[PATCH] Load "app:" keys by URL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chrome OS supports the notion of hardware-bound system keys, but it
doesn't provide APIs that can be called directly by GnuTLS or p11kit.
Instead, the application's NaCl module needs to pass certificate
queries and signing requests back to JavaScript code that invokes the
chrome.platformKeys APIs.  This is implemented by registering a handler
for URLs starting with the (somewhat arbitrarily chosen) "app:" prefix:

https://chromium.googlesource.com/apps/nacl-openconnect/+/22dc518480bdf366f04f00c2ea5850cd680ad986/crypto.cc
https://chromium.googlesource.com/apps/nacl-openconnect/+/22dc518480bdf366f04f00c2ea5850cd680ad986/background.js#158

Allow openconnect to recognize these URLs and handle them through the
same code paths as "system:" URLs.

Signed-off-by: Kevin Cernekee <cernekee at gmail.com>
---
 gnutls.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/gnutls.c b/gnutls.c
index 2a93dac8ac3e..11a1da18a109 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -1001,8 +1001,10 @@ static int load_certificate(struct openconnect_info *vpninfo)
 
 	key_is_p11 = !strncmp(vpninfo->sslkey, "pkcs11:", 7);
 	cert_is_p11 = !strncmp(vpninfo->cert, "pkcs11:", 7);
-	key_is_sys = !strncmp(vpninfo->sslkey, "system:", 7);
-	cert_is_sys = !strncmp(vpninfo->cert, "system:", 7);
+	key_is_sys = !strncmp(vpninfo->sslkey, "system:", 7) ||
+		     !strncmp(vpninfo->sslkey, "app:", 4);
+	cert_is_sys = !strncmp(vpninfo->cert, "system:", 7) ||
+		      !strncmp(vpninfo->cert, "app:", 4);
 
 #ifndef HAVE_GNUTLS_SYSTEM_KEYS
 	if (key_is_sys || cert_is_sys) {
-- 
2.8.1




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux