Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case

Bhanu Dev

bhanudev@google.com changed reviewers: + meacer@chromium.org, palmer@chromium.org

5 years, 5 months ago (2015-07-09 03:38:00 UTC) #1

Bhanu Dev

On 2015/07/09 03:38:00, bhanudev wrote: > mailto:bhanudev@google.com changed reviewers: > + mailto:meacer@chromium.org, mailto:palmer@chromium.org Hi Mustafa ...

5 years, 5 months ago (2015-07-09 15:46:31 UTC) #2

meacer

Looking good. Now the hard part: tests :) https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode1 chrome/browser/ssl/common_name_mismatch_handler.cc:1: // ...

5 years, 5 months ago (2015-07-09 17:58:56 UTC) #3

palmer

https://codereview.chromium.org/1223233002/diff/40001/chrome/app/generated_resources.grd File chrome/app/generated_resources.grd (right): https://codereview.chromium.org/1223233002/diff/40001/chrome/app/generated_resources.grd#newcode10066 chrome/app/generated_resources.grd:10066: + Attackers might be trying to steal your information ...

5 years, 5 months ago (2015-07-09 19:13:02 UTC) #4

https://codereview.chromium.org/1223233002/diff/40001/chrome/app/generated_re...
File chrome/app/generated_resources.grd (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/app/generated_re...
chrome/app/generated_resources.grd:10066: +        Attackers might be trying to
steal your information from <ph name="BEGIN_BOLD">&lt;strong&gt;</ph><ph
name="REQUEST_DOMAIN">$1<ex>example.com</ex></ph><ph
name="END_BOLD">&lt;/strong&gt;</ph> (for example, passwords, messages, or
credit cards). <ph name="NEWLINE">&lt;br&gt;</ph><ph
name="NEWLINE">&lt;br&gt;</ph>However, this server provides a valid certificate
for <ph name="BEGIN_BOLD">&lt;strong&gt;</ph><ph
name="SUGGESTED_DOMAIN">$2<ex>www.example.com</ex></ph><ph
name="END_BOLD">&lt;/strong&gt;</ph>. If you like to connect to <ph
name="BEGIN_BOLD">&lt;strong&gt;</ph><ph
name="SUGGESTED_DOMAIN">$2<ex>www.example.com</ex></ph><ph
name="END_BOLD">&lt;/strong&gt;</ph>, please click here <ph
name="BEGIN_LINK">&lt;a href="$3" &gt;</ph><ph
name="SUGGESTED_DOMAIN">$2<ex>www.example.com</ex></ph><ph
name="END_LINK">&lt;/a&gt;</ph>
Change "If you like to..." to "If you would like to...".

I'm not sure about the first paragraph (" Attackers might be trying to steal
your information..."). Maybe leave it off, and lead with "The server presented a
certificate valid for www.example.com, but not example.com. Would you like to
try www.example.com?"

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
File chrome/browser/ssl/common_name_mismatch_handler.cc (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:76: if
(url_fetcher->GetResponseCode() == 200) {
Eventually, we will want to accept response codes other than 200, right? How
about:

static const int kGoodResponseCodes[] = { 200, 301, 302 };
static const int* kGoodResonseCodesEnd = kGoodResponseCodes +
arraysize(kGoodResponseCodes);

auto found = std::find(kGoodResponseCodes, kGoodResonseCodesEnd,
url_fetcher->GetResponseCode());
results->result = found == kGoodResonseCodesEnd ? RESULT_SUGGESTED_URL_INVALID :
RESULT_SUGGESTED_URL_VALID;

Also, should we update results->new_url if RESULT_SUGGESTED_URL_INVALID?

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:90: // Replaces the hostname
in the request url with new host name.
This comment is superfluous.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
File chrome/browser/ssl/common_name_mismatch_handler.h (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:21: // This class contains
methods to get a suggested url when there
"url" -> "URL" through this file.

"there is a ssl common name invalid error" -> "when certification validation
fails due to |ERR_CERT_COMMON_NAME_INVALID|"

Also, don't leave out articles: "to check validity" -> "to check the validity"

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:27: // Possible results of the
validity of suggested url
This comment is (IMO) superfluous.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:57: // This method returns a
bool indicating whether the error can be handled.
Be more concise: "Returns true if the error can be handled."

