New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 6 users
Status: Assigned
Last visit > 30 days ago
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Sign in to add a comment
Chained certificates are not correctly handled for OPENSSL
Project Member Reported by, May 21 2014 Back to list
When chained certificates are received, tries to verify the digest of the non-leaf certificate against the SDP fingerprint and fails the connection.

It should verify the leaf certificate digest; and it should validate the chain, to match the NSS impl.
Project Member Comment 1 by, May 30 2014
The following revision refers to this bug:

r6294 | | 2014-05-30T23:14:08.542290Z

Changed paths:

Make OpenSSLStreamAdapter verify the leaf certificate digest for chained certificates.

It used to compre a parent certificate's digest against the SDP fingerprint and caused connection failure.


Review URL:
Project Member Comment 2 by, Jun 11 2014

do we need a milestone for this? The remaining work is to make OPENSSL report each certificate in the chain to upper layers to report to JS, like what NSS does.
Comment 3 by, Jun 13 2014
How much work do you think is involved here? Right now I see this is pretty low priority unless the work is small.
Project Member Comment 4 by, Jun 13 2014
Probably a few days work.
Project Member Comment 5 by, Jul 8 2014
Labels: Area-PeerConnection
Comment 6 by, Oct 16 2014
Labels: Mstone-41 EngTriaged
Maybe try to get in 41 if it's only a few days' work, otherwise feel free to move to IceBox.
Comment 7 by, Oct 16 2014
With no stars, I would probably icebox this issue for now.
Project Member Comment 8 by, Jan 7 2015
Labels: -Mstone-41 Mstone-42
Project Member Comment 9 by, Feb 19 2015
Labels: -Mstone-42 Mstone-44
This looks like it's not hitting m42.  Update it if I'm wrong.
Project Member Comment 10 by, Feb 1 2016
Labels: -Mstone-44
Project Member Comment 11 by, Nov 8 2016
Labels: Pri-3
Sign in to add a comment