Bug 1787321 - convert nsAHttpConnection::GetSecurityInfo into ::GetTLSSocketControl r=kershaw,necko-reviewers

This continues work started in bug 1784098.

Differential Revision: https://phabricator.services.mozilla.com/D155625

netwerk/base/ARefBase.h

@@ -7,7 +7,7 @@
 #ifndef mozilla_net_ARefBase_h
 #define mozilla_net_ARefBase_h
 
-#include "nscore.h"
+#include "nsISupportsImpl.h"
 
 namespace mozilla {
 namespace net {

netwerk/protocol/http/AlternateServices.cpp

@@ -566,9 +566,8 @@ bool AltSvcTransaction<Validator>::MaybeValidate(nsresult reason) {
     return false;
   }
 
-  nsCOMPtr<nsISupports> secInfo;
+  nsCOMPtr<nsISSLSocketControl> socketControl;
-  mConnection->GetSecurityInfo(getter_AddRefs(secInfo));
+  mConnection->GetTLSSocketControl(getter_AddRefs(socketControl));
-  nsCOMPtr<nsISSLSocketControl> socketControl = do_QueryInterface(secInfo);
 
   LOG(("AltSvcTransaction::MaybeValidate() %p socketControl=%p\n", this,
        socketControl.get()));

netwerk/protocol/http/Http2Session.cpp

@@ -2558,9 +2558,8 @@ nsresult Http2Session::RecvAltSvc(Http2Session* self) {
 
   if (!impliedOrigin) {
     bool okToReroute = true;
-    nsCOMPtr<nsISupports> securityInfo;
+    nsCOMPtr<nsISSLSocketControl> ssl;
-    self->mConnection->GetSecurityInfo(getter_AddRefs(securityInfo));
+    self->mConnection->GetTLSSocketControl(getter_AddRefs(ssl));
-    nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo);
     if (!ssl) {
       okToReroute = false;
     }
@@ -2595,12 +2594,15 @@ nsresult Http2Session::RecvAltSvc(Http2Session* self) {
     }
   }
 
-  nsCOMPtr<nsISupports> callbacks;
+  nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
-  self->mConnection->GetSecurityInfo(getter_AddRefs(callbacks));
+  self->mConnection->GetTLSSocketControl(getter_AddRefs(tlsSocketControl));
-  nsCOMPtr<nsIInterfaceRequestor> irCallbacks = do_QueryInterface(callbacks);
+  nsCOMPtr<nsIInterfaceRequestor> callbacks;
+  if (tlsSocketControl) {
+    tlsSocketControl->GetNotificationCallbacks(getter_AddRefs(callbacks));
+  }
 
   RefPtr<UpdateAltSvcEvent> event =
-      new UpdateAltSvcEvent(altSvcFieldValue, origin, ci, irCallbacks);
+      new UpdateAltSvcEvent(altSvcFieldValue, origin, ci, callbacks);
   NS_DispatchToMainThread(event);
   self->ResetDownstreamState();
   return NS_OK;
@@ -4138,9 +4140,8 @@ nsresult Http2Session::ConfirmTLSProfile() {
 
   if (!mConnection) return NS_ERROR_FAILURE;
 
-  nsCOMPtr<nsISupports> securityInfo;
+  nsCOMPtr<nsISSLSocketControl> ssl;
-  mConnection->GetSecurityInfo(getter_AddRefs(securityInfo));
+  mConnection->GetTLSSocketControl(getter_AddRefs(ssl));
-  nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo);
   LOG3(("Http2Session::ConfirmTLSProfile %p sslsocketcontrol=%p\n", this,
         ssl.get()));
   if (!ssl) return NS_ERROR_FAILURE;
@@ -4463,12 +4464,9 @@ bool Http2Session::RealJoinConnection(const nsACString& hostname, int32_t port,
   nsresult rv;
   bool isJoined = false;
 
