Chromium Code Reviews
Help | Chromium Project | Sign in

Issue 4670004: Change NSS's native auth patch to use PCERT_KEY_CONTEXT instead of HCRYPTPROV on Win (Closed)

Can't Edit
Can't Publish+Mail
Start Review
6 years, 3 months ago by Ryan Sleevi
5 years, 9 months ago


When performing SSL client authentication on Windows via NSS, change the returned key type to use a PCERT_KEY_CONTEXT allocated via NSS's PORT_Alloc(), rather than an HCRYPTPROV, for native client certificate authentication. There are two reasons for doing this; first, a PCERT_KEY_CONTEXT lets us transmit a dwKeySpec, indicating whether to use the AT_KEYEXCHANGE or AT_SIGNATURE key for CryptoAPI keys. Second, a small piece of syntactic fluff, a PCERT_KEY_CONTEXT easily supports CNG keys for Vista+, which though not presently supported, is a TODO. R=wtc BUG=37560, 71748 TEST=Perform SSL client auth on Windows. Committed:

Patch Set 1 #

Patch Set 2 : Whitespace #

Patch Set 3 : Rebase to trunk #

Total comments: 8

Patch Set 4 : Feedback #

Patch Set 5 : Rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+42 lines, -77 lines) Patch
M net/socket/ View 1 2 3 3 chunks +14 lines, -57 lines 0 comments Download
M net/third_party/nss/ssl/ssl.h View 1 2 3 1 chunk +6 lines, -2 lines 0 comments Download
M net/third_party/nss/ssl/sslimpl.h View 1 2 3 1 chunk +1 line, -1 line 0 comments Download
M net/third_party/nss/ssl/sslplatf.c View 1 2 3 4 8 chunks +21 lines, -17 lines 0 comments Download
Trybot results:
Commit queue not available (can’t edit this change).


Total messages: 5 (0 generated)
Ryan Sleevi
wtc: Please take a look. One area of (possible) concern is the requirement for the ...
6 years, 3 months ago (2010-11-11 03:59:30 UTC) #1
Ryan Sleevi
wtc: ping?
6 years, 1 month ago (2011-01-13 00:38:36 UTC) #2
LGTM! I'm very sorry about the long delay in reviewing this CL. Please make the ...
6 years ago (2011-02-04 01:32:16 UTC) #3
Ryan Sleevi File net/third_party/nss/ssl/ssl.h (right): net/third_party/nss/ssl/ssl.h:354: * - Windows: A PCERT_KEY_CONTEXT, allocated via PORT_Alloc(). On ...
6 years ago (2011-02-05 04:43:20 UTC) #4
6 years ago (2011-02-05 05:29:40 UTC) #5
The CL's description says:

  change the returned key type to use a PCERT_KEY_CONTEXT
  allocated via NSS's PORT_Alloc(), ...

My complaint is that it says the PCERT_KEY_CONTEXT (note the P)
is allocated via PORT_Alloc().  But it is CERT_KEY_CONTEXT that
is allocated via PORT_Alloc().
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f8e48bd