Closed
Bug 635778
Opened 13 years ago
Closed 13 years ago
Need an API to pass user defined cert chain when SSL socket is set up
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.10
People
(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)
Details
(Whiteboard: 4_3.12.10)
Attachments
(2 files)
4.98 KB,
patch
|
rrelyea
:
review+
nelson
:
superreview+
|
Details | Diff | Splinter Review |
3.75 KB,
patch
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Comment 1•13 years ago
|
||
This api is needed to bypass nss chain generation at socket set up time. It will also allow callers to set up sockets with a specific user define certificate chains.
Assignee | ||
Updated•13 years ago
|
Priority: -- → P1
Whiteboard: 4_3.12.10
Assignee | ||
Comment 2•13 years ago
|
||
Attachment #514086 -
Flags: superreview?(nelson)
Attachment #514086 -
Flags: review?(rrelyea)
Assignee | ||
Updated•13 years ago
|
Attachment #514086 -
Attachment is patch: true
Attachment #514086 -
Attachment mime type: application/octet-stream → text/plain
Comment 3•13 years ago
|
||
Comment on attachment 514086 [details] [diff] [review] Patch v1: add new function that allows to pass user cert chain r+ for the code. I'd like Nelson's comments on whether or not this is a good idea. bob
Attachment #514086 -
Flags: review?(rrelyea) → review+
Comment 4•13 years ago
|
||
Comment on attachment 514086 [details] [diff] [review] Patch v1: add new function that allows to pass user cert chain r=nelson
Attachment #514086 -
Flags: superreview?(nelson) → superreview+
Assignee | ||
Comment 5•13 years ago
|
||
checked into trunk.
Assignee | ||
Comment 6•13 years ago
|
||
committed into trunk and branch.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 7•13 years ago
|
||
Alexei: please make two changes. 1. List the "const CERTCertificateList *certChainOpt" parameter after the closely related "CERTCertificate *cert" parameter. This is the order in which they are listed in the ssl_ConfigSecureServer function. 2. Please remove the "Opt" at the end of the function name, unless it is meaningful. I don't know what "Opt" means. Does it mean an optional argument that can be NULL? I have only seen this naming convention used in the 'arenaOpt' parameter commonly used in Stan code. I think "WithCertChain" is clearer than "WithChainOpt". Re: documentation http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl.h&rev=1.40&mark=376#375 Change "caller certificate chain" to "caller-supplied certificate chain". You should document that If certChain is NULL, tries to find one.
Target Milestone: 3.12.1 → 3.12.10
Version: 3.12.10 → 3.2
Comment 8•13 years ago
|
||
Opt names a pointer parameter that is allowed to be NULL. NULL does not result in an INVALID_ARGUMENT error. It was used in the Stan project and by Julien (IINM). Use by others has been merely occasional.
Comment 9•13 years ago
|
||
Rename SSL_ConfigSecureServerWithChainOpt to SSL_ConfigSecureServerWithCertChain. List the certChainOpt argument immediately after the cert argument. Improve comments. In the interest of time, I checked in the patch on the NSS trunk (NSS 3.13) and NSS_3_12_BRANCH (NSS 3.12.10) before getting a review. Please undo the changes you don't like.
Attachment #524578 -
Flags: review?(alvolkov.bgs)
You need to log in
before you can comment on or make changes to this bug.
Description
•