,10 +23,10 @@ nsSSLSocketProvider::NewSocket(int32_t family, const char* host, int32_t port,
                                const OriginAttributes& originAttributes,
                                uint32_t flags, uint32_t tlsFlags,
                                PRFileDesc** _result,
-                               nsISupports** securityInfo) {
+                               nsISSLSocketControl** tlsSocketControl) {
   nsresult rv =
       nsSSLIOLayerNewSocket(family, host, port, proxy, originAttributes,
-                            _result, securityInfo, false, flags, tlsFlags);
+                            _result, tlsSocketControl, false, flags, tlsFlags);
   return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
 }
 
@@ -37,10 +37,10 @@ nsSSLSocketProvider::AddToSocket(int32_t family, const char* host, int32_t port,
                                  const OriginAttributes& originAttributes,
                                  uint32_t flags, uint32_t tlsFlags,
                                  PRFileDesc* aSocket,
-                                 nsISupports** securityInfo) {
-  nsresult rv =
-      nsSSLIOLayerAddToSocket(family, host, port, proxy, originAttributes,
-                              aSocket, securityInfo, false, flags, tlsFlags);
+                                 nsISSLSocketControl** tlsSocketControl) {
+  nsresult rv = nsSSLIOLayerAddToSocket(
+      family, host, port, proxy, originAttributes, aSocket, tlsSocketControl,
+      false, flags, tlsFlags);
 
   return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
 }

security/manager/ssl/nsTLSSocketProvider.cpp

@@ -23,10 +23,10 @@ nsTLSSocketProvider::NewSocket(int32_t family, const char* host, int32_t port,
                                const OriginAttributes& originAttributes,
                                uint32_t flags, uint32_t tlsFlags,
                                PRFileDesc** _result,
-                               nsISupports** securityInfo) {
+                               nsISSLSocketControl** tlsSocketControl) {
   nsresult rv =
       nsSSLIOLayerNewSocket(family, host, port, proxy, originAttributes,
-                            _result, securityInfo, true, flags, tlsFlags);
+                            _result, tlsSocketControl, true, flags, tlsFlags);
 
   return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
 }
@@ -38,10 +38,10 @@ nsTLSSocketProvider::AddToSocket(int32_t family, const char* host, int32_t port,
                                  const OriginAttributes& originAttributes,
                                  uint32_t flags, uint32_t tlsFlags,
                                  PRFileDesc* aSocket,
-                                 nsISupports** securityInfo) {
+                                 nsISSLSocketControl** tlsSocketControl) {
   nsresult rv =
       nsSSLIOLayerAddToSocket(family, host, port, proxy, originAttributes,
-                              aSocket, securityInfo, true, flags, tlsFlags);
+                              aSocket, tlsSocketControl, true, flags, tlsFlags);
 
   return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
 }

security/manager/ssl/tests/unit/head_psm.js

@@ -630,7 +630,9 @@ async function asyncConnectTo(
     );
     if (aWithSecurityInfo) {
       aWithSecurityInfo(
-        conn.transport.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
+        conn.transport.tlsSocketControl.QueryInterface(
+          Ci.nsITransportSecurityInfo
+        )
       );
     }
   });