On Thu, Mar 4, 2010 at 1:59 AM, Jean-Marc Desperrier <jmd...@gmail.com> wrote: > > I think it would make much, much more sense to use the OS store for private > keys across all Firefox versions ! > > This is the strategy followed by Chrome. > > In fact, there is code to do that in NSS but I'm afraid it's currently not > really maintained : > Mac OS X version : > http://mxr.mozilla.org/security/source/security/nss/lib/ckfw/nssmkey/ > Microsoft CAPI version : > http://mxr.mozilla.org/security/source/security/nss/lib/ckfw/capi/
Right. They may also be incomplete. > Until now, I thought Chrome was using that code, but it uses in fact three > separate implementation of it's security and ssl code, for Windows, Mac OS, > Linux, based on the CAPI-schannel/ CSSM-Secure Transport / NSS stack. As can > be seen here : > http://src.chromium.org/viewvc/chrome/branches/official/build_166.1/src/net/base/ssl_client_socket_win.cc > http://src.chromium.org/viewvc/chrome/branches/official/build_166.1/src/net/base/x509_certificate_win.cc > http://src.chromium.org/viewvc/chrome/branches/official/build_166.1/src/net/base/ssl_client_socket_nss.cc > http://src.chromium.org/viewvc/chrome/branches/official/build_166.1/src/net/base/x509_certificate_nss.cc > http://src.chromium.org/viewvc/chrome/branches/official/build_166.1/src/net/base/ssl_client_socket_mac.cc > http://src.chromium.org/viewvc/chrome/branches/official/build_166.1/src/net/base/x509_certificate_mac.cc Yes. Chrome uses NSS only on Linux, and it uses the system NSS libraries. On Mac and Windows, Chrome uses the system crypto and SSL libraries. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
