Issue 794925 link

Starred by 1 user

Issue metadata

Status:	Assigned
Owner:	pmarko@chromium.org
Cc:	rsleevi@chromium.org mattm@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Task

Avoid X509Certificate in ImportClientCertAndKeyFromFile

Project Member Reported by pmarko@chromium.org, Dec 14 2017

Issue description

ImportClientCertAndKeyFromFile is used to import a key+cert from files into a NSS database.

Two tasks resulting from discussion on CL:823974 -
(1) Find a better name, to make it obvious that it's importing into a NSS database.
(2) Make it work with certificates which have invalid characters in PrintableString DER fields. More generally, make it not use X509Certificate.

Then, we can switch ClientCertResolverTest.MatchSubjectOrgOnBadPrintableStringCert (client_cert_resolver_unittest.cc) and ClientCertStoreNSSTest.SubjectPrintableStringContainingUTF8 (client_cert_store_nss_unittest.cc) to use this function.

Comment 1 by pmarko@chromium.org, Dec 14 2017

Some callers of ImportSensitiveKeyFromFile actually use the X509Certificate instance returned by it currently, so we'll have to decide how to deal with those.

Maybe we can return a ScopedCERTCertificate instead, and have those callers call CreateX509CertificateFromCERTCertificate on that. WDYT?

Comment 2 by mattm@chromium.org, Dec 14 2017

Yeah, my thought was that it should return ScopedCERTCertificate. In cases that actually use the X509Certificate, having the test call CreateX509CertificateFromCERTCertificate seems right. (Or if it makes sense depending on what the test is doing, it could just do the equivalent thing with NSS functions.)

►

Issue 794925 link

Issue metadata

Avoid X509Certificate in ImportClientCertAndKeyFromFile

Issue description

Comment 1 by pmarko@chromium.org, Dec 14 2017

Comment 1 Deleted

Comment 2 by mattm@chromium.org, Dec 14 2017

Comment 2 Deleted

Sign in to add a comment