Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(450)

Issue 4670004: Change NSS's native auth patch to use PCERT_KEY_CONTEXT instead of HCRYPTPROV on Win (Closed)

Created:
10 years, 1 month ago by Ryan Sleevi
Modified:
9 years, 7 months ago
Reviewers:
wtc
CC:
chromium-reviews, cbentzel+watch_chromium.org, darin-cc_chromium.org
Visibility:
Public.

Description

When performing SSL client authentication on Windows via NSS, change the returned key type to use a PCERT_KEY_CONTEXT allocated via NSS's PORT_Alloc(), rather than an HCRYPTPROV, for native client certificate authentication. There are two reasons for doing this; first, a PCERT_KEY_CONTEXT lets us transmit a dwKeySpec, indicating whether to use the AT_KEYEXCHANGE or AT_SIGNATURE key for CryptoAPI keys. Second, a small piece of syntactic fluff, a PCERT_KEY_CONTEXT easily supports CNG keys for Vista+, which though not presently supported, is a TODO. R=wtc BUG=37560, 71748 TEST=Perform SSL client auth on Windows. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=73913

Patch Set 1 #

Patch Set 2 : Whitespace #

Patch Set 3 : Rebase to trunk #

Total comments: 8

Patch Set 4 : Feedback #

Patch Set 5 : Rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+42 lines, -77 lines) Patch
M net/socket/ssl_client_socket_nss.cc View 1 2 3 3 chunks +14 lines, -57 lines 0 comments Download
M net/third_party/nss/ssl/ssl.h View 1 2 3 1 chunk +6 lines, -2 lines 0 comments Download
M net/third_party/nss/ssl/sslimpl.h View 1 2 3 1 chunk +1 line, -1 line 0 comments Download
M net/third_party/nss/ssl/sslplatf.c View 1 2 3 4 8 chunks +21 lines, -17 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
Ryan Sleevi
wtc: Please take a look. One area of (possible) concern is the requirement for the ...
10 years, 1 month ago (2010-11-11 03:59:30 UTC) #1
Ryan Sleevi
wtc: ping?
9 years, 11 months ago (2011-01-13 00:38:36 UTC) #2
wtc
LGTM! I'm very sorry about the long delay in reviewing this CL. Please make the ...
9 years, 10 months ago (2011-02-04 01:32:16 UTC) #3
Ryan Sleevi
http://codereview.chromium.org/4670004/diff/9001/net/third_party/nss/ssl/ssl.h File net/third_party/nss/ssl/ssl.h (right): http://codereview.chromium.org/4670004/diff/9001/net/third_party/nss/ssl/ssl.h#newcode354 net/third_party/nss/ssl/ssl.h:354: * - Windows: A PCERT_KEY_CONTEXT, allocated via PORT_Alloc(). On ...
9 years, 10 months ago (2011-02-05 04:43:20 UTC) #4
wtc
9 years, 10 months ago (2011-02-05 05:29:40 UTC) #5
The CL's description says:

  change the returned key type to use a PCERT_KEY_CONTEXT
  allocated via NSS's PORT_Alloc(), ...

My complaint is that it says the PCERT_KEY_CONTEXT (note the P)
is allocated via PORT_Alloc().  But it is CERT_KEY_CONTEXT that
is allocated via PORT_Alloc().

Powered by Google App Engine
This is Rietveld 408576698