diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-03 04:59:23 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-03 04:59:23 +0000 |
| commit | 187f48b948415dc91ffc7fa48c66fb90f536b1b1 (patch) | |
| tree | 079f66539c8162cc6a48d5a19168b3a1673ef200 /net/socket | |
| parent | 6dee7c46b6e47769b1f2b3e032b1dc5ccdd8863a (diff) | |
| download | chromium_src-187f48b948415dc91ffc7fa48c66fb90f536b1b1.zip chromium_src-187f48b948415dc91ffc7fa48c66fb90f536b1b1.tar.gz chromium_src-187f48b948415dc91ffc7fa48c66fb90f536b1b1.tar.bz2 | |
When determining potential client certificates on Windows, if a certificate does not appear to have a private key, do not include it in the list of client certificates to select when authenticating with an SSL server. If the certificate is stored on a smart card, this does not require the smart card to be inserted, only that the certificate metadata stored by Windows contains a reference to the private key.
R=wtc
BUG=66519
TEST=none
Review URL: http://codereview.chromium.org/6273017
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@76717 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 7 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_win.cc | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 405a2f3..89888ed 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -237,6 +237,13 @@ BOOL WINAPI ClientCertFindCallback(PCCERT_CONTEXT cert_context, if (CertVerifyTimeValidity(NULL, cert_context->pCertInfo) != 0) return FALSE; + // Verify private key metadata is associated with this certificate. + DWORD size = 0; + if (!CertGetCertificateContextProperty( + cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { + return FALSE; + } + return TRUE; } diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc index 5a37de8..61369b4 100644 --- a/net/socket/ssl_client_socket_win.cc +++ b/net/socket/ssl_client_socket_win.cc @@ -325,6 +325,13 @@ static BOOL WINAPI ClientCertFindCallback(PCCERT_CONTEXT cert_context, if (CertVerifyTimeValidity(NULL, cert_context->pCertInfo) != 0) return FALSE; + // Verify private key metadata is associated with this certificate. + DWORD size = 0; + if (!CertGetCertificateContextProperty( + cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { + return FALSE; + } + return TRUE; } |