Closed
Bug 651996
Opened 14 years ago
Closed 2 years ago
Cannot determine the certificate chain & trusted usages for a resumed SSL session
Categories
(Core :: Security: PSM, enhancement, P3)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 1728648
People
(Reporter: briansmith, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Whiteboard: [psm-backlog])
Attachments
(2 files)
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
patch
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #651994 +++
This is very similar to to bug 650296 and 651994 and has a similar cause. When we resume a SSL session, we are relying on a trust decision that was made during the initial full handshake. But, we don't have a way, during the resumption, from extracting the actual validated certificate chain or usage trust information from the SSL session cache. We can't get that validated certificate chain from the SSL cache is because the libssl APIs do not provide a way for the certificate authentication callback to return the validated chain and/or to save application-specific data in the SSL session cache.
Comment 1•14 years ago
|
||
Cache the peer's intermediate CA certificates in session ID, so that
they're available when we resume a session.
The certificates are the ones in the SSL Certificate message.
Comment 2•14 years ago
|
||
The certificate authentication callback is given the SSL
socket 'fd'. Pass 'fd' to SSL_PeerCertificateChain to get
the certificate chain in the peer's Certificate message.
Reporter | ||
Updated•13 years ago
|
Whiteboard: [psm-backlog]
Priority: -- → P3
The SSL token cache provides this functionality.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•