Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1589034: If the server's CertificateRequest message contains an empty... (Closed)

Created:
10 years, 8 months ago by wtc
Modified:
9 years, 7 months ago
Reviewers:
agl
CC:
chromium-reviews, darin-cc_chromium.org
Visibility:
Public.

Description

If the server's CertificateRequest message contains an empty certificate_authorities list, it means client certificates issued by any CA are acceptable. NSS_CmpCertChainWCANames returns SECFailure in that case, so we need to test for that case. Improve error code mapping. Add a comment to note new NSS functions we can use in the future, and add a missing LeaveFunction call. R=agl BUG=16830 TEST=Visit a server that sends a CertificateRequest message with an empty certificate_authorities list. The client certificate selection dialog should pop up with all client certificates shown as eligible. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=44442

Patch Set 1 #

Patch Set 2 : Also map SSL_ERROR_ILLEGAL_PARAMETER_ALERT. #

Patch Set 3 : More error code mapping improvements. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+12 lines, -2 lines) Patch
M net/socket/ssl_client_socket_nss.cc View 1 2 5 chunks +12 lines, -2 lines 0 comments Download

Messages

Total messages: 2 (0 generated)
wtc
If ca_names->nnames is 0, NSS_CmpCertChainWCANames returns SECFailure. See http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/cmpcert.c&rev=1.6&mark=58,71-73#52 This change is the most important ...
10 years, 8 months ago (2010-04-14 00:35:15 UTC) #1
agl
10 years, 8 months ago (2010-04-14 01:49:07 UTC) #2 
LGTM

Powered by Google App Engine
This is Rietveld 408576698