Support for using OS-native certificates for SSL client
- Only SSL3/TLS1.0 handshakes are supported. It's unlikely
SSLv2 will/should ever be implemented. NSS does not yet
- On Windows, only CryptoAPI keys are supported. Keys that
can only be accessed via CNG will fail.
- Only the AT_KEYEXCHANGE key is used, per
- CryptSetHashParam is used to directly set the hash value.
This *should* be supported by all CSPs that are compatible
with RSA/SChannel, AFAICT, but testing is needed.
- The define NSS_PLATFORM_CLIENT_AUTH is used to guard all
of the new/patched code. The primary implementation
details are in sslplatf.c.
Patch author: Ryan Sleevi <firstname.lastname@example.org>
Original review URL: http://codereview.chromium.org/2828002
BUG=148, 37560, 45369
TEST=Attempt to authenticate with a site that requires SSL
client authentication (e.g., https://foaf.me/simpleLogin.php
with a FOAF+SSL client certificate).
Total comments: 11
Total messages: 5