DescriptionSSLCertRequestInfo: Add |valid_cas| and |valid_key_types|
On Android, it is not possible to determine the list of compatible
client certificates from a given server CertificateRequest message
without prompting the user.
Due to this, add new fields to SSLCertRequestInfo:
- |no_client_certs| to indicate that |client_certs| should
be ignored. Note that |client_certs| is not removed to
keep existing unit tests working.
- |valid_cas| the list of valid certificate authorities
passed by the server.
- |valid_key_types| the list of valid certificate signing
key types passed by the server.
This patch introduces a new X509Certificate method
(IsValidClientCertificate) to check a given certificate against
a given SSLCertRequestInfo. This uses either the |client_certs|
list of the |valid_cas|/|valid_key_types| one.
Future patches will use these new fields to query the Android
platform APIs for the right certificate chain and private key
alias.
BUG=134418
Patch Set 1 #
Total comments: 19
Patch Set 2 : trivial fix for Linux build #
Total comments: 7
Messages
Total messages: 9 (0 generated)
|