Skip to content
  1. Feb 06, 2013
  3. Feb 05, 2013
  5. Jan 28, 2013
  7. Jan 18, 2013
  9. Jan 17, 2013
  11. Jan 15, 2013
  13. Jan 11, 2013
    • Kamil Dudka's avatar
      nss: clear session cache if a client cert from file is used · b36f1d26
      Kamil Dudka authored 
      This commit fixes a regression introduced in 052a08ff.

NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
and if we connect second time to the same server, the cached cert/key
pair is used.  If we use multiple client certificates for different
paths on the same server, we need to clear the session cache to force
NSS to call the hook again.  The commit 052a08ff prevented the session
cache from being cleared if a client certificate from file was used.

The condition is now fixed to cover both cases: consssl->client_nickname
is not NULL if a client certificate from the NSS database is used and
connssl->obj_clicert is not NULL if a client certificate from file is
used.

Review by: Kai Engert
      b36f1d26
  15. Dec 27, 2012
  17. Dec 03, 2012
    • Kamil Dudka's avatar
      nss: prevent NSS from crashing on client auth hook failure · 68d2830e
      Kamil Dudka authored 
      Although it is not explicitly stated in the documentation, NSS uses
*pRetCert and *pRetKey even if the client authentication hook returns
a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
afterwards, NSS destroys the certificate once again, which causes a
double free.

Reported by: Bob Relyea
      68d2830e
  19. Nov 20, 2012
  21. Nov 19, 2012
  23. Nov 17, 2012
  25. Nov 14, 2012
  27. Nov 13, 2012
  29. Nov 09, 2012
  31. Nov 07, 2012
  33. Nov 06, 2012
  35. Oct 10, 2012
  37. Oct 02, 2012
  39. Sep 12, 2012
  41. Sep 09, 2012
  43. Sep 03, 2012
  45. Aug 09, 2012
  47. Aug 08, 2012
  49. Aug 07, 2012
  51. Jul 27, 2012
  53. Jul 26, 2012
  55. Jul 22, 2012
  57. Jul 20, 2012
  59. Jul 15, 2012
  61. Jul 09, 2012
  63. Jul 07, 2012