Issue 1080593003: Pass in a non-null CertVerifier into SSLClientSocket.

Issue 1080593003: Pass in a non-null CertVerifier into SSLClientSocket. (Closed)

Created:
5 years, 8 months ago by davidben

Modified:
5 years, 8 months ago

Reviewers:
Sergey Ulanov, Ryan Sleevi

CC:
chromium-reviews, cbentzel+watch_chromium.org, chromoting-reviews_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@boringnss

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Pass in a non-null CertVerifier into SSLClientSocket. SslHmacChannelAuthenticator passes in a null one which crashes but the IsAllowedBadCert check, as well as inconsistent ability to use X509Certificate in the sandbox masks the issue most of the time. This also fixes FakeStreamSocket to propogate disconnects to the peer, which is needed to add a test for this case. (If SSLClientSocket doesn't like a certificate, it just ceremoniously disconnects the connection right after the handshake.) This test crashed before this CL outside the sandbox. (Inside the sandbox, it's possible that it worked on some platforms due to the sandbox breaking net::X509Certificate. I didn't do a survey.) BUG=none Committed: https://crrev.com/9bbf3290520788bfe634a286a30965cd43f4dd78 Cr-Commit-Position: refs/heads/master@{#326886}

Patch Set 1 #

Patch Set 2 : revise comment (try jobs on patch set 1) #

Total comments: 7

Patch Set 3 : fix comment typo #

Created: 5 years, 8 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+100 lines, -20 lines)			Patch
M	net/socket/ssl_client_socket_nss.cc	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	net/socket/ssl_client_socket_openssl.cc	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	remoting/protocol/fake_stream_socket.h	View	1	1 chunk	+6 lines, -3 lines	0 comments	Download
M	remoting/protocol/fake_stream_socket.cc	View	1 2	4 chunks	+24 lines, -9 lines	0 comments	Download
M	remoting/protocol/message_reader_unittest.cc	View		1 chunk	+1 line, -1 line	0 comments	Download
M	remoting/protocol/ssl_hmac_channel_authenticator.h	View		2 chunks	+2 lines, -0 lines	0 comments	Download
M	remoting/protocol/ssl_hmac_channel_authenticator.cc	View		4 chunks	+33 lines, -0 lines	0 comments	Download
M	remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc	View		5 chunks	+31 lines, -7 lines	0 comments	Download

Messages

Total messages: 13 (5 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

davidben

https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/fake_stream_socket.h File remoting/protocol/fake_stream_socket.h (right): https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/fake_stream_socket.h#newcode50 remoting/protocol/fake_stream_socket.h:50: void set_next_write_error(int error) { next_write_error_ = error; } It'd ...

5 years, 8 months ago (2015-04-23 19:38:15 UTC) #2

Sergey Ulanov

https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/fake_stream_socket.cc File remoting/protocol/fake_stream_socket.cc (right): https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/fake_stream_socket.cc#newcode55 remoting/protocol/fake_stream_socket.cc:55: // Complete pending ead if any. typo: ead https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/ssl_hmac_channel_authenticator.cc ...

5 years, 8 months ago (2015-04-24 00:34:45 UTC) #4

https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/fake_...
File remoting/protocol/fake_stream_socket.cc (right):

https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/fake_...
remoting/protocol/fake_stream_socket.cc:55: // Complete pending ead if any.
typo: ead

https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/ssl_h...
File remoting/protocol/ssl_hmac_channel_authenticator.cc (right):

https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/ssl_h...
remoting/protocol/ssl_hmac_channel_authenticator.cc:129:
cert_verifier_.reset(new FailingCertVerifier);
On the client side we actually don't care about the cert received from the host.
SSL here is used for encryption/key exchange, but not authentication.
Authentication is based on the extra layer that exchanges HMAC tokens based on
the keys extracted from the negotiated SSL master key and a shared key (which
exchanged prior to establishing SSL connection). So instead of
FailingCertVerifier we need a CertVerifier that accepts any certs.

Currently it works by adding remote_cert_ to ssl_config.allowed_bad_certs. The
(ugly) reason it was implemented this way instead of creating a special
CertVerifier is because net::X509Certificate* can't be created in the renderer
sandbox (because it depends on system APIs that don't work in sandbox) and this
code runs in sandbox. In other words CertVerifier is not useful here because
X509Certificate creation normally fails - that's the reason we never bothered
creating CertVerifier here. It will not be a problem in the future after we
finished migrating to PNaCl (net::X509Certificate works properly in PNaCl
sandbox as it doesn't depend on system APIs in that case), at which point it
will be possible to remove the allowed_bad_certs hack, but we will want
CertVerifier that accept all certs for that.

Also we are planning to migrate to QUIC, and so this file will be removed
completely in the future.

https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/ssl_h...
File remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc (right):

https://codereview.chromium.org/1080593003/diff/20001/remoting/protocol/ssl_h...
remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc:183:
TEST_F(SslHmacChannelAuthenticatorTest, InvalidCertificate) {
This test is not useful - see my previous comment. The security guarantees
provided by this class do not depend on the cert used by the host.

davidben

5 years, 8 months ago (2015-04-24 20:52:44 UTC) #6

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1080593003/40001

5 years, 8 months ago (2015-04-24 20:54:47 UTC) #11

commit-bot: I haz the power

5 years, 8 months ago (2015-04-24 21:51:03 UTC) #13

Message was sent while issue was closed.

Patchset 3 (id:??) landed as
https://crrev.com/9bbf3290520788bfe634a286a30965cd43f4dd78
Cr-Commit-Position: refs/heads/master@{#326886}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages