Chromium Code Reviews
Help | Chromium Project | Sign in
(965)

Issue 1589034: If the server's CertificateRequest message contains an empty... (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
4 years ago by wtc
Modified:
2 years, 11 months ago
Reviewers:
agl
CC:
chromium-reviews_chromium.org, darin-cc_chromium.org
Visibility:
Public.

Description

If the server's CertificateRequest message contains an empty
certificate_authorities list, it means client certificates issued by
any CA are acceptable. NSS_CmpCertChainWCANames returns SECFailure
in that case, so we need to test for that case.

Improve error code mapping.

Add a comment to note new NSS functions we can use in the future, and
add a missing LeaveFunction call.

R=agl
BUG=16830
TEST=Visit a server that sends a CertificateRequest message with an
empty certificate_authorities list. The client certificate selection
dialog should pop up with all client certificates shown as eligible.

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=44442

Patch Set 1 #

Patch Set 2 : Also map SSL_ERROR_ILLEGAL_PARAMETER_ALERT. #

Patch Set 3 : More error code mapping improvements. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+12 lines, -2 lines) Lint Patch
M net/socket/ssl_client_socket_nss.cc View 1 2 5 chunks +12 lines, -2 lines 0 comments 0 errors Download
Commit:

Messages

Total messages: 2
wtc
If ca_names->nnames is 0, NSS_CmpCertChainWCANames returns SECFailure. See http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/cmpcert.c&rev=1.6&mark=58,71-73#52 This change is the most important ...
4 years ago #1
agl
4 years ago #2
LGTM
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1280:2d3e6564b7b6