DescriptionBuild a chain in ClientCertStoreNSS to send intermediates to the server.
NSS used to build a chain internally in the SSL stack which got lost when
switching to BoringSSL. Align with other platforms by building the chain
externally in ClientCertStoreNSS.
Although this is inherently somewhat flaky, some servers do not have
intermediates configured locally and expect the client to supply them.
For comparison, see:
https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/ssl3con.c&l=7412
BUG=548631
Patch Set 1 #
Total comments: 4
Patch Set 2 : WIP test does not work #
Total comments: 2
Messages
Total messages: 14 (2 generated)
|