DescriptionSupport for using OS-native certificates for SSL client
auth.
Known Limitations:
- Only SSL3/TLS1.0 handshakes are supported. It's unlikely
SSLv2 will/should ever be implemented. NSS does not yet
support TLS1.1/1.2.
- On Windows, only CryptoAPI keys are supported. Keys that
can only be accessed via CNG will fail.
Technical Notes:
Windows:
- Only the AT_KEYEXCHANGE key is used, per
http://msdn.microsoft.com/en-us/library/aa387461(VS.85).aspx
- CryptSetHashParam is used to directly set the hash value.
This *should* be supported by all CSPs that are compatible
with RSA/SChannel, AFAICT, but testing is needed.
NSS:
- The define NSS_PLATFORM_CLIENT_AUTH is used to guard all
of the new/patched code. The primary implementation
details are in sslplatf.c.
Patch author: Ryan Sleevi <rsleevi@chromium.org>
Original review URL: http://codereview.chromium.org/2828002
BUG=148, 37560, 45369
TEST=Attempt to authenticate with a site that requires SSL
client authentication (e.g., https://foaf.me/simpleLogin.php
with a FOAF+SSL client certificate).
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=65064
Patch Set 1 #
Total comments: 11
Patch Set 2 : Reviewed the whole CL for the first time #Patch Set 3 : Sync'ed to current trunk. Attempt to fix Mac compilation errors. #Patch Set 4 : Make it work on Mac OS X #Patch Set 5 : Upload before checkin #
Messages
Total messages: 5 (0 generated)
|