Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(514)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 6879095: Address post-review feedback for r81702 (Closed)

Created:
9 years, 8 months ago by Ryan Sleevi
Modified:
9 years, 7 months ago
Reviewers:
wtc
CC:
chromium-reviews, pam+watch_chromium.org, cbentzel+watch_chromium.org, darin-cc_chromium.org
Visibility:
Public.

Description

Address post-review feedback for r81702. On Mac, if certificate revocation checking is disabled in the preferences, absolutely no revocation checking will occur, which now also includes bypassing/ignoring the local CRL and OCSP caches. R=wtc BUG=78523 TEST=none Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=82617

Patch Set 1 #

Total comments: 2

Patch Set 2 : wtc feedback #

Patch Set 3 : Disable even cached revocation checking #

Total comments: 7

Patch Set 4 : Feedback #

Patch Set 5 : Fix compile #

Unified diffs Side-by-side diffs Delta from patch set Stats (+59 lines, -48 lines) Patch
M net/base/x509_certificate_mac.cc View 1 2 3 4 4 chunks +50 lines, -40 lines 0 comments Download
M third_party/apple_apsl/README.chromium View 1 1 chunk +9 lines, -1 line 0 comments Download
M third_party/apple_apsl/cssmapplePriv.h View 1 chunk +0 lines, -7 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
Ryan Sleevi
PTAL
9 years, 8 months ago (2011-04-20 22:46:58 UTC) #1
wtc
LGTM. http://codereview.chromium.org/6879095/diff/1/net/base/x509_certificate_mac.cc File net/base/x509_certificate_mac.cc (right): http://codereview.chromium.org/6879095/diff/1/net/base/x509_certificate_mac.cc#newcode292 net/base/x509_certificate_mac.cc:292: // validate a certificate for an SSL peer. ...
9 years, 8 months ago (2011-04-20 23:28:11 UTC) #2
Ryan Sleevi
wtc: PTAL - x509_certificate_mac.cc has been updated following your comments on revocation checking behaviour. With ...
9 years, 8 months ago (2011-04-21 02:31:12 UTC) #3
wtc
LGTM. Would be nice to note the disable-revocation-checking change in the commit message. http://codereview.chromium.org/6879095/diff/7/net/base/x509_certificate_mac.cc File ...
9 years, 8 months ago (2011-04-21 22:04:38 UTC) #4
Ryan Sleevi
9 years, 8 months ago (2011-04-21 23:59:17 UTC) #5 
I'll land this CL this evening.

http://codereview.chromium.org/6879095/diff/7/net/base/x509_certificate_mac.cc
File net/base/x509_certificate_mac.cc (right):

http://codereview.chromium.org/6879095/diff/7/net/base/x509_certificate_mac.c...
net/base/x509_certificate_mac.cc:324: // not desirable here.
On 2011/04/21 22:04:38, wtc wrote:
> It would be nice to stress that we need to specify a revocation
> policy (an OCSP policy that suppresses access to both
> network and cache) to disable revocation checking.

Wording has been updated.

http://codereview.chromium.org/6879095/diff/7/net/base/x509_certificate_mac.c...
net/base/x509_certificate_mac.cc:372:
policies->reset(scoped_local_policies.release());
On 2011/04/21 22:04:38, wtc wrote:
> We can use 'swap' here.  Would that be better?

We can't. ScopedCFType<CFArrayRef> is a different type than
ScopedCFType<CFMutableArrayRef>, even though the two CF types are exchangeable.

Powered by Google App Engine
This is Rietveld 408576698