Use |...| to delineate C++ identifiers: "Interacts with |SslErrorClassification|
to find the cause of the certificate validation error. If the error can be
handled, writes a suggestion for a new URL to try into |suggested_url|."

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:60: static bool
GetSuggestedUrl(const GURL request_url,
Pass by reference to avoid an unnecessary copy: const GURL& request_url.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:62: GURL& suggested_url);
In Chromium style, output parameters ("out-params") are pointers: GURL*
suggested_url.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:69: // suggested URL, and
fills a Results struct based on its result.
Use |...| to delineate C++ identifiers.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:70: void
GetSuggestedUrlCheckResult(const net::URLFetcher* url_fetcher,
Maybe const net::URLFetcher& instead of * ?

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:76: // URL request context.
This comment is superfluous.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:79: // Contains the callback
method for urlfetch.
This comment is superfluous.

Bhanu Dev

https://codereview.chromium.org/1223233002/diff/40001/chrome/app/generated_resources.grd File chrome/app/generated_resources.grd (right): https://codereview.chromium.org/1223233002/diff/40001/chrome/app/generated_resources.grd#newcode10066 chrome/app/generated_resources.grd:10066: + Attackers might be trying to steal your information ...

5 years, 5 months ago (2015-07-11 04:00:44 UTC) #5

https://codereview.chromium.org/1223233002/diff/40001/chrome/app/generated_re...
File chrome/app/generated_resources.grd (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/app/generated_re...
chrome/app/generated_resources.grd:10066: +        Attackers might be trying to
steal your information from <ph name="BEGIN_BOLD">&lt;strong&gt;</ph><ph
name="REQUEST_DOMAIN">$1<ex>example.com</ex></ph><ph
name="END_BOLD">&lt;/strong&gt;</ph> (for example, passwords, messages, or
credit cards). <ph name="NEWLINE">&lt;br&gt;</ph><ph
name="NEWLINE">&lt;br&gt;</ph>However, this server provides a valid certificate
for <ph name="BEGIN_BOLD">&lt;strong&gt;</ph><ph
name="SUGGESTED_DOMAIN">$2<ex>www.example.com</ex></ph><ph
name="END_BOLD">&lt;/strong&gt;</ph>. If you like to connect to <ph
name="BEGIN_BOLD">&lt;strong&gt;</ph><ph
name="SUGGESTED_DOMAIN">$2<ex>www.example.com</ex></ph><ph
name="END_BOLD">&lt;/strong&gt;</ph>, please click here <ph
name="BEGIN_LINK">&lt;a href="$3" &gt;</ph><ph
name="SUGGESTED_DOMAIN">$2<ex>www.example.com</ex></ph><ph
name="END_LINK">&lt;/a&gt;</ph>
On 2015/07/09 19:13:01, palmer wrote:
> Change "If you like to..." to "If you would like to...".
> 
> I'm not sure about the first paragraph (" Attackers might be trying to steal
> your information..."). Maybe leave it off, and lead with "The server presented
a
> certificate valid for http://www.example.com, but not http://example.com.
Would you like to
> try http://www.example.com?%22

Catherine is working on the strings for this. I will update this as soon as I
get the new strings.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
File chrome/browser/ssl/common_name_mismatch_handler.cc (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:1: // Copyright (c) 2015 The
Chromium Authors. All rights reserved.
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> nit: New style uses "Copyright 2015" instead of "Copyright (c) 2015".

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:76: if
(url_fetcher->GetResponseCode() == 200) {
On 2015/07/09 19:13:01, palmer wrote:
> Eventually, we will want to accept response codes other than 200, right? How
> about:
> 
> static const int kGoodResponseCodes[] = { 200, 301, 302 };
> static const int* kGoodResonseCodesEnd = kGoodResponseCodes +
> arraysize(kGoodResponseCodes);
> 
> auto found = std::find(kGoodResponseCodes, kGoodResonseCodesEnd,
> url_fetcher->GetResponseCode());
> results->result = found == kGoodResonseCodesEnd ? RESULT_SUGGESTED_URL_INVALID
:
> RESULT_SUGGESTED_URL_VALID;
> 
> Also, should we update results->new_url if RESULT_SUGGESTED_URL_INVALID?

