Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(157)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 3475026: AU: Restrict the CA certificates to a smaller trusted set. (Closed)

Created:
10 years, 2 months ago by petkov
Modified:
9 years, 7 months ago
Reviewers:
Chris Masone
CC:
chromium-os-reviews_chromium.org, petkov, adlr
Visibility:
Public.

Description

AU: Restrict the CA certificates to a smaller trusted set. BUG=1969 TEST=unit tests, gmerged on device, updated successfully from https://tools.google.com/service/update2; removed certs from directory and update failed as expected Change-Id: I18a04b0222a29249347aae56315bc35170063626 Committed: http://chrome-svn/viewvc/chromeos?view=rev&revision=3a4016a

Patch Set 1 #

Patch Set 2 : save vertical space #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+8 lines, -2 lines) Patch
M libcurl_http_fetcher.cc View 1 2 chunks +8 lines, -2 lines 2 comments Download

Messages

Total messages: 4 (0 generated)
petkov
10 years, 2 months ago (2010-09-28 16:42:04 UTC) #1
Chris Masone
http://codereview.chromium.org/3475026/diff/2001/3001 File libcurl_http_fetcher.cc (right): http://codereview.chromium.org/3475026/diff/2001/3001#newcode19 libcurl_http_fetcher.cc:19: const char kCACertificatesPath[] = "/usr/share/update_engine/ca-certificates"; I forget...is /usr/share on ...
10 years, 2 months ago (2010-09-28 18:16:40 UTC) #2
petkov
http://codereview.chromium.org/3475026/diff/2001/3001 File libcurl_http_fetcher.cc (right): http://codereview.chromium.org/3475026/diff/2001/3001#newcode19 libcurl_http_fetcher.cc:19: const char kCACertificatesPath[] = "/usr/share/update_engine/ca-certificates"; On 2010/09/28 18:16:41, Chris ...
10 years, 2 months ago (2010-09-28 19:17:18 UTC) #3
Chris Masone
10 years, 2 months ago (2010-09-28 20:46:19 UTC) #4 
Cool.  I just always forget.

LGTM

On Tue, Sep 28, 2010 at 12:17 PM, <petkov@chromium.org> wrote:

>
> http://codereview.chromium.org/3475026/diff/2001/3001
> File libcurl_http_fetcher.cc (right):
>
> http://codereview.chromium.org/3475026/diff/2001/3001#newcode19
> libcurl_http_fetcher.cc:19: const char kCACertificatesPath[] =
> "/usr/share/update_engine/ca-certificates";
> On 2010/09/28 18:16:41, Chris Masone wrote:
>
>> I forget...is /usr/share on the stateful partition or not?
>>
>
> /usr/share is not a special mount -- it's off of / (i.e., it's
> read-only, not part of stateful). Also, according to
> http://www.pathname.com/fhs/2.2/fhs-4.11.html, /usr/share is for
> read-only data files, so I think it all makes sense.
>
>
> http://codereview.chromium.org/3475026/show
>

Powered by Google App Engine
This is Rietveld 408576698