Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 8821002: Honor server requested origin bound client cert types. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 0e4ea7f8abc1050f1bd04f1118e1cc0a00ae55b3..0e24342622c0fb95612f19691374c589a1f6afac 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -2142,13 +2142,15 @@ bool SSLClientSocketNSS::OriginBoundCertNegotiated(PRFileDesc* socket) {
}
SECStatus SSLClientSocketNSS::OriginBoundClientAuthHandler(
- const std::vector<uint8>& requested_cert_types,
+ const SECItem* cert_types,
CERTCertificate** result_certificate,
SECKEYPrivateKey** result_private_key) {
ob_cert_xtn_negotiated_ = true;
// We have negotiated the origin-bound certificate extension.
std::string origin = "https://" + host_and_port_.ToString();
+ std::vector<uint8> requested_cert_types(cert_types->data,
+ cert_types->data + cert_types->len);
wtc 2011/12/06 02:47:58 Since we still need to convert to a std::vector<ui
net_log_.BeginEvent(NetLog::TYPE_SSL_GET_ORIGIN_BOUND_CERT, NULL);
int error = origin_bound_cert_service_->GetOriginBoundCert(
origin,
@@ -2201,14 +2203,12 @@ SECStatus SSLClientSocketNSS::PlatformClientAuthHandler(
that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, NULL);
+ const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
+
// Check if an origin-bound certificate is requested.
if (OriginBoundCertNegotiated(socket)) {
- // TODO(mattm): Once NSS supports it, pass the actual requested types.
- std::vector<uint8> requested_cert_types;
- requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
- requested_cert_types.push_back(CLIENT_CERT_RSA_SIGN);
return that->OriginBoundClientAuthHandler(
- requested_cert_types, result_nss_certificate, result_nss_private_key);
+ cert_types, result_nss_certificate, result_nss_private_key);
}
that->client_auth_cert_needed_ = !that->ssl_config_.send_client_cert;
@@ -2510,14 +2510,12 @@ SECStatus SSLClientSocketNSS::ClientAuthHandler(
that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, NULL);
+ const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
+
// Check if an origin-bound certificate is requested.
if (OriginBoundCertNegotiated(socket)) {
- // TODO(mattm): Once NSS supports it, pass the actual requested types.
- std::vector<uint8> requested_cert_types;
- requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
- requested_cert_types.push_back(CLIENT_CERT_RSA_SIGN);
return that->OriginBoundClientAuthHandler(
- requested_cert_types, result_certificate, result_private_key);
+ cert_types, result_certificate, result_private_key);
}
// Regular client certificate requested.
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698