-  nsCOMPtr<nsISupports> securityInfo;
   nsCOMPtr<nsISSLSocketControl> sslSocketControl;
-
+  mConnection->GetTLSSocketControl(getter_AddRefs(sslSocketControl));
-  mConnection->GetSecurityInfo(getter_AddRefs(securityInfo));
+  if (!sslSocketControl) {
-  sslSocketControl = do_QueryInterface(securityInfo, &rv);
-  if (NS_FAILED(rv) || !sslSocketControl) {
     return false;
   }
 

netwerk/protocol/http/Http3Session.cpp

@@ -1543,12 +1543,9 @@ bool Http3Session::RealJoinConnection(const nsACString& hostname, int32_t port,
   nsresult rv;
   bool isJoined = false;
 
-  nsCOMPtr<nsISupports> securityInfo;
   nsCOMPtr<nsISSLSocketControl> sslSocketControl;
-
+  mConnection->GetTLSSocketControl(getter_AddRefs(sslSocketControl));
-  mConnection->GetSecurityInfo(getter_AddRefs(securityInfo));
+  if (!sslSocketControl) {
-  sslSocketControl = do_QueryInterface(securityInfo, &rv);
-  if (NS_FAILED(rv) || !sslSocketControl) {
     return false;
   }
 
@@ -1888,10 +1885,9 @@ void Http3Session::ZeroRttTelemetry(ZeroRttOutcome aOutcome) {
   }
 }
 
-nsresult Http3Session::GetTransactionSecurityInfo(nsISupports** secinfo) {
+nsresult Http3Session::GetTransactionTLSSocketControl(
-  nsCOMPtr<nsISupports> info;
+    nsISSLSocketControl** tlsSocketControl) {
-  mSocketControl->QueryInterface(NS_GET_IID(nsISupports), getter_AddRefs(info));
+  NS_IF_ADDREF(*tlsSocketControl = mSocketControl);
-  info.forget(secinfo);
   return NS_OK;
 }
 

netwerk/protocol/http/Http3Session.h

@@ -82,7 +82,8 @@ class Http3Session final : public nsAHttpTransaction, public nsAHttpConnection {
 
   void TransactionHasDataToWrite(nsAHttpTransaction* caller) override;
   void TransactionHasDataToRecv(nsAHttpTransaction* caller) override;
-  [[nodiscard]] nsresult GetTransactionSecurityInfo(nsISupports**) override;
+  [[nodiscard]] nsresult GetTransactionTLSSocketControl(
+      nsISSLSocketControl**) override;
 
   // This function will be called by QuicSocketControl when the certificate
   // verification is done.

netwerk/protocol/http/HttpConnectionBase.h

@@ -107,7 +107,7 @@ class HttpConnectionBase : public nsSupportsWeakReference {
   void GetConnectionInfo(nsHttpConnectionInfo** ci) {
     *ci = do_AddRef(mConnInfo).take();
   }
-  virtual void GetSecurityInfo(nsISupports** result) = 0;
+  virtual void GetTLSSocketControl(nsISSLSocketControl** result) = 0;
 
   [[nodiscard]] virtual nsresult ResumeSend() = 0;
   [[nodiscard]] virtual nsresult ResumeRecv() = 0;
@@ -177,7 +177,7 @@ NS_DEFINE_STATIC_IID_ACCESSOR(HttpConnectionBase, HTTPCONNECTIONBASE_IID)
   void PrintDiagnostics(nsCString&) override;                                  \
   bool TestJoinConnection(const nsACString&, int32_t) override;                \
   bool JoinConnection(const nsACString&, int32_t) override;                    \
-  void GetSecurityInfo(nsISupports** result) override;                         \
+  void GetTLSSocketControl(nsISSLSocketControl** result) override;             \
   [[nodiscard]] nsresult ResumeSend() override;                                \
   [[nodiscard]] nsresult ResumeRecv() override;                                \
   [[nodiscard]] nsresult ForceSend() override;                                 \

netwerk/protocol/http/HttpConnectionUDP.cpp

@@ -346,13 +346,13 @@ nsresult HttpConnectionUDP::TakeTransport(
   return NS_ERROR_FAILURE;
 }
 
-void HttpConnectionUDP::GetSecurityInfo(nsISupports** secinfo) {
+void HttpConnectionUDP::GetTLSSocketControl(nsISSLSocketControl** secinfo) {
   MOZ_ASSERT(OnSocketThread(), "not on socket thread");
-  LOG(("HttpConnectionUDP::GetSecurityInfo http3Session=%p\n",
+  LOG(("HttpConnectionUDP::GetTLSSocketControl http3Session=%p\n",
        mHttp3Session.get()));
 
   if (mHttp3Session &&
-      NS_SUCCEEDED(mHttp3Session->GetTransactionSecurityInfo(secinfo))) {
+      NS_SUCCEEDED(mHttp3Session->GetTransactionTLSSocketControl(secinfo))) {
     return;
   }
 

netwerk/protocol/http/TlsHandshaker.cpp

@@ -97,25 +97,19 @@ nsresult TlsHandshaker::InitSSLParams(bool connectingToProxy,
     return NS_ERROR_ABORT;
   }
 
-  nsresult rv;
+  nsCOMPtr<nsISSLSocketControl> ssl;
-  nsCOMPtr<nsISupports> securityInfo;
+  mOwner->GetTLSSocketControl(getter_AddRefs(ssl));
-  mOwner->GetSecurityInfo(getter_AddRefs(securityInfo));
+  if (!ssl) {
-  if (!securityInfo) {
     return NS_ERROR_FAILURE;
   }
 
-  nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo, &rv);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
   // If proxy is use or 0RTT is excluded for a origin, don't use early-data.
   if (mConnInfo->UsingProxy() || gHttpHandler->Is0RttTcpExcluded(mConnInfo)) {
     ssl->DisableEarlyData();
   }
 
   if (proxyStartSSL) {
-    rv = ssl->ProxyStartSSL();
+    nsresult rv = ssl->ProxyStartSSL();
     if (NS_FAILED(rv)) {
       return rv;
     }
@@ -185,16 +179,9 @@ bool TlsHandshaker::EnsureNPNComplete() {
     return false;
   }
 
-  nsresult rv = NS_OK;
+  nsCOMPtr<nsISSLSocketControl> ssl;
-  nsCOMPtr<nsISupports> securityInfo;
+  mOwner->GetTLSSocketControl(getter_AddRefs(ssl));
-  mOwner->GetSecurityInfo(getter_AddRefs(securityInfo));
+  if (!ssl) {
-  if (!securityInfo) {
-    FinishNPNSetup(false, false);
-    return true;
-  }
-
-  nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo, &rv);
-  if (NS_FAILED(rv)) {
     FinishNPNSetup(false, false);
     return true;
   }
@@ -211,7 +198,7 @@ bool TlsHandshaker::EnsureNPNComplete() {
 
   LOG(("TlsHandshaker::EnsureNPNComplete [mOwner=%p] drive TLS handshake",
        mOwner.get()));
-  rv = ssl->DriveHandshake();
+  nsresult rv = ssl->DriveHandshake();
   if (NS_FAILED(rv) && rv != NS_BASE_STREAM_WOULD_BLOCK) {
     FinishNPNSetup(false, true);
     return true;

netwerk/protocol/http/nsAHttpConnection.h

@@ -11,9 +11,10 @@
 #include "nsAHttpTransaction.h"
 #include "HttpTrafficAnalyzer.h"
 
-class nsISocketTransport;
 class nsIAsyncInputStream;
 class nsIAsyncOutputStream;
+class nsISSLSocketControl;
+class nsISocketTransport;
 
 namespace mozilla {
 namespace net {
@@ -105,8 +106,8 @@ class nsAHttpConnection : public nsISupports {
                                                nsIAsyncInputStream**,
                                                nsIAsyncOutputStream**) = 0;
 
-  // called by a transaction to get the security info from the socket.
+  // called by a transaction to get the TLS socket control from the socket.
-  virtual void GetSecurityInfo(nsISupports**) = 0;
+  virtual void GetTLSSocketControl(nsISSLSocketControl**) = 0;
 
   // called by a transaction to determine whether or not the connection is
   // persistent... important in determining the end of a response.
@@ -195,12 +196,12 @@ NS_DEFINE_STATIC_IID_ACCESSOR(nsAHttpConnection, NS_AHTTPCONNECTION_IID)
     }                                                                        \
     return (fwdObject)->GetConnectionInfo(result);                           \
   }                                                                          \
-  void GetSecurityInfo(nsISupports** result) override {                      \
+  void GetTLSSocketControl(nsISSLSocketControl** result) override {          \
     if (!(fwdObject)) {                                                      \
       *result = nullptr;                                                     \
       return;                                                                \
     }                                                                        \
-    return (fwdObject)->GetSecurityInfo(result);                             \
+    return (fwdObject)->GetTLSSocketControl(result);                         \
   }                                                                          \
   [[nodiscard]] nsresult ResumeSend() override {                             \
     if (!(fwdObject)) return NS_ERROR_FAILURE;                               \

netwerk/protocol/http/nsAHttpTransaction.h

@@ -5,7 +5,6 @@
 #ifndef nsAHttpTransaction_h__
 #define nsAHttpTransaction_h__
 
-#include "nsISupports.h"
 #include "nsTArray.h"
 #include "nsWeakReference.h"
 
@@ -19,9 +18,10 @@ typedef __StatusTmp Status;
 
 class nsIDNSHTTPSSVCRecord;
 class nsIInterfaceRequestor;
+class nsIRequestContext;
+class nsISSLSocketControl;
 class nsISVCBRecord;
 class nsITransport;
-class nsIRequestContext;
 
 namespace mozilla {
 namespace net {
@@ -167,13 +167,14 @@ class nsAHttpTransaction : public nsSupportsWeakReference {
   virtual bool ResponseTimeoutEnabled() const;
   virtual PRIntervalTime ResponseTimeout();
 
-  // conceptually the security info is part of the connection, but sometimes
+  // conceptually the socket control is part of the connection, but sometimes
   // in the case of TLS tunneled within TLS the transaction might present
-  // a more specific security info that cannot be represented as a layer in
+  // a more specific socket control that cannot be represented as a layer in
   // the connection due to multiplexing. This interface represents such an
   // overload. If it returns NS_FAILURE the connection should be considered
   // authoritative.
-  [[nodiscard]] virtual nsresult GetTransactionSecurityInfo(nsISupports**) {
+  [[nodiscard]] virtual nsresult GetTransactionTLSSocketControl(
+      nsISSLSocketControl**) {
     return NS_ERROR_NOT_IMPLEMENTED;
   }
 

netwerk/protocol/http/nsHttpConnection.cpp

@@ -33,7 +33,6 @@
 #include "nsProxyRelease.h"
 #include "nsSocketTransport2.h"
 #include "nsStringStream.h"
-#include "nsITransportSecurityInfo.h"
 #include "mozpkix/pkixnss.h"
 #include "sslerr.h"
 #include "sslt.h"
@@ -644,14 +643,10 @@ void nsHttpConnection::Close(nsresult reason, bool aIsShutdown) {
     }
   }
 
-  nsCOMPtr<nsISupports> securityInfo;
+  nsCOMPtr<nsISSLSocketControl> ssl;
-  GetSecurityInfo(getter_AddRefs(securityInfo));
+  GetTLSSocketControl(getter_AddRefs(ssl));
-  if (securityInfo) {
+  if (ssl) {
-    nsresult rv;
+    ssl->SetHandshakeCallbackListener(nullptr);
-    nsCOMPtr<nsISSLSocketControl> ssl = do_QueryInterface(securityInfo, &rv);
-    if (NS_SUCCEEDED(rv)) {
-      ssl->SetHandshakeCallbackListener(nullptr);
-    }
   }
 
   if (NS_FAILED(reason)) {
@@ -1189,26 +1184,23 @@ void nsHttpConnection::UpdateTCPKeepalive(nsITimer* aTimer, void* aClosure) {
   }
 }
 
