Chromium Code Reviews
Help | Chromium Project | Sign in
(1)

Issue 4670004: Change NSS's native auth patch to use PCERT_KEY_CONTEXT instead of HCRYPTPROV on Win (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
3 years, 5 months ago by Ryan Sleevi
Modified:
2 years, 11 months ago
Reviewers:
wtc
CC:
chromium-reviews_chromium.org, cbentzel+watch_chromium.org, darin-cc_chromium.org
Visibility:
Public.

Description

When performing SSL client authentication on Windows via NSS, change the returned key type to use a PCERT_KEY_CONTEXT allocated via NSS's PORT_Alloc(), rather than an HCRYPTPROV, for native client certificate authentication.

There are two reasons for doing this; first, a PCERT_KEY_CONTEXT lets us transmit a dwKeySpec, indicating whether to use the AT_KEYEXCHANGE or AT_SIGNATURE key for CryptoAPI keys. Second, a small piece of syntactic fluff, a PCERT_KEY_CONTEXT easily supports CNG keys for Vista+, which though not presently supported, is a TODO.

R=wtc
BUG=37560, 71748
TEST=Perform SSL client auth on Windows.

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=73913

Patch Set 1 #

Patch Set 2 : Whitespace #

Patch Set 3 : Rebase to trunk #

Total comments: 8

Patch Set 4 : Feedback #

Patch Set 5 : Rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+42 lines, -77 lines) Lint Patch
M net/socket/ssl_client_socket_nss.cc View 1 2 3 3 chunks +14 lines, -57 lines 0 comments 0 errors Download
M net/third_party/nss/ssl/ssl.h View 1 2 3 1 chunk +6 lines, -2 lines 0 comments 0 errors Download
M net/third_party/nss/ssl/sslimpl.h View 1 2 3 1 chunk +1 line, -1 line 0 comments 0 errors Download
M net/third_party/nss/ssl/sslplatf.c View 1 2 3 4 8 chunks +21 lines, -17 lines 0 comments 3 errors Download
Trybot results:
Commit:

Messages

Total messages: 5
Ryan Sleevi
wtc: Please take a look. One area of (possible) concern is the requirement for the ...
3 years, 5 months ago #1
Ryan Sleevi
wtc: ping?
3 years, 3 months ago #2
wtc
LGTM! I'm very sorry about the long delay in reviewing this CL. Please make the ...
3 years, 2 months ago #3
Ryan Sleevi
http://codereview.chromium.org/4670004/diff/9001/net/third_party/nss/ssl/ssl.h File net/third_party/nss/ssl/ssl.h (right): http://codereview.chromium.org/4670004/diff/9001/net/third_party/nss/ssl/ssl.h#newcode354 net/third_party/nss/ssl/ssl.h:354: * - Windows: A PCERT_KEY_CONTEXT, allocated via PORT_Alloc(). On ...
3 years, 2 months ago #4
wtc
3 years, 2 months ago #5
The CL's description says:

  change the returned key type to use a PCERT_KEY_CONTEXT
  allocated via NSS's PORT_Alloc(), ...

My complaint is that it says the PCERT_KEY_CONTEXT (note the P)
is allocated via PORT_Alloc().  But it is CERT_KEY_CONTEXT that
is allocated via PORT_Alloc().
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1280:2d3e6564b7b6