Support generation of EC keys using P256 curve and support ECDSA certs.

webrtc/base/nssstreamadapter.cc

Index: webrtc/base/nssstreamadapter.cc
diff --git a/webrtc/base/nssstreamadapter.cc b/webrtc/base/nssstreamadapter.cc
index 22f2a2e2f47e203e43a1ff9e5d0843e97bd5251a..1af9cbc1bdff6b2c37e7dd9d5a05cb733595f487 100644
--- a/webrtc/base/nssstreamadapter.cc
+++ b/webrtc/base/nssstreamadapter.cc
@@ -70,6 +70,8 @@ static const SrtpCipherMapEntry kSrtpCipherMap[] = {
 static const uint32_t kEnabledCiphers[] = {
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,

[juberti1, 2015/06/26 19:16:01]

this should be ECDHE

[torbjorng (webrtc), 2015/07/02 12:35:07]

Done.

+  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

[juberti1, 2015/06/26 19:16:01]

we don't want the AES-256 variant. this should be
 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

[torbjorng (webrtc), 2015/07/02 12:35:07]

Done.

 };
 
 // Default cipher used between NSS stream adapters.
@@ -495,7 +497,7 @@ int NSSStreamAdapter::BeginSSL() {
     }
     rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(),
                                 identity->keypair()->privkey(),
-                                kt_rsa);
+                                identity->keypair()->ssl_kea_type());
     if (rv != SECSuccess) {
       Error("BeginSSL", -1, false);
       return -1;