diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-04 16:21:33 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-04 16:21:33 +0000 |
| commit | 4a842345af02ac3ae84015683383539a84f66d8c (patch) | |
| tree | 9b9b005ddea77d514f2bf0b32f83bf0e5f2bd746 /net/socket/ssl_client_socket_nss.h | |
| parent | 1fd26d8cdd166ec84c06bb7d4a8557293428fc0e (diff) | |
| download | chromium_src-4a842345af02ac3ae84015683383539a84f66d8c.zip chromium_src-4a842345af02ac3ae84015683383539a84f66d8c.tar.gz chromium_src-4a842345af02ac3ae84015683383539a84f66d8c.tar.bz2 | |
Support for using OS-native certificates for SSL client
auth.
Known Limitations:
- Only SSL3/TLS1.0 handshakes are supported. It's unlikely
SSLv2 will/should ever be implemented. NSS does not yet
support TLS1.1/1.2.
- On Windows, only CryptoAPI keys are supported. Keys that
can only be accessed via CNG will fail.
Technical Notes:
Windows:
- Only the AT_KEYEXCHANGE key is used, per
http://msdn.microsoft.com/en-us/library/aa387461(VS.85).aspx
- CryptSetHashParam is used to directly set the hash value.
This *should* be supported by all CSPs that are compatible
with RSA/SChannel, AFAICT, but testing is needed.
NSS:
- The define NSS_PLATFORM_CLIENT_AUTH is used to guard all
of the new/patched code. The primary implementation
details are in sslplatf.c.
Patch author: Ryan Sleevi <rsleevi@chromium.org>
Original review URL: http://codereview.chromium.org/2828002
BUG=148,37560,45369
TEST=Attempt to authenticate with a site that requires SSL
client authentication (e.g., https://foaf.me/simpleLogin.php
with a FOAF+SSL client certificate).
Review URL: http://codereview.chromium.org/3455019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65064 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket_nss.h')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index 0acbb2a..821abe4 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -123,11 +123,19 @@ class SSLClientSocketNSS : public SSLClientSocket { static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket, PRBool checksig, PRBool is_server); // NSS calls this when client authentication is requested. +#if defined(NSS_PLATFORM_CLIENT_AUTH) + static SECStatus PlatformClientAuthHandler(void* arg, + PRFileDesc* socket, + CERTDistNames* ca_names, + CERTCertList** result_certs, + void** result_private_key); +#else static SECStatus ClientAuthHandler(void* arg, PRFileDesc* socket, CERTDistNames* ca_names, CERTCertificate** result_certificate, SECKEYPrivateKey** result_private_key); +#endif // NSS calls this when handshake is completed. We pass 'this' as the second // argument. static void HandshakeCallback(PRFileDesc* socket, void* arg); |