Thanks Ryan!
But I cann't find any encrypt and decrypt in SSLClientSocketNSS::Write
and SSLClientSocketNSS::Read.
In Win 32, they do use win32 api EncryptMessage and DencryptMessage
to do encrypt and decrypt.
As you say , NSS uses a different api. But which Api is it ? I read
the source of SSLClientSocketNSS but i didn't find it.
By the way, I am just a crazy boy who has greatest interest in
Chromium and Google.
I have been keeping reading and analyzing the source code of chromium/
Webkit for two years.
On Feb 7, 4:54 pm, Ryan Sleevi <
rsle...@chromium.org> wrote:
> >
http://www.chromium.org/developers/design-documents/network-stack/ssl...
> > ,
> located athttp://
src.chromium.org/viewvc/chrome/trunk/src/net/third_party/nss/p...
>
> 2, In the same link, it tells chromium will "Continue to use the
>
> > system crypto library for crypto and certificate verification."
> > What does the "system crypto library" stand for ?
>
> Just what it says. Both Windows and OS X have OS-supplied APIs for
> performing certificate validation. These APIs are provided and maintained
> by Microsoft/Apple, implement varying degrees of specifications/Internet
> standards, and provide a way for developers writing applications targeting
> these particular OSes to validate certificates and chains with varying
> constraints.
>
> On Windows, this is provided through the broad set of APIs collectively
> referred to as CryptoAPI, although Microsoft typically defines CryptoAPI as
> just a small subset of those APIs (
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380255(v=vs...
> ).
> On OS X, this is provided through the set of APIs exported by
> Security.framework, which includes Keychain Services and Certificate, Key
> and Trust services (
https://developer.apple.com/library/mac/#documentation/Security/Conce...
> )
>
> Given the nature of your questions, can I ask about your motivations and
> interest in the Chromium SSL stack? Are you considering adapting it for a
> project of yours?
>
> The particular path that Chromium has gone, with the hybrid SSL/TLS layer
> from NSS backed by the underlying OS cryptographic APIs, is certainly a
> very esoteric case, and not one that is really comfortably supported by
> either Microsoft or Apple and their public APIs. While it works for
> Chromium's needs/concerns, it's not something that should be embraced
> lightly, as there still remain a few sharp edge cases that don't really
> work as well for end-users as one might hope.
>
> If you're looking for more information, I'd encourage you to download and
> browse the code, particularly the code in src/net/base/ . Additionally, you
> can use Google Code Search viahttp://cs.chromium.orgto quickly search