Log how often DTLS negotiation failed because of incompatible ciphersuites.

webrtc/base/sslstreamadapter.h

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 58 matching lines @@
   SSL_PROTOCOL_TLS_10,
   SSL_PROTOCOL_TLS_11,
   SSL_PROTOCOL_TLS_12,
   SSL_PROTOCOL_DTLS_10 = SSL_PROTOCOL_TLS_11,
   SSL_PROTOCOL_DTLS_12 = SSL_PROTOCOL_TLS_12,
 };
 
 // Errors for Read -- in the high range so no conflict with OpenSSL.
 enum { SSE_MSG_TRUNC = 0xff0001 };
 
+// Used to send back UMA histogram value.
+enum class SSLHandshakeError { UNKNOWN, INCOMPATIBLE_CIPHERSUITE, MAX_VALUE };
+
 class SSLStreamAdapter : public StreamAdapterInterface {
  public:
   // Instantiate an SSLStreamAdapter wrapping the given stream,
   // (using the selected implementation for the platform).
   // Caller is responsible for freeing the returned object.
   static SSLStreamAdapter* Create(StreamInterface* stream);
 
-  explicit SSLStreamAdapter(StreamInterface* stream)
-      : StreamAdapterInterface(stream), ignore_bad_cert_(false),
-        client_auth_enabled_(true) { }
+  explicit SSLStreamAdapter(StreamInterface* stream);
+  ~SSLStreamAdapter() override;
 
   void set_ignore_bad_cert(bool ignore) { ignore_bad_cert_ = ignore; }
   bool ignore_bad_cert() const { return ignore_bad_cert_; }
 
   void set_client_auth_enabled(bool enabled) { client_auth_enabled_ = enabled; }
   bool client_auth_enabled() const { return client_auth_enabled_; }
 
   // Specify our SSL identity: key and certificate. Mostly this is
   // only used in the peer-to-peer mode (unless we actually want to
   // provide a client certificate to a server).
@@ skipping 101 matching lines @@
   // Returns true iff the supplied cipher is deemed to be strong.
   // TODO(torbjorng): Consider removing the KeyType argument.
   static bool IsAcceptableCipher(int cipher, KeyType key_type);
   static bool IsAcceptableCipher(const std::string& cipher, KeyType key_type);
 
   // TODO(guoweis): Move this away from a static class method. Currently this is
   // introduced such that any caller could depend on sslstreamadapter.h without
   // depending on specific SSL implementation.
   static std::string SslCipherSuiteToName(int cipher_suite);
 
+  sigslot::signal1<SSLHandshakeError> SignalSSLHandshakeError;
+
  private:
   // If true, the server certificate need not match the configured
   // server_name, and in fact missing certificate authority and other
   // verification errors are ignored.
   bool ignore_bad_cert_;
 
   // If true (default), the client is required to provide a certificate during
   // handshake. If no certificate is given, handshake fails. This applies to
   // server mode only.
   bool client_auth_enabled_;
 };
 
 }  // namespace rtc
 
 #endif  // WEBRTC_BASE_SSLSTREAMADAPTER_H_