Thanks for the code. |url_fetcher| is automatically following the redirects. It
is not returning a 301 or 302 response code even when there is a redirect. So, I
think we can just checking for response code 200.

I tested it with https://google.com and it returned a 200 response code with the
value of |url_fetcher->GetURL()| being https://www.google.com

I will add a check to make sure it doesn't redirect to the current page.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:78: return;
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> no need for |return|

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:89: &www_mismatch_host_name))
{
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> Early exit from here:
> 
> if (!...)
>   return false;

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:90: // Replaces the hostname
in the request url with new host name.
On 2015/07/09 19:13:01, palmer wrote:
> This comment is superfluous.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
File chrome/browser/ssl/common_name_mismatch_handler.h (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:21: // This class contains
methods to get a suggested url when there
On 2015/07/09 19:13:01, palmer wrote:
> "url" -> "URL" through this file.
> 
> "there is a ssl common name invalid error" -> "when certification validation
> fails due to |ERR_CERT_COMMON_NAME_INVALID|"
> 
> Also, don't leave out articles: "to check validity" -> "to check the validity"

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:27: // Possible results of the
validity of suggested url
On 2015/07/09 19:13:01, palmer wrote:
> This comment is (IMO) superfluous.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:30: // cert. is valid .
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> nit: cert -> certificate. Remove space before the last period.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:40: GURL new_url;
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> You need to include gurl.h instead of fwd declare, because of this line.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:49: // Triggers an check to
validate suggested url. After completion, runs the
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> an check -> a check

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:55: void CancelUrlCheck();
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> I don't think you'll need this, so I suggest removing it.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:57: // This method returns a
bool indicating whether the error can be handled.
On 2015/07/09 19:13:01, palmer wrote:
> Be more concise: "Returns true if the error can be handled."
> 
> Use |...| to delineate C++ identifiers: "Interacts with
|SslErrorClassification|
> to find the cause of the certificate validation error. If the error can be
> handled, writes a suggestion for a new URL to try into |suggested_url|."

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:60: static bool
GetSuggestedUrl(const GURL request_url,
On 2015/07/09 19:13:01, palmer wrote:
> Pass by reference to avoid an unnecessary copy: const GURL& request_url.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:62: GURL& suggested_url);
On 2015/07/09 19:13:01, palmer wrote:
> In Chromium style, output parameters ("out-params") are pointers: GURL*
> suggested_url.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:69: // suggested URL, and
fills a Results struct based on its result.
On 2015/07/09 19:13:01, palmer wrote:
> Use |...| to delineate C++ identifiers.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:76: // URL request context.
On 2015/07/09 19:13:01, palmer wrote:
> This comment is superfluous.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:79: // Contains the callback
method for urlfetch.
On 2015/07/09 19:13:01, palmer wrote:
> This comment is superfluous.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
File chrome/browser/ssl/ssl_blocking_page.h (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_blocking_page.h:71: const GURL& suggested_url);
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> As we discussed offline, let's separate UI bits into another CL and just
collect
> metrics in this CL.

Acknowledged.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_blocking_page.h:136: const GURL& suggested_url_;
On 2015/07/09 17:58:55, Mustafa Emre Acer wrote:
> Keep a copy instead of a reference.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
File chrome/browser/ssl/ssl_error_classification.cc (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_classification.cc:340: result = result || true;
On 2015/07/09 17:58:56, Mustafa Emre Acer wrote:
> result = result || true means result = true :)

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_classification.cc:346: result = result || true;
On 2015/07/09 17:58:56, Mustafa Emre Acer wrote:
> Same here.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
File chrome/browser/ssl/ssl_error_classification.h (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_classification.h:79: //     www.example.com ~
example.com -> true
On 2015/07/09 17:58:56, Mustafa Emre Acer wrote:
> I understand this isn't your comment, but can you mention what the first and
the
> second domains refer to?

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
File chrome/browser/ssl/ssl_error_handler.cc (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler.cc:156: return 1;
On 2015/07/09 17:58:56, Mustafa Emre Acer wrote:
> |return true| instead of 1. Actually, just remove this function and enable the
> check by default. It'll only be enabled on canary and dev for a few days until
> you land the finch CL.

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler.cc:165: DCHECK(!dns_names.empty());
On 2015/07/09 17:58:56, Mustafa Emre Acer wrote:
> I feel that dns_names can actually be empty, so not sure if this check is
valid.

|dns_names| contains the DNS names in SAN field or common name in the subject
field. Can there be a certificate with no common name (CN)?

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler.cc:290:
ShowSSLInterstitial(results.new_url);
On 2015/07/09 17:58:56, Mustafa Emre Acer wrote:
> For this CL, let's just record the result in a histogram and call
> ShowSSLInterstitial without a suggested URL. You can then add the UI logic
once
> the design is finalized. That means you don't have to keep around a
> suggested_url for this CL (if the tests turn out to be difficult to write
> because of this, let me know and we can reconsider)
> 
> This is going to slightly affect how many captive portal interstitials we
> display since this CL is giving priority to common name mismatches, but I
expect
> the difference to be minimal so it's fine.

Acknowledged.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
File chrome/browser/ssl/ssl_error_handler.h (right):

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler.h:65: // This method gets the result of
whether the suggested url is valid. Displays
On 2015/07/09 17:58:56, Mustafa Emre Acer wrote:
> nit: Drop "This method "

Done.

https://codereview.chromium.org/1223233002/diff/40001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler.h:111: const int
common_name_handler_delay_in_seconds = 3;
On 2015/07/09 17:58:56, Mustafa Emre Acer wrote:
> You'll need a non-const value for this so that you can change it in tests. I
> think you should just reuse the existing methods and variables for the captive
> portal check: (GetInterstitialDisplayDelay and
SetInterstitialDelayTypeForTest)

Done.

Bhanu Dev

Added Unit Tests. Please let me know if these cover all the cases. Thanks.

5 years, 5 months ago (2015-07-14 17:38:43 UTC) #6

meacer

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode75 chrome/browser/ssl/common_name_mismatch_handler.cc:75: Remove extra line https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode92 chrome/browser/ssl/common_name_mismatch_handler.cc:92: replacements.SetHostStr(www_mismatch_host_name); You might want ...

5 years, 5 months ago (2015-07-15 20:11:47 UTC) #7

meacer

On 2015/07/15 20:11:47, Mustafa Emre Acer wrote: > https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/common_name_mismatch_handler.cc > File chrome/browser/ssl/common_name_mismatch_handler.cc (right): > > ...

5 years, 5 months ago (2015-07-15 20:12:30 UTC) #8

palmer

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/common_name_mismatch_handler.h File chrome/browser/ssl/common_name_mismatch_handler.h (right): https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/common_name_mismatch_handler.h#newcode50 chrome/browser/ssl/common_name_mismatch_handler.h:50: const CheckUrlCallback& CheckUrlcallback); Nit: Name the argument |checkUrlCallback| (note ...

5 years, 5 months ago (2015-07-16 22:55:32 UTC) #9

Bhanu Dev

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode75 chrome/browser/ssl/common_name_mismatch_handler.cc:75: On 2015/07/15 20:11:46, Mustafa Emre Acer wrote: > Remove ...

5 years, 5 months ago (2015-07-16 23:38:07 UTC) #10

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
File chrome/browser/ssl/common_name_mismatch_handler.cc (right):

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:75: 
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> Remove extra line

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.cc:92:
replacements.SetHostStr(www_mismatch_host_name);
On 2015/07/15 20:11:45, Mustafa Emre Acer wrote:
> You might want to document that you are pinging the full URL with path and
query
> params, and not just the hostname.

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
File chrome/browser/ssl/common_name_mismatch_handler.h (right):

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:31:
RESULT_SUGGESTED_URL_INVALID
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> nit: rename to AVAILABLE/NOT_AVAILABLE instead of VALID/INVALID
> 
> You need to change the comments and test names as well.

Using AVAILABLE/NOT_AVAILABLE is a good idea, I am also thinking there would be
more confusion between |suggested_url_exists| (to say that a suggested url
exists and can be checked if its valid) and |suggested_url_available| than with
|suggested_url_valid|.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:38: GURL new_url;
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> suggested_url?

If there is a redirect, |new_url| can be different from that of |suggested_url|.
So, used a different name here.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:50: const CheckUrlCallback&
CheckUrlcallback);
On 2015/07/16 22:55:32, palmer wrote:
> Nit: Name the argument |checkUrlCallback| (note capitalization) or, more
simply,
> |callback|.

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:52: // Returns true if the
error can be handled. Interacts with
On 2015/07/16 22:55:32, palmer wrote:
> Nit: Don't use the passive voice here ("...be handled"), because it lets you
> leave out the actor (i.e. who is doing the handling). Say who does the
handling,
> and/or use a verb more specific than "handle".
> 
> E.g. "Returns true if any other DNS names in the certificate's subject
> alternative names list closely match the original request hostname and if
those
> other names are available and serving valid certificates."

Done. I just now realized that I use a lot of passive voice in documentation.
Thanks. I will take care of it, from now on.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/comm...
chrome/browser/ssl/common_name_mismatch_handler.h:56: static bool
GetSuggestedUrl(const GURL& request_url,
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> I'd just return a GURL() here, with empty GURL meaning no suggested URL.

I thought that, returning bool makes it easy to check if suggested_url exists.
Like using |if(GetSuggestedUrl(...))| would be easier in this case.

Please let me know if you think the other case would be better. Thanks.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
File chrome/browser/ssl/ssl_error_handler.cc (right):

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler.cc:168:
g_timer_started_callback->Run(web_contents_);
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> nit: Add a comment here explanining why we don't need to do captive portal
check
> if there is a common name mismatch.

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
File chrome/browser/ssl/ssl_error_handler_unittest.cc (right):

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:63: const GURL new_url) {
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> const GURL&

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:86: void SetSuggestedUrl() {
suggested_url_exists_ = true; }
On 2015/07/15 20:11:47, Mustafa Emre Acer wrote:
> I suggest changing this to SetSuggestedUrlExists(bool). See my second comment
in
> ShouldNotCheckSuggestedUrlIfGetSuggestedUrlIsFalse.

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:97: int suggested_url_checked()
const { return suggested_url_checked_; }
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> bool return type

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:99: int
common_name_mismatch_interstitial_shown() const {
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> bool return type

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:135: bool
suggested_url_checked_;
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> nit: Put these in opposite order here in other places, so that it's a bit
> clearer which one is supposed to be true first:
> 
> bool suggested_url_checked_;
> bool suggested_url_exists_;

If the suggested URL exists, we check for the validity of it. 
so, the order is correct here.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:153: reinterpret_cast<const
char*>(google_der), sizeof(google_der));
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> Do you need an actual cert here? If not, you can create an empty one:
> 
> ssl_info_.cert = new net::X509Certificate(
>           "bad.host", "CA", base::Time::Max(), base::Time::Max());

|SSLErrorHandler| calls method like |GetDNSNames| on the |X509Certificate| cert.
class. These methods need an actual certificate and are giving a Segmentation
Fault when I use an empty one.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:242:
ShouldNotCheckSuggestedUrlIfGetSuggestedUrlIsFalse) {
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> nit: name this ShouldNotCheckSuggestedUrlIfNoSuggestedUrl?

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:244:
error_handler()->StartHandlingError();
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> Looks like you are using |SetSuggestedURL| to enable suggested url. How about
> adding a bool param to |SetSuggestedURL| and set it to false here so that it's
> clearer for the reader what to expect? 

It is good to add a bool param to |SetSuggestedURL|. Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:250:
EXPECT_TRUE(error_handler()->ssl_interstitial_shown());
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
>  EXPECT_FALSE(error_handler()->IsTimerRunning()); before this.

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:254:
ShouldNotCheckForCaptivePortalIfSuggestedUrlExists) {
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> nit: This name uses CheckFor while the previous one uses Check. Choose one and
> be consistent.

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:264:
EXPECT_TRUE(error_handler()->ssl_interstitial_shown());
On 2015/07/15 20:11:47, Mustafa Emre Acer wrote:
> EXPECT_FALSE(error_handler()->IsTimerRunning()); before this line

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:309: // Fake a Valid Suggested
URL Check result.
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> nit: don't capitalize "Valid Suggested URL Check"

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:313:
GURL("https://random.example.com"));
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> Why is this URL different than the return value of GetSuggestedUrl?
> (http://www.example.com)

This URL is the new landing page and this can be different from the return value
of |GetSuggestedUrl|, if there is a redirect. So, I changed it.

I added a comment, let me know if you think its good to have the same URL here.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:313:
GURL("https://random.example.com"));
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> indent 4 more spaces

Done.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:313:
GURL("https://random.example.com"));
On 2015/07/15 20:11:46, Mustafa Emre Acer wrote:
> indent 4 more spaces

I tried to indent it, but |git cl format| is reverting the change. Here,
|CommonNameMismatchHandler::SuggestedUrlCheckResult::RESULT_SUGGESTED_URL_VALID|
is a single parameter and |GURL("https://random.example.com")| is the other, so
its making them both aligned.

https://codereview.chromium.org/1223233002/diff/80001/chrome/browser/ssl/ssl_...
chrome/browser/ssl/ssl_error_handler_unittest.cc:333: GURL());
On 2015/07/15 20:11:47, Mustafa Emre Acer wrote:
> indent 4 more spaces

Done.

palmer

https://codereview.chromium.org/1223233002/diff/120001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/120001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode71 chrome/browser/ssl/common_name_mismatch_handler.cc:71: const GURL landing_url = url_fetcher->GetURL(); This could be a ...

5 years, 5 months ago (2015-07-17 00:16:00 UTC) #11

Bhanu Dev

Wrote browser tests. Added code to check for www mismatch if |CERT_COMMON_NAME_INVALID| is the only ...

5 years, 5 months ago (2015-07-23 20:11:07 UTC) #12

meacer

https://codereview.chromium.org/1223233002/diff/140001/chrome/browser/ssl/ssl_error_classification.cc File chrome/browser/ssl/ssl_error_classification.cc (right): https://codereview.chromium.org/1223233002/diff/140001/chrome/browser/ssl/ssl_error_classification.cc#newcode273 chrome/browser/ssl/ssl_error_classification.cc:273: return 1; On 2015/07/23 20:11:06, Bhanu Dev wrote: > ...

5 years, 5 months ago (2015-07-23 20:12:55 UTC) #13

Bhanu Dev

https://codereview.chromium.org/1223233002/diff/140001/chrome/browser/ssl/ssl_error_classification.cc File chrome/browser/ssl/ssl_error_classification.cc (right): https://codereview.chromium.org/1223233002/diff/140001/chrome/browser/ssl/ssl_error_classification.cc#newcode273 chrome/browser/ssl/ssl_error_classification.cc:273: return 1; On 2015/07/23 20:12:55, Mustafa Emre Acer wrote: ...

5 years, 5 months ago (2015-07-23 20:17:53 UTC) #14

palmer

LGTM with nits. https://codereview.chromium.org/1223233002/diff/160001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/160001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode40 chrome/browser/ssl/common_name_mismatch_handler.cc:40: // The first 0 means this ...

5 years, 4 months ago (2015-07-27 23:56:18 UTC) #15

meacer

Looking good. I have some comments here and there, but I'm particularly curious why you ...

5 years, 4 months ago (2015-07-28 01:18:07 UTC) #16

Bhanu Dev

https://codereview.chromium.org/1223233002/diff/160001/chrome/browser/resources/security_warnings/interstitial_v2.js File chrome/browser/resources/security_warnings/interstitial_v2.js (right): https://codereview.chromium.org/1223233002/diff/160001/chrome/browser/resources/security_warnings/interstitial_v2.js#newcode29 chrome/browser/resources/security_warnings/interstitial_v2.js:29: var CMD_NAVIGATE_SUGGESTED_URL = 12; On 2015/07/28 01:18:05, Mustafa Emre ...

5 years, 4 months ago (2015-07-30 02:39:11 UTC) #17

meacer

Lgtm modulo comments https://codereview.chromium.org/1223233002/diff/160001/chrome/browser/ssl/ssl_blocking_page.cc File chrome/browser/ssl/ssl_blocking_page.cc (right): https://codereview.chromium.org/1223233002/diff/160001/chrome/browser/ssl/ssl_blocking_page.cc#newcode664 chrome/browser/ssl/ssl_blocking_page.cc:664: load_params.transition_type = ui::PAGE_TRANSITION_TYPED; On 2015/07/30 02:39:10, ...

5 years, 4 months ago (2015-07-30 19:40:22 UTC) #18

Bhanu Dev

https://codereview.chromium.org/1223233002/diff/180001/chrome/browser/resources/security_warnings/interstitial_v2.js File chrome/browser/resources/security_warnings/interstitial_v2.js (right): https://codereview.chromium.org/1223233002/diff/180001/chrome/browser/resources/security_warnings/interstitial_v2.js#newcode157 chrome/browser/resources/security_warnings/interstitial_v2.js:157: // Send a command if user clicks the suggested ...

5 years, 4 months ago (2015-07-31 00:07:16 UTC) #19

meacer

Can you also expand the CL description and describe what it does?

5 years, 4 months ago (2015-07-31 00:14:52 UTC) #22

chromium-reviews

Yes, I'm currently doing that :) Thanks. On Thu, Jul 30, 2015 at 5:14 PM, ...

5 years, 4 months ago (2015-07-31 00:16:12 UTC) #23

Bhanu Dev

bhanudev@google.com changed reviewers: + jhawkins@chromium.org, mmenke@chromium.org

5 years, 4 months ago (2015-07-31 01:13:14 UTC) #24

mmenke

On 2015/07/31 01:13:15, Bhanu Dev wrote: > @mmemke, @jhawkins, > > For owners review. PTAL. ...

5 years, 4 months ago (2015-07-31 02:24:33 UTC) #26

mmenke

On 2015/07/31 02:24:33, mmenke wrote: > On 2015/07/31 01:13:15, Bhanu Dev wrote: > > @mmemke, ...

5 years, 4 months ago (2015-07-31 02:24:48 UTC) #27

Bhanu Dev

On 2015/07/31 02:24:48, mmenke wrote: > On 2015/07/31 02:24:33, mmenke wrote: > > On 2015/07/31 ...

5 years, 4 months ago (2015-07-31 03:34:04 UTC) #28

mmenke

This should be reviewed by a net/ person with some knowledge of the SSL code. ...

5 years, 4 months ago (2015-07-31 15:16:50 UTC) #29

Bhanu Dev

bhanudev@google.com changed reviewers: + davidben@chromium.org

5 years, 4 months ago (2015-07-31 18:20:37 UTC) #30

Bhanu Dev

@davidben, For owners review. I would like you to review the files in net/, net/data/ssl/certificates/example_cert.pem ...

5 years, 4 months ago (2015-07-31 18:20:38 UTC) #31

davidben

davidben@chromium.org changed reviewers: + rsleevi@chromium.org

5 years, 4 months ago (2015-07-31 18:24:11 UTC) #32

davidben

Sorry we //net folks keep playing hot potato on this. :-) Bouncing to rsleevi as ...

5 years, 4 months ago (2015-07-31 18:24:12 UTC) #33

Bhanu Dev

On 2015/07/31 18:24:12, David Benjamin wrote: > Sorry we //net folks keep playing hot potato ...

5 years, 4 months ago (2015-07-31 18:35:06 UTC) #34

Bhanu Dev

On 2015/07/31 18:35:06, Bhanu Dev wrote: > On 2015/07/31 18:24:12, David Benjamin wrote: > > ...

5 years, 4 months ago (2015-08-03 18:30:24 UTC) #35

mmenke

mmenke@chromium.org changed reviewers: - mmenke@chromium.org

5 years, 4 months ago (2015-08-03 18:53:32 UTC) #36

mmenke

mmenke@chromium.org changed reviewers: + mmenke@chromium.org

5 years, 4 months ago (2015-08-03 18:54:08 UTC) #37

Ryan Sleevi

On 2015/08/03 18:30:24, Bhanu Dev wrote: > @rsleevi, Can you please take a look at ...

5 years, 4 months ago (2015-08-03 19:31:20 UTC) #38

Bhanu Dev

Browsertests using MockCertVerifier. Removed test certificates generated, related code in net/.

5 years, 4 months ago (2015-08-06 06:23:55 UTC) #39

Ryan Sleevi

I've taken a look at this, with a focus on testing. On a high-level, I ...

5 years, 4 months ago (2015-08-07 00:14:11 UTC) #40

I've taken a look at this, with a focus on testing.

On a high-level, I really don't think we should just kick off such URL requests,
from the point of view of bandwidth, of privacy, and of power usage. That is, I
think Chrome already does too much 'magic under the hood', and we're seeing that
the magic is costing us - and, for users in emerging markets, has real,
tangible, monetary costs.

From a design perspective, I'd love if you and -enamel could iterate and
evaluate whether or not the background request is strictly necessary, or whether
it still represents a user improvement to simply offer the Suggest URL w/o any
background requests. I don't know if I'm stubborn enough to block this CL, but I
think it's something that the costs/chance for harm of the background request
exceed the value.

https://codereview.chromium.org/1223233002/diff/220001/net/test/spawned_test_...
File net/test/spawned_test_server/base_test_server.cc (left):

https://codereview.chromium.org/1223233002/diff/220001/net/test/spawned_test_...
net/test/spawned_test_server/base_test_server.cc:44: 
Unnecessary change?

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/captive...
File chrome/browser/captive_portal/captive_portal_browsertest.cc (right):

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/captive...
chrome/browser/captive_portal/captive_portal_browsertest.cc:351:
reinterpret_cast<const char*>(google_der), sizeof(google_der));
I would encourage you to use ImportCertFromFile using any of those certs, since
like I expressed on https://code.google.com/p/chromium/issues/detail?id=515969 ,
we can/should clean these constants up.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/com...
File chrome/browser/ssl/common_name_mismatch_handler.h (right):

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:22: class
CommonNameMismatchHandler : public net::URLFetcherDelegate,
From a design perspective, this seems really wrong to trigger such requests.

We're already looking for ways at properly accounting for how Chrome eats up
user data. I didn't realize the design rested on kicking off background
requests. Is there any design suitable for your goal that doesn't involve doing
this?

[I'm ignoring the fact that URLFetcher will fail to properly handle client auth,
proxy auth, HTTP auth, and a variety of ways in which it doesn't align with an
actual navigation request, other than mentioning it here]

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_browser_tests.cc (right):

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2279: reinterpret_cast<const
char*>(google_der), sizeof(google_der));
Same comments; like I said on email, use ImportCertFromFile here; that's the
preferred pattern :)

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2305:
IN_PROC_BROWSER_TEST_F(CertVerifierBrowserTest,
From a testing design, normally the fixture naming matches what's being tested.

I totally understand that your fixture either needs to be a
CertVerifierBrowserTest, but you have two options to better express this for
test naming

1) Using inheritance - i.e. class MyTestName : public CertVerifierBrowserTest
2) Using aliasing (typedefs or using) - e.g. using MyTestName =
CertVerifierBrowserTest

Both of these ensure that the stringified test name is meaningful, even if the
actual implementation is a CertVerifierBrowserTest

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2314:
host_resolver()->AddRule("test.example.com", "127.0.0.1");
BUG: You shouldn't assume that SpawnedTestServer is 127.0.0.1

You should be using AddRule() to add the test server's hostname - either using
AddRule(..., https_server_example_domain_.GetURL("").host()), or, simpler,
AddRule(..., https_server_example_domain_.host_port_pair().host())   

using host_port_pair() should properly handle  any IPv6 support

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2322: net::GetTestCertsDirectory(),
"quic_test.example.com.crt");
Haha, I should have been clearer in my email. Out of *all* of the test certs you
could have picked, you arguably picked the least-best one. Sorry! :P

They're the least-best because they're kept in sync with Google3 and it gets a
whole messy thing to update. I would pick any of the test certificates that have
a checked in generator script in net/data/ssl/scripts (you can see what
certificates this is via net/data/ssl/certificates/README )

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2357: ->GetTypeForTesting());
did git cl format do this? Weirdest formatting I've seen yet from it.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_error_classification.h (right):

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_classification.h:84: static bool
GetWWWSubDomainMatch(const std::string& host_name,
This is more of a nit, but it seems like this would be better clumped with the
remaining static functions on line 52.

From an API contract level, it makes me somewhat sad to see all of these as
static public, since it feels like it's revealing a lot of the internal details
just for unit tests. Makes me wonder whether it'd be better with just friending
the test fixture in the private section. You shouldn't have to do that in this
CL, though, because we should update the other public static methods
simultaneously.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