Hi,
I extracted below information from the Mozilla help site (
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/index.html )
'SSL_BadCertHook Sets up a callback function to deal with a situation where
the SSL_AuthCertificate callback function has failed. This callback function
allows the application to override the decision made by the certificate
authorization callback and authorize the certificate for use in the SSL
connection.'
I need to handle either SSL_AuthCertificate or at least SSL_BadCertHook
callback functions in my Firefox 3 plug-in(XULRunner 1.9) code when there is
failure of certificate authentication.
I went through Mozilla firfox 3.0.1 code and I found below information.
File: security\manager\ssl\src\nsNSSIOLayer.cpp
Function /name: nsSSLIOLayerSetOptions
Code line:
......
if (SECSuccess != SSL_BadCertHook(fd, (SSLBadCertHandler)
nsNSSBadCertHandler,
infoObject))
.............
In the above line, default handler is always set during the process of
building new socket connection for the https site. Hence, in case of
SSL_AuthCertificate
call back function fails (in ssl3_HandleCertificate() function present in
security\nss\lib\ssl\ssl3con.c), nsNSSBadCertHandler function will get
invoked.
Please help me whether is it possible to override SSL_BadCertHook callback
function in my plug-in code, if so please give small description how I can
do that.
Thanks and Regards,
Varaprasad
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
