(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #11) > I'm assuming this is because the parent process can't find the intermediate certificates that the server sent in the TLS handshake, because only the socket process know about them. This is why it's necessary to call `SSL_PeerCertificateChain(fd)` in the socket process and send that data to the parent: https://phabricator.services.mozilla.com/D28743#1335802 Yes, you are right! After sending the peer cert chain to parent process and calling CERT_NewTempCertificate for each, it works. Thanks for your help. I'll update the patch.
Bug 1512471 Comment 12 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #11) > I'm assuming this is because the parent process can't find the intermediate certificates that the server sent in the TLS handshake, because only the socket process know about them. This is why it's necessary to call `SSL_PeerCertificateChain(fd)` in the socket process and send that data to the parent: https://phabricator.services.mozilla.com/D28743#1335802 Yes, you are right! After sending the peer cert chain to parent process and calling CERT_NewTempCertificate for each cert, it works. Thanks for your help. I'll update the patch.