New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 3383 link

Starred by 9 users

Issue metadata

Status: Assigned
Last visit > 30 days ago
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Sign in to add a comment

Chained certificates are not correctly handled for OPENSSL

Project Member Reported by, May 21 2014

Issue description

When chained certificates are received, tries to verify the digest of the non-leaf certificate against the SDP fingerprint and fails the connection.

It should verify the leaf certificate digest; and it should validate the chain, to match the NSS impl.
Project Member

Comment 1 by, May 30 2014

The following revision refers to this bug:

r6294 | | 2014-05-30T23:14:08.542290Z

Changed paths:

Make OpenSSLStreamAdapter verify the leaf certificate digest for chained certificates.

It used to compre a parent certificate's digest against the SDP fingerprint and caused connection failure.


Review URL:
Project Member

Comment 2 by, Jun 11 2014


do we need a milestone for this? The remaining work is to make OPENSSL report each certificate in the chain to upper layers to report to JS, like what NSS does.

Comment 3 by, Jun 13 2014

How much work do you think is involved here? Right now I see this is pretty low priority unless the work is small.
Project Member

Comment 4 by, Jun 13 2014

Probably a few days work.
Project Member

Comment 5 by, Jul 8 2014

Labels: Area-PeerConnection

Comment 6 by, Oct 16 2014

Labels: Mstone-41 EngTriaged
Maybe try to get in 41 if it's only a few days' work, otherwise feel free to move to IceBox.

Comment 7 by, Oct 16 2014

With no stars, I would probably icebox this issue for now.
Project Member

Comment 8 by, Jan 7 2015

Labels: -Mstone-41 Mstone-42
Project Member

Comment 9 by, Feb 19 2015

Labels: -Mstone-42 Mstone-44
This looks like it's not hitting m42.  Update it if I'm wrong.
Project Member

Comment 10 by, Feb 1 2016

Labels: -Mstone-44
Project Member

Comment 11 by, Nov 8 2016

Labels: Pri-3

Sign in to add a comment