(No comment was entered for this change.)

The temporary --auto-ssl-client-auth switch was removed when the Windows UI was
implemented (r19456).  If it’s going to be a while before the Linux UI is available,
is it possible to keep around --auto-ssl-client-auth for now?

It's not just the UI that's not available; the backend is not available, either.

Any plans on this issue? :)

I implemented a patch for basic SSL client authentication with NSS SSL sockets, use of command 
line tools is still needed as Linux UI is still missing AFAIK.
It works for my company's hosts, the patch is uploaded for review in 
http://codereview.chromium.org/220009/show

jsorianopastor: could you document the pk12util command line in our
wiki page http://code.google.com/p/chromium/wiki/LinuxCertManagement?
We're using that wiki page as a stopgap before we have certificate
management UI for Linux.  Thanks!

I updated our SSL client auth page with the status of your patch:
http://dev.chromium.org/developers/design-documents/ssl-client-authentication

Sure, I'll do it.

It seems that UI will have to be asked from the ClientAuthHandler callback itself when 
needed, so I think that the workflow won't be the same that the Windows one.
I don't know if GetSSLCertRequestInfo is really required in NSS implementations.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=29188 

------------------------------------------------------------------------
r29188 | wtc@chromium.org | 2009-10-15 14:23:37 -0700 (Thu, 15 Oct 2009) | 15 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/AUTHORS?r1=29188&r2=29187
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/resource_dispatcher_host.cc?r1=29188&r2=29187
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.cc?r1=29188&r2=29187
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.h?r1=29188&r2=29187
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_nss.cc?r1=29188&r2=29187
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_nss.h?r1=29188&r2=29187

Provides a certificate for SSL client authentication on NSS sockets.
GUI is still missing, so certificates and private keys have to be
stored manually, p.e.:
$ pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12
Adds --auto-ssl-client-auth command-line option to enable this feature.

Patch contributed by Jaime Soriano <jsorianopastor@gmail.com>.
Original review URL: http://codereview.chromium.org/220009

R=wtc
BUG=16830
TEST=Try to connect to a web page that requires SSL authentication and
confirm that it connects if and only if a valid certificate is stored in
the ~/.pki/nssdb database.
Review URL: http://codereview.chromium.org/276037
------------------------------------------------------------------------

Remaining work:

1. SSL client authentication during a renegotiation handshake is not
working completely.  In https://www.myopenid.com/signin_certificate, if
I sign in using a certificate, sign out, and sign back in, I get an error
message "Missing or invalid client certificate" on the page even though
the page also says I have signed back in successfully.

2. We may want to look up the client certificates in ClientAuthHandler,
which is what Jaime's original patch did, rather than in
GetSSLCertRequestInfo, to avoid copying CERTDistNames manually.
(There's no NSS function for copying CERTDistNames.)

3. UI (certificate selection dialog).  We should open a separate bug
for the UI.

I just played with this some, and I seem to be able to use the NSS command utilities to add a PKCS#11 module, 
but still isnt working. Is this simply because there is not a UI to prompt for a pin/passcode?

Patch for searching the certificates in ClientAuthHandler: 
http://codereview.chromium.org/302004/show
Issue 25241 created for UI.

jay: you need to use the --auto-ssl-client-auth command-line option to
start Chrome.  But you're right, the lack of a PIN/password dialog for the
PKCS #11 module will prevent NSS from listing the certificates in the
PKCS #11 module.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=29994 

------------------------------------------------------------------------
r29994 | wtc@chromium.org | 2009-10-23 20:39:31 -0700 (Fri, 23 Oct 2009) | 12 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_nss.cc?r1=29994&r2=29993
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_nss.h?r1=29994&r2=29993

Look up client certificates in ClientAuthHandler to get rid of manual CA
names list copy.

Patch by Jaime Soriano <jsorianopastor@gmail.com>.
Original review URL: http://codereview.chromium.org/302004

R=wtc
BUG=16830
TEST=Try to connect to a web page that requires SSL authentication and
confirm that it connects if and only if a valid certificate is stored in
.pki/nssdb database.
Review URL: http://codereview.chromium.org/329015
------------------------------------------------------------------------

Hi all!
I use linux, debian squeze, and want to use google chromium every time, but I use 
webmoney via ssl certificate, and not understand how to use it with google chromium.
I import my certificate file via pk12util, but when I go to webmoney website, nothing 
happens
And I don't understand where need to add "--auto-ssl-client-auth"

Please help me,
Thanks!

thanks all!
I do it, and it works pretty good =)