-void nsHttpConnection::GetSecurityInfo(nsISupports** secinfo) {
+void nsHttpConnection::GetTLSSocketControl(
+    nsISSLSocketControl** tlsSocketControl) {
   MOZ_ASSERT(OnSocketThread(), "not on socket thread");
   LOG(("nsHttpConnection::GetSecurityInfo trans=%p socket=%p\n",
        mTransaction.get(), mSocketTransport.get()));
 
-  if (mTransaction &&
+  *tlsSocketControl = nullptr;
-      NS_SUCCEEDED(mTransaction->GetTransactionSecurityInfo(secinfo))) {
+
+  if (mTransaction && NS_SUCCEEDED(mTransaction->GetTransactionTLSSocketControl(
+                          tlsSocketControl))) {
     return;
   }
 
-  if (mSocketTransport) {
+  if (mSocketTransport &&
-    nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
+      NS_SUCCEEDED(mSocketTransport->GetTlsSocketControl(tlsSocketControl))) {
-    if (NS_SUCCEEDED(mSocketTransport->GetTlsSocketControl(
+    return;
-            getter_AddRefs(tlsSocketControl)))) {
-      tlsSocketControl.forget(secinfo);
-      return;
-    }
   }
-
-  *secinfo = nullptr;
 }
 
 nsresult nsHttpConnection::PushBack(const char* data, uint32_t length) {
@@ -1424,13 +1416,12 @@ void nsHttpConnection::CloseTransaction(nsAHttpTransaction* trans,
 
 bool nsHttpConnection::CheckCanWrite0RTTData() {
   MOZ_ASSERT(mTlsHandshaker->EarlyDataAvailable());
-  nsCOMPtr<nsISupports> securityInfo;
+  nsCOMPtr<nsISSLSocketControl> ssl;
-  GetSecurityInfo(getter_AddRefs(securityInfo));
+  GetTLSSocketControl(getter_AddRefs(ssl));
-  if (!securityInfo) {
+  if (!ssl) {
     return false;
   }
-  nsCOMPtr<nsITransportSecurityInfo> info;
+  nsCOMPtr<nsITransportSecurityInfo> info(do_QueryInterface(ssl));
-  info = do_QueryInterface(securityInfo);
   if (!info) {
     return false;
   }
@@ -1441,11 +1432,6 @@ bool nsHttpConnection::CheckCanWrite0RTTData() {
   if (NS_FAILED(rv)) {
     return true;
   }
-  nsCOMPtr<nsISSLSocketControl> ssl;
-  ssl = do_QueryInterface(securityInfo);
-  if (!ssl) {
-    return false;
-  }
   bool earlyDataAccepted = false;
   rv = ssl->GetEarlyDataAccepted(&earlyDataAccepted);
   // If 0RTT data is accepted we can continue writing data,
@@ -2267,30 +2253,21 @@ void nsHttpConnection::HandshakeDoneInternal() {
   if (mTlsHandshaker->NPNComplete()) {
     return;
   }
-  nsresult rv = NS_OK;
+
-  nsCOMPtr<nsISupports> securityInfo;
-  nsCOMPtr<nsITransportSecurityInfo> info;
   nsCOMPtr<nsISSLSocketControl> ssl;
+  GetTLSSocketControl(getter_AddRefs(ssl));
+  if (!ssl) {
+    mTlsHandshaker->FinishNPNSetup(false, false);
+    return;
+  }
+
+  nsCOMPtr<nsITransportSecurityInfo> info(do_QueryInterface(ssl));
+  if (!info) {
+    mTlsHandshaker->FinishNPNSetup(false, false);
+    return;
+  }
+
   nsAutoCString negotiatedNPN;
-
-  GetSecurityInfo(getter_AddRefs(securityInfo));
-  if (!securityInfo) {
-    mTlsHandshaker->FinishNPNSetup(false, false);
-    return;
-  }
-
-  ssl = do_QueryInterface(securityInfo, &rv);
-  if (NS_FAILED(rv)) {
-    mTlsHandshaker->FinishNPNSetup(false, false);
-    return;
-  }
-
-  info = do_QueryInterface(securityInfo, &rv);
-  if (NS_FAILED(rv)) {
-    mTlsHandshaker->FinishNPNSetup(false, false);
-    return;
-  }
-
   DebugOnly<nsresult> rvDebug = info->GetNegotiatedNPN(negotiatedNPN);
   MOZ_ASSERT(NS_SUCCEEDED(rvDebug));
 
@@ -2302,7 +2279,7 @@ void nsHttpConnection::HandshakeDoneInternal() {
         ("nsHttpConnection::HandshakeDone [this=%p] - early data "
          "that was sent during 0RTT %s been accepted [rv=%" PRIx32 "].",
          this, earlyDataAccepted ? "has" : "has not",
-         static_cast<uint32_t>(rv)));
+         static_cast<uint32_t>(rvEarlyData)));
 
     if (NS_FAILED(rvEarlyData) ||
         (mTransaction &&

netwerk/protocol/http/nsHttpTransaction.cpp

@@ -735,10 +735,10 @@ nsresult nsHttpTransaction::ReadSegments(nsAHttpSegmentReader* reader,
 
   if (!mConnected && !m0RTTInProgress) {
     mConnected = true;
-    nsCOMPtr<nsISupports> info;
+    nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
-    mConnection->GetSecurityInfo(getter_AddRefs(info));
+    mConnection->GetTLSSocketControl(getter_AddRefs(tlsSocketControl));
     MutexAutoLock lock(mLock);
-    mSecurityInfo = info;
+    mTLSSocketControl = tlsSocketControl;
   }
 
   mDeferredSendProgress = false;
@@ -979,7 +979,7 @@ bool nsHttpTransaction::DataSentToChildProcess() { return false; }
 
 already_AddRefed<nsISupports> nsHttpTransaction::SecurityInfo() {
   MutexAutoLock lock(mLock);
-  return do_AddRef(mSecurityInfo);
+  return do_AddRef(mTLSSocketControl);
 }
 
 bool nsHttpTransaction::HasStickyConnection() const {
@@ -1220,12 +1220,10 @@ void nsHttpTransaction::PrepareConnInfoForRetry(nsresult aReason) {
     LOG((" Got SSL_ERROR_ECH_RETRY_WITH_ECH, use retry echConfig"));
     MOZ_ASSERT(mConnection);
 
-    nsCOMPtr<nsISupports> secInfo;
+    nsCOMPtr<nsISSLSocketControl> socketControl;
     if (mConnection) {
-      mConnection->GetSecurityInfo(getter_AddRefs(secInfo));
+      mConnection->GetTLSSocketControl(getter_AddRefs(socketControl));
     }
-
-    nsCOMPtr<nsISSLSocketControl> socketControl = do_QueryInterface(secInfo);
     MOZ_ASSERT(socketControl);
 
     nsAutoCString retryEchConfig;
@@ -1383,11 +1381,11 @@ void nsHttpTransaction::Close(nsresult reason) {
     connReused = mConnection->IsReused();
     isHttp2or3 = mConnection->Version() >= HttpVersion::v2_0;
     if (!mConnected) {
-      // Try to get SecurityInfo for this transaction.
+      // Try to get TLSSocketControl for this transaction.
-      nsCOMPtr<nsISupports> info;
+      nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
-      mConnection->GetSecurityInfo(getter_AddRefs(info));
+      mConnection->GetTLSSocketControl(getter_AddRefs(tlsSocketControl));
       MutexAutoLock lock(mLock);
-      mSecurityInfo = info;
+      mTLSSocketControl = tlsSocketControl;
     }
   }
   mConnected = false;
@@ -1753,7 +1751,7 @@ nsresult nsHttpTransaction::Restart() {
   // clear old connection state...
   {
     MutexAutoLock lock(mLock);
-    mSecurityInfo = nullptr;
+    mTLSSocketControl = nullptr;
   }
 
   if (mConnection) {
@@ -2920,10 +2918,10 @@ nsresult nsHttpTransaction::Finish0RTT(bool aRestart,
   } else if (!mConnected) {
     // this is code that was skipped in ::ReadSegments while in 0RTT
     mConnected = true;
-    nsCOMPtr<nsISupports> info;
+    nsCOMPtr<nsISSLSocketControl> tlsSocketControl;
-    mConnection->GetSecurityInfo(getter_AddRefs(info));
+    mConnection->GetTLSSocketControl(getter_AddRefs(tlsSocketControl));
     MutexAutoLock lock(mLock);
-    mSecurityInfo = info;
+    mTLSSocketControl = tlsSocketControl;
   }
   return NS_OK;
 }
@@ -3045,9 +3043,8 @@ void nsHttpTransaction::NotifyTransactionObserver(nsresult reason) {
                  ((mConnection->Version() == HttpVersion::v2_0) ||
                   (mConnection->Version() == HttpVersion::v3_0)));
 
-    nsCOMPtr<nsISupports> secInfo;
+    nsCOMPtr<nsISSLSocketControl> socketControl;
-    mConnection->GetSecurityInfo(getter_AddRefs(secInfo));
+    mConnection->GetTLSSocketControl(getter_AddRefs(socketControl));
-    nsCOMPtr<nsISSLSocketControl> socketControl = do_QueryInterface(secInfo);
     LOG(
         ("nsHttpTransaction::NotifyTransactionObserver"
          " version %u socketControl %p\n",

netwerk/protocol/http/nsHttpTransaction.h

@@ -6,26 +6,26 @@
 #ifndef nsHttpTransaction_h__
 #define nsHttpTransaction_h__
 
-#include "nsHttp.h"
+#include "ARefBase.h"
-#include "nsAHttpTransaction.h"
-#include "HttpTransactionShell.h"
-#include "nsAHttpConnection.h"
 #include "EventTokenBucket.h"
-#include "nsCOMPtr.h"
-#include "nsIAsyncOutputStream.h"
-#include "nsThreadUtils.h"
-#include "nsIInterfaceRequestor.h"
-#include "nsIAsyncOutputStream.h"
-#include "nsITimer.h"
-#include "nsIEarlyHintObserver.h"
-#include "nsTHashMap.h"
-#include "nsIClassOfService.h"
-#include "TimingStruct.h"
 #include "Http2Push.h"
+#include "HttpTransactionShell.h"
+#include "TimingStruct.h"
+#include "mozilla/StaticPrefs_security.h"
 #include "mozilla/net/DNS.h"
 #include "mozilla/net/NeckoChannelParams.h"
-#include "mozilla/StaticPrefs_security.h"
+#include "nsAHttpConnection.h"
-#include "ARefBase.h"
+#include "nsAHttpTransaction.h"
+#include "nsCOMPtr.h"
+#include "nsHttp.h"
+#include "nsIAsyncOutputStream.h"
+#include "nsIClassOfService.h"
+#include "nsIEarlyHintObserver.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsISSLSocketControl.h"
+#include "nsITimer.h"
+#include "nsTHashMap.h"
+#include "nsThreadUtils.h"
 
 //-----------------------------------------------------------------------------
 
@@ -306,7 +306,7 @@ class nsHttpTransaction final : public nsAHttpTransaction,
   nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
   nsCOMPtr<nsITransportEventSink> mTransportSink;
   nsCOMPtr<nsIEventTarget> mConsumerTarget;
-  nsCOMPtr<nsISupports> mSecurityInfo;
+  nsCOMPtr<nsISSLSocketControl> mTLSSocketControl;
   nsCOMPtr<nsIAsyncInputStream> mPipeIn;
   nsCOMPtr<nsIAsyncOutputStream> mPipeOut;
   nsCOMPtr<nsIRequestContext> mRequestContext;