Windows and NSS implementations allow for any certificate, while the Mac...

Windows and NSS implementations allow for any certificate, while the Mac implementation currenly constrains to certificates flagged for client authentication. The behaviour on other browsers is to allow any certificate for which the user has a private key, regardless of usage constraints, when handling application/x-x509-user-cert. BUG=148 TEST=none Review URL: http://codereview.chromium.org/2843015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50691 0039d316-1c4b-4281-b951-d872f2087c98

Windows and NSS implementations allow for any certificate, while the Mac...
Windows and NSS implementations allow for any certificate, while the Mac implementation currenly constrains to certificates flagged for client authentication. The behaviour on other browsers is to allow any certificate for which the user has a private key, regardless of usage constraints, when handling application/x-x509-user-cert. BUG=148 TEST=none Review URL: http://codereview.chromium.org/2843015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50691 0039d316-1c4b-4281-b951-d872f2087c98
810e6e11 · rsleevi@chromium.org · 8a760de3 · 810e6e11
Commit 810e6e11 authored 14 years ago by rsleevi@chromium.org
--- a/net/base/cert_database_mac.cc
+++ b/net/base/cert_database_mac.cc
@@ -20,8 +20,6 @@ int CertDatabase::CheckUserCert(X509Certificate* cert) {
    return ERR_CERT_INVALID;
  if (cert->HasExpired())
    return ERR_CERT_DATE_INVALID;
-  if (!cert->SupportsSSLClientAuth())
-    return ERR_CERT_INVALID;

  // Verify the Keychain already has the corresponding private key:
  SecIdentityRef identity = NULL;