Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 3938001: We have to do EV certificate verification for every resource... (Closed)

Created:
10 years, 2 months ago by wtc
Modified:
9 years, 7 months ago
Reviewers:
eroman
CC:
chromium-reviews, ben+cc_chromium.org, darin-cc_chromium.org, brettw-cc_chromium.org
Visibility:
Public.

Description

We have to do EV certificate verification for every resource load. The performance optimization of doing EV verification for only main frames is incorrect with HTTP keep-alive connections. R=eroman BUG=41267 TEST=Visit https://www.paypal.com/. Hit the Reload button repeatedly. The EV status should not disappear. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=64813

Patch Set 1 #

Patch Set 2 : Update comment in preconnect.cc #

Patch Set 3 : Update comments #

Total comments: 2

Patch Set 4 : Upload before checkin #

Unified diffs Side-by-side diffs Delta from patch set Stats (+7 lines, -5 lines) Patch
M chrome/browser/net/preconnect.cc View 2 1 chunk +1 line, -1 line 0 comments Download
M chrome/browser/renderer_host/resource_dispatcher_host.cc View 1 2 3 1 chunk +6 lines, -4 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
wtc
eroman: I'm fixing this bug in three steps. Step 1 (this CL): specify the net::LOAD_VERIFY_EV_CERT ...
10 years, 1 month ago (2010-10-30 00:34:30 UTC) #1
eroman
lgtm http://codereview.chromium.org/3938001/diff/8001/9002 File chrome/browser/renderer_host/resource_dispatcher_host.cc (right): http://codereview.chromium.org/3938001/diff/8001/9002#newcode447 chrome/browser/renderer_host/resource_dispatcher_host.cc:447: load_flags |= net::LOAD_VERIFY_EV_CERT; Perhaps we should reverse the ...
10 years, 1 month ago (2010-10-30 03:39:15 UTC) #2
wtc
10 years, 1 month ago (2010-11-02 20:59:29 UTC) #3 
http://codereview.chromium.org/3938001/diff/8001/9002
File chrome/browser/renderer_host/resource_dispatcher_host.cc (right):

http://codereview.chromium.org/3938001/diff/8001/9002#newcode447
chrome/browser/renderer_host/resource_dispatcher_host.cc:447: load_flags |=
net::LOAD_VERIFY_EV_CERT;
On 2010/10/30 03:39:15, eroman wrote:
> Perhaps we should reverse the direction of this flag -- i.e. always verify EV
> certs by default, and have a flag for disabling it if users so choose.

This flag will be removed in a future CL.

This flag was added when we were using WinHTTP.  It turns
out that this flag is difficult to use correctly when we
switched to our own "new HTTP", so I'm planning to remove
it.

Powered by Google App Engine
This is Rietveld 408576698