diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-15 21:23:37 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-15 21:23:37 +0000 |
| commit | d84b3729c73df5ca7679bf827a348c97810fc4b3 (patch) | |
| tree | cb4f46567a9c04294219adbb05fee92a72c41026 /net/socket/ssl_client_socket_nss.h | |
| parent | d7519fc7cbb59eef660f8d331d00df9a04878968 (diff) | |
| download | chromium_src-d84b3729c73df5ca7679bf827a348c97810fc4b3.zip chromium_src-d84b3729c73df5ca7679bf827a348c97810fc4b3.tar.gz chromium_src-d84b3729c73df5ca7679bf827a348c97810fc4b3.tar.bz2 | |
Provides a certificate for SSL client authentication on NSS sockets.
GUI is still missing, so certificates and private keys have to be
stored manually, p.e.:
$ pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12
Adds --auto-ssl-client-auth command-line option to enable this feature.
Patch contributed by Jaime Soriano <jsorianopastor@gmail.com>.
Original review URL: http://codereview.chromium.org/220009
R=wtc
BUG=16830
TEST=Try to connect to a web page that requires SSL authentication and
confirm that it connects if and only if a valid certificate is stored in
the ~/.pki/nssdb database.
Review URL: http://codereview.chromium.org/276037
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29188 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket_nss.h')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index 1535e04f..73e63d0 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -10,8 +10,10 @@ #define Lock FOO_NSS_Lock #include <certt.h> #undef Lock +#include <keyt.h> #include <nspr.h> #include <nss.h> + #include <string> #include "base/scoped_ptr.h" @@ -85,6 +87,12 @@ class SSLClientSocketNSS : public SSLClientSocket { // argument. static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket, PRBool checksig, PRBool is_server); + // NSS calls this when client authentication is requested. + static SECStatus ClientAuthHandler(void* arg, + PRFileDesc* socket, + CERTDistNames* ca_names, + CERTCertificate** result_certificate, + SECKEYPrivateKey** result_private_key); // NSS calls this when handshake is completed. We pass 'this' as the second // argument. static void HandshakeCallback(PRFileDesc* socket, void* arg); @@ -116,6 +124,11 @@ class SSLClientSocketNSS : public SSLClientSocket { scoped_refptr<X509Certificate> server_cert_; CertVerifyResult server_cert_verify_result_; + // Stores client authentication information between ClientAuthHandler and + // GetSSLCertRequestInfo calls. + CERTDistNames* client_auth_ca_names_; + bool client_auth_cert_needed_; + scoped_ptr<CertVerifier> verifier_; bool completed_handshake_; |