Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(616)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 11308271: Add built-in root certificates to dart:io SecureSocket. (Closed)

Created:
8 years ago by Bill Hesse
Modified:
8 years ago
CC:
reviews_dartlang.org
Visibility:
Public.

Description

Add built-in root certificates to dart:io SecureSocket. Add flag that allows them to disabled at runtime. BUG= Committed: https://code.google.com/p/dart/source/detail?r=15634

Patch Set 1 #

Total comments: 11

Patch Set 2 : Make database argument optional. #

Total comments: 1

Patch Set 3 : Fix dart2js errors on new dart:io stuff. #

Total comments: 4

Patch Set 4 : Extend comments, making them clearer. #

Patch Set 5 : Add crash to Windows status (issue 7102) #

Unified diffs Side-by-side diffs Delta from patch set Stats (+170 lines, -47 lines) Patch
M runtime/bin/io_natives.cc View 1 1 chunk +1 line, -1 line 0 comments Download
M runtime/bin/secure_socket.h View 1 chunk +2 lines, -1 line 0 comments Download
M runtime/bin/secure_socket.cc View 1 2 3 4 chunks +32 lines, -5 lines 0 comments Download
M runtime/bin/secure_socket_patch.dart View 1 1 chunk +4 lines, -3 lines 0 comments Download
M runtime/bin/socket_patch.dart View 1 1 chunk +1 line, -1 line 0 comments Download
M runtime/tools/gyp/nss_configurations.gypi View 1 chunk +2 lines, -3 lines 0 comments Download
M sdk/lib/_internal/compiler/implementation/lib/io_patch.dart View 1 2 1 chunk +3 lines, -2 lines 0 comments Download
M sdk/lib/io/secure_socket.dart View 1 2 3 8 chunks +30 lines, -10 lines 0 comments Download
M tests/standalone/io/https_client_test.dart View 1 1 chunk +1 line, -3 lines 0 comments Download
M tests/standalone/io/https_server_test.dart View 1 1 chunk +2 lines, -2 lines 0 comments Download
M tests/standalone/io/pkcert/README View 1 chunk +2 lines, -1 line 0 comments Download
D tests/standalone/io/pkcert/pkcs11.txt View 1 chunk +0 lines, -5 lines 0 comments Download
A tests/standalone/io/secure_builtin_roots_test.dart View 1 1 chunk +42 lines, -0 lines 0 comments Download
A tests/standalone/io/secure_no_builtin_roots_test.dart View 1 1 chunk +41 lines, -0 lines 0 comments Download
M tests/standalone/io/secure_server_stream_test.dart View 1 1 chunk +2 lines, -2 lines 0 comments Download
M tests/standalone/io/secure_server_test.dart View 1 1 chunk +2 lines, -2 lines 0 comments Download
M tests/standalone/io/secure_socket_test.dart View 1 1 chunk +1 line, -3 lines 0 comments Download
M tests/standalone/io/secure_stream_test.dart View 1 1 chunk +1 line, -3 lines 0 comments Download
M tests/standalone/standalone.status View 1 2 3 4 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
Bill Hesse
https://codereview.chromium.org/11308271/diff/1/tests/standalone/io/pkcert/pkcs11.txt File tests/standalone/io/pkcert/pkcs11.txt (left): https://codereview.chromium.org/11308271/diff/1/tests/standalone/io/pkcert/pkcs11.txt#oldcode2 tests/standalone/io/pkcert/pkcs11.txt:2: name=NSS Internal PKCS #11 Module This file is automatically ...
8 years ago (2012-11-29 14:17:11 UTC) #1
Mads Ager (google)
That was easier than expected. :-) https://codereview.chromium.org/11308271/diff/1/sdk/lib/io/secure_socket.dart File sdk/lib/io/secure_socket.dart (right): https://codereview.chromium.org/11308271/diff/1/sdk/lib/io/secure_socket.dart#newcode27 sdk/lib/io/secure_socket.dart:27: * then an ...
8 years ago (2012-11-29 20:13:05 UTC) #2
Bill Hesse
Comments addressed. All parameters to SecureSocket.initialize are now optional. Fixed a crash with multiple processes ...
8 years ago (2012-11-30 12:51:16 UTC) #3
Mads Ager (google)
One question. The rest is looking good. https://codereview.chromium.org/11308271/diff/7001/runtime/bin/secure_socket.cc File runtime/bin/secure_socket.cc (right): https://codereview.chromium.org/11308271/diff/7001/runtime/bin/secure_socket.cc#newcode266 runtime/bin/secure_socket.cc:266: // This ...
8 years ago (2012-12-03 09:15:08 UTC) #4
Bill Hesse
There is a VM crash on Windows (7102), when an exception is thrown from native ...
8 years ago (2012-12-03 12:20:04 UTC) #5
Mads Ager (google)
8 years ago (2012-12-03 13:00:13 UTC) #6 
LGTM

https://codereview.chromium.org/11308271/diff/7001/runtime/bin/secure_socket.cc
File runtime/bin/secure_socket.cc (right):

https://codereview.chromium.org/11308271/diff/7001/runtime/bin/secure_socket....
runtime/bin/secure_socket.cc:266: // This will not open a database in the
current directory, even if it
On 2012/12/03 12:20:04, Bill Hesse wrote:
> On 2012/12/03 09:15:09, Mads Ager wrote:
> > This looks strange. The documentation just says that this ignores failures
to
> > open the database. Can you provide a pointer to the documentation that this
> will
> > not open a database?
> > 
> > Based on the documentation I would have guessed that NSS_INIT_NOCERTDB would
> be
> > the right flag?
> 
> I was referring only to passing "" as the database path, and saying that that
is
> different than passing "." as the database path.  The flag has nothing to do
> with it, except that it would otherwise signal an error.  The code for
> NSS_Init_NoDB passes the FORCEOPEN flag, along with the others.
> 
> The NOCERTDB flag causes Windows to fail.  The documentation sounds as if it
> should be the right thing to set, but in practice it does not work.
> 
> Changed the comment to be more explicit.

Thanks for updating the comment. Please add the part about NOCERTDB not working
on Windows as well. I would add it as a TODO to figure out why that does not
work. Please document the way in which Windows does not work when using NOCERTDB
as well.

Powered by Google App Engine
This is Rietveld 408576698