Closed Bug 875583 Opened 11 years ago Closed 11 years ago

add an API to expose a peer's certificate chain as sent on the wire

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 731485

People

(Reporter: keeler, Assigned: keeler)

References

Details

Attachments

(1 file)

patch
2.86 KB, patch
Details | Diff | Splinter Review 
For the certificate error reporting feature, we need to be able to get a copy of the peer's certificate chain as it was sent to the client (this is distinct from the chain we calculate when verifying a peer's certificate). I propose a function called SSL_PeerCertChain that, given a PRFileDesc, returns a CERTCertList describing the peer's cert chain. This would be a deep copy that the caller takes ownership of.
Attached patch patchSplinter Review 
Wan-Teh, if you could review this or let me know who would be able to, that would be great. I would also appreciate guidance on what sort of locking or state checks need to be done when accessing the data this function accesses.
Thanks!
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #753555 - Flags: review?(wtc)
Marking this as a dupe of Bug #731485 (https://bugzilla.mozilla.org/show_bug.cgi?id=731485 ), which proposes a function of near identical name (SSL_PeerCertificateChain).

We've been using this in Chromium quite successfully, along with the patch from Bug #731478 ( https://bugzilla.mozilla.org/show_bug.cgi?id=731478 )
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: