Log how often DTLS negotiation failed because of incompatible ciphersuites.

webrtc/base/sslstreamadapter.h

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 58 matching lines @@
   SSL_PROTOCOL_TLS_10,
   SSL_PROTOCOL_TLS_11,
   SSL_PROTOCOL_TLS_12,
   SSL_PROTOCOL_DTLS_10 = SSL_PROTOCOL_TLS_11,
   SSL_PROTOCOL_DTLS_12 = SSL_PROTOCOL_TLS_12,
 };
 
 // Errors for Read -- in the high range so no conflict with OpenSSL.
 enum { SSE_MSG_TRUNC = 0xff0001 };
 
+// Used to back UMA histogram value.

[honghaiz3, 2016/07/22 21:35:26]

=> "Used to send back UMA histogram values." or something like that. 

[Zhi Huang, 2016/07/25 17:24:28]

Done.

+enum class SSLHandshakeError { ERR_INCOMPATIBLE_CIPHERSUITE, ERR_OTHER };

[skvlad, 2016/07/22 01:25:14]

Would it be better to make ERR_OTHER the first value of the enum?
The UMA methods take a maximum value but I'm not sure if they can handle
reordering of enum values correctly. E.g. if subsequently we add another value
ERR_NEW before ERR_OTHER - it would be hard to interpret if a value of "1" means
ERR_OTHER (for older versions) or ERR_NEW (for newer ones).

To maximize forward compatibility, I'd rather define it this way:
enum class SSLHandshakeError { UNKNOWN, INCOMPATIBLE_CIPHERSUITE, MAX_VALUE }
and use MAX_VALUE in calls to UMA.

Furthermore, you don't need prefixes (ERR_...) for enum class types as they are
already in their own namespace unlike regular enums.

[Zhi Huang, 2016/07/25 17:24:28]

Yes, this is better! 

+
 class SSLStreamAdapter : public StreamAdapterInterface {
  public:
   // Instantiate an SSLStreamAdapter wrapping the given stream,
   // (using the selected implementation for the platform).
   // Caller is responsible for freeing the returned object.
   static SSLStreamAdapter* Create(StreamInterface* stream);
 
   explicit SSLStreamAdapter(StreamInterface* stream)
       : StreamAdapterInterface(stream), ignore_bad_cert_(false),
         client_auth_enabled_(true) { }
@@ skipping 111 matching lines @@
   // Returns true iff the supplied cipher is deemed to be strong.
   // TODO(torbjorng): Consider removing the KeyType argument.
   static bool IsAcceptableCipher(int cipher, KeyType key_type);
   static bool IsAcceptableCipher(const std::string& cipher, KeyType key_type);
 
   // TODO(guoweis): Move this away from a static class method. Currently this is
   // introduced such that any caller could depend on sslstreamadapter.h without
   // depending on specific SSL implementation.
   static std::string SslCipherSuiteToName(int cipher_suite);
 
+  sigslot::signal1<SSLHandshakeError> SignalSSLHandshakeError;
+
  private:
   // If true, the server certificate need not match the configured
   // server_name, and in fact missing certificate authority and other
   // verification errors are ignored.
   bool ignore_bad_cert_;
 
   // If true (default), the client is required to provide a certificate during
   // handshake. If no certificate is given, handshake fails. This applies to
   // server mode only.
   bool client_auth_enabled_;
 };
 
 }  // namespace rtc
 
 #endif  // WEBRTC_BASE_SSLSTREAMADAPTER_H_