Closed Bug 1890618 Opened 7 months ago Closed 4 months ago

Expose a libssl function for getting the peer certificate chain as an array of DER certs

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jschanck, Assigned: jschanck)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1890618 - add PeerCertificateChainDER function to libssl. r=keeler
48 bytes, text/x-phabricator-request
Details | Review

SSL_PeerCertificateChain returns a list of CERTCertificates. PSM calls SSL_PeerCertificateChain, copies the DER encoded certs out of the returned list, and immediately discards the CERTCertificates (here). I think neqo does something similar.

SSL_PeerCertificateChain is the only function that needs to extract a CERTCertificate from a ssl3CertNode. So let's change ssl3CertNode to store a DER cert, construct CERTCertificates in SSL_PeerCertificateChain for existing callers, and add a new function (maybe SSLExp_PeerCertificateChainDER) that gives PSM access to an array of DER certs instead.

Attachment #9395842 - Attachment description: WIP: Bug 1890618 - add PeerCertificateChainDER function to libssl. → Bug 1890618 - add PeerCertificateChainDER function to libssl. r=djackson
Blocks: 1899431
Attachment #9395842 - Attachment description: Bug 1890618 - add PeerCertificateChainDER function to libssl. r=djackson → Bug 1890618 - add PeerCertificateChainDER function to libssl. r=keeler

https://hg.mozilla.org/projects/nss/rev/85b31820e432e580b7f3dfd291d444df2ee9f129

Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: