|
Fix client certificate authentication on Mac and Linux introduced in r178732
When requesting client authentication, the SSL server may send a list of
acceptable CAs. When discovering matching client certificates, the Mac and
Linux implementations were not fully considering all intermediate certificates
when attempting to discover client certificates.
For example, if the client certficate chain was CC -> Intermediate -> Root, and
the server sent a list of acceptable CAs as Root, then on Mac and Linux, CC
would not be considered, whereas on Windows it would. Further, if the server
listed Intermediate as an acceptable CA, then it would work on all platforms.
BUG= 224280, 224897
TEST=See https://docs.google.com/a/chromium.org/document/d/19V5_PBSm7OaFLXzTXdiCdSpt1r1yFYJhuH9X41O2oOs/edit?usp=sharing
R=wtc@chromium.org
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=196535
Total comments: 9
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+672 lines, -516 lines) |
Patch |
|
M |
crypto/mac_security_services_lock.h
|
View
|
|
1 chunk |
+0 lines, -1 line |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate.h
|
View
|
|
1 chunk |
+0 lines, -3 lines |
0 comments
|
Download
|
|
M |
net/cert/x509_certificate_mac.cc
|
View
|
1
2
3
4
5
|
2 chunks |
+0 lines, -84 lines |
0 comments
|
Download
|
|
M |
net/data/ssl/certificates/README
|
View
|
1
|
1 chunk |
+8 lines, -8 lines |
0 comments
|
Download
|
|
M |
net/data/ssl/certificates/client_1.key
|
View
|
1
2
3
4
5
6
|
1 chunk |
+25 lines, -25 lines |
0 comments
|
Download
|
|
M |
net/data/ssl/certificates/client_1.pem
|
View
|
1
2
3
4
5
6
|
1 chunk |
+59 lines, -53 lines |
0 comments
|
Download
|
|
A |
net/data/ssl/certificates/client_1_ca.pem
|
View
|
1
2
3
4
5
6
|
1 chunk |
+71 lines, -0 lines |
0 comments
|
Download
|
|
D |
net/data/ssl/certificates/client_1_root.pem
|
View
|
1
|
1 chunk |
+0 lines, -66 lines |
0 comments
|
Download
|
|
M |
net/data/ssl/certificates/client_2.key
|
View
|
1
2
3
4
5
6
|
1 chunk |
+25 lines, -25 lines |
0 comments
|
Download
|
|
M |
net/data/ssl/certificates/client_2.pem
|
View
|
1
2
3
4
5
6
|
1 chunk |
+59 lines, -53 lines |
0 comments
|
Download
|
|
A |
net/data/ssl/certificates/client_2_ca.pem
|
View
|
1
2
3
4
5
6
|
1 chunk |
+71 lines, -0 lines |
0 comments
|
Download
|
|
D |
net/data/ssl/certificates/client_2_root.pem
|
View
|
1
|
1 chunk |
+0 lines, -66 lines |
0 comments
|
Download
|
|
A |
net/data/ssl/scripts/client-certs.cnf
|
View
|
1
|
1 chunk |
+51 lines, -0 lines |
0 comments
|
Download
|
|
D |
net/data/ssl/scripts/client_authentication.cnf
|
View
|
1
|
1 chunk |
+0 lines, -35 lines |
0 comments
|
Download
|
|
M |
net/data/ssl/scripts/generate-client-certificates.sh
|
View
|
1
2
|
1 chunk |
+132 lines, -49 lines |
0 comments
|
Download
|
|
M |
net/socket/ssl_client_socket_nss.cc
|
View
|
|
4 chunks |
+25 lines, -25 lines |
0 comments
|
Download
|
|
M |
net/socket/ssl_client_socket_openssl_unittest.cc
|
View
|
1
|
2 chunks |
+2 lines, -2 lines |
0 comments
|
Download
|
|
M |
net/ssl/client_cert_store_impl_mac.cc
|
View
|
1
2
|
5 chunks |
+103 lines, -7 lines |
0 comments
|
Download
|
|
M |
net/ssl/client_cert_store_impl_nss.cc
|
View
|
1
2
|
4 chunks |
+35 lines, -6 lines |
0 comments
|
Download
|
|
M |
net/ssl/client_cert_store_impl_unittest.cc
|
View
|
1
|
1 chunk |
+6 lines, -8 lines |
0 comments
|
Download
|
Total messages: 18 (0 generated)
|