Merge 74716 - The current implementation of client authentication for Windows...
Merge 74716 - The current implementation of client authentication for Windows and Mac matches the NSS implementation, in that it continously checks that the private key is still accessible. The intent is that once the user removes the private key (such as by ejecting a smart card, if it's stored on one), then the existing SSL sessions will become invalidated. However, depending on the smart card middleware, this may involve non-trivial work being done every SSL record, and may be causing a performance regression for authentication. The new behaviour is that any negotiated SSL connections remain valid, even after the smart card is ejected, and any established SSL sessions are not invalidated and may be reused. This matches the observed behaviours of IE and Safari. Smart card client auth on Linux is unaffected and will continue polling the smart card to determine if it's been ejected / the key has been deleted. TBR=rsleevi BUG=71928 TEST=none Review URL: http://codereview.chromium.org/6525022 git-svn-id: svn://svn.chromium.org/chrome/branches/648/src@74988 0039d316-1c4b-4281-b951-d872f2087c98
Showing
- net/third_party/nss/ssl/ssl3con.c 1 addition, 10 deletionsnet/third_party/nss/ssl/ssl3con.c
- net/third_party/nss/ssl/sslimpl.h 0 additions, 35 deletionsnet/third_party/nss/ssl/sslimpl.h
- net/third_party/nss/ssl/sslnonce.c 0 additions, 5 deletionsnet/third_party/nss/ssl/sslnonce.c
- net/third_party/nss/ssl/sslplatf.c 0 additions, 172 deletionsnet/third_party/nss/ssl/sslplatf.c
- net/third_party/nss/ssl/sslsnce.c 0 additions, 5 deletionsnet/third_party/nss/ssl/sslsnce.c
Loading
Please register or sign in to comment