Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(278)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 7401003: Don't use X509Certificate in SSLConfig. (Closed)

Created:
9 years, 5 months ago by Sergey Ulanov
Modified:
9 years, 5 months ago
Reviewers:
wtc
CC:
chromium-reviews, jamiewalch+watch_chromium.org, hclam+watch_chromium.org, cbentzel+watch_chromium.org, simonmorris+watch_chromium.org, wez+watch_chromium.org, dmaclach+watch_chromium.org, garykac+watch_chromium.org, lambroslambrou+watch_chromium.org, darin-cc_chromium.org, ajwong+watch_chromium.org, sergeyu+watch_chromium.org, Ryan Sleevi
Visibility:
Public.

Description

Don't use X509Certificate in SSLConfig. X509Certificate class depends in OS-dependant APIs and hense cannot be created inside of sandbox. This change allows specifying allow_bed_certs when running inside of sandbox. BUG=80587 TEST=Unittests Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=93153

Patch Set 1 : - #

Patch Set 2 : - #

Patch Set 3 : merged #

Patch Set 4 : merged #

Total comments: 16

Patch Set 5 : - #

Patch Set 6 : - #

Unified diffs Side-by-side diffs Delta from patch set Stats (+69 lines, -24 lines) Patch
M net/base/ssl_config_service.h View 1 2 3 4 3 chunks +7 lines, -1 line 0 comments Download
M net/base/ssl_config_service.cc View 1 2 3 4 1 chunk +9 lines, -1 line 0 comments Download
M net/base/x509_certificate.cc View 1 2 3 4 5 1 chunk +13 lines, -5 lines 0 comments Download
M net/http/http_stream_factory_impl_job.cc View 1 2 3 4 1 chunk +7 lines, -1 line 0 comments Download
M net/socket/ssl_client_socket_nss.h View 1 chunk +1 line, -1 line 0 comments Download
M net/socket/ssl_client_socket_nss.cc View 1 2 3 4 5 4 chunks +23 lines, -9 lines 0 comments Download
M net/socket/ssl_server_socket_unittest.cc View 1 2 3 4 1 chunk +1 line, -1 line 0 comments Download
M net/socket_stream/socket_stream.cc View 1 2 3 4 2 chunks +6 lines, -2 lines 0 comments Download
M remoting/protocol/jingle_stream_connector.cc View 1 2 3 4 1 chunk +2 lines, -3 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
Sergey Ulanov
Wen-Teh, this is an alternative solutin for the problem we have with X509Certificate when running ...
9 years, 5 months ago (2011-07-15 20:29:25 UTC) #1
wtc
LGTM. CAVEAT: this CL may increase memory usage. SSLConfig objects are often copied because we ...
9 years, 5 months ago (2011-07-19 21:57:01 UTC) #2
Sergey Ulanov
9 years, 5 months ago (2011-07-19 23:50:21 UTC) #3 
>LGTM.  CAVEAT: this CL may increase memory usage.  SSLConfig
>objects are often copied because we assume it is small,
>containing just a few bool fields and pointers.  A DER >encoded
>certificate is usually 1000 - 1500 bytes.

There are only 3 places where we use allowed_bad_certs, so additional memory
consumption caused by this change is not significant.

http://codereview.chromium.org/7401003/diff/4011/net/base/ssl_config_service.h
File net/base/ssl_config_service.h (right):

http://codereview.chromium.org/7401003/diff/4011/net/base/ssl_config_service....
net/base/ssl_config_service.h:30: bool IsAllowedBadCert(const std::string&
cert_der, int* cert_status) const;
On 2011/07/19 21:57:01, wtc wrote:
> Please document the new IsAllowedBadCert variant.
> 
> It may be better to use const StringPiece& instead of
> const std::string&.  This may allow us to avoid copying
> in some cases.
> 
> I assume it is fine to use function overloading here even
> though the Style Guide recommends against it in general:
>
http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Overl...
> 
> Nit: please name the argument "der_cert".  The full
> description is "DER encoded certificate", so "der_cert" is
> closer to that than "cert_der".  Please do this renaming
> throughout the CL, at least in the files under src/net.
> 
> If the renaming requires changing too many files, don't do
> it.

Done.

http://codereview.chromium.org/7401003/diff/4011/net/base/x509_certificate.cc
File net/base/x509_certificate.cc (right):

http://codereview.chromium.org/7401003/diff/4011/net/base/x509_certificate.cc...
net/base/x509_certificate.cc:229: DCHECK(handle);
On 2011/07/19 21:57:01, wtc wrote:
> You can also replace this DCHECK with proper error handling.

Done.

http://codereview.chromium.org/7401003/diff/4011/net/http/http_stream_factory...
File net/http/http_stream_factory_impl_job.cc (right):

http://codereview.chromium.org/7401003/diff/4011/net/http/http_stream_factory...
net/http/http_stream_factory_impl_job.cc:1018: return error;
On 2011/07/19 21:57:01, wtc wrote:
> Are you sure ssl_info_.cert may be NULL here?  I don't
> think this function is executed in the sandbox.
> 
> Please add a comment to explain why ssl_info.cert may be
> NULL.

Normally ssl_info.cert should not be set to NULL, but there might be some cases
when it is NULL. We may fail to create X509Certificate for reasons other than
running in sandbox, for example when OS runs out of disk space, etc. - we don't
want chrome to crash in that case. Added comments.

http://codereview.chromium.org/7401003/diff/4011/net/socket/ssl_client_socket...
File net/socket/ssl_client_socket_nss.cc (right):

http://codereview.chromium.org/7401003/diff/4011/net/socket/ssl_client_socket...
net/socket/ssl_client_socket_nss.cc:1041: // Returns server_cert_.
On 2011/07/19 21:57:01, wtc wrote:
> Remove "Returns server_cert_."

Done.

http://codereview.chromium.org/7401003/diff/4011/net/socket/ssl_client_socket...
net/socket/ssl_client_socket_nss.cc:1049: certs.AsStringPieceVector());
On 2011/07/19 21:57:01, wtc wrote:
> Please add a comment here that this may fail in the sandbox.

Done.

http://codereview.chromium.org/7401003/diff/4011/net/socket/ssl_client_socket...
net/socket/ssl_client_socket_nss.cc:1531: // code is used inside of sandbox.
On 2011/07/19 21:57:01, wtc wrote:
> Nit: remove "of" on this line and line 1546 below.
> 
> Remove the "j" at the end of line 1546.

Done.

http://codereview.chromium.org/7401003/diff/4011/net/socket/ssl_client_socket...
net/socket/ssl_client_socket_nss.cc:1534: server_cert_nss_->derCert.len);
On 2011/07/19 21:57:01, wtc wrote:
> Using StringPiece here would avoid the copying.

Done.

http://codereview.chromium.org/7401003/diff/4011/net/socket/ssl_client_socket...
net/socket/ssl_client_socket_nss.cc:1548: return ERR_CERT_INVALID;
On 2011/07/19 21:57:01, wtc wrote:
> This should be done as follows (compare with lines
> 1536-1543 above):
> 
>   if (!server_cert_) {
>     server_cert_verify_result_ = &local_server_cert_verify_result_;
>     local_server_cert_verify_result_.Reset();
>     local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;
>     return ERR_CERT_INVALID;
>   }
>     

Done.

Powered by Google App Engine
This is Rietveld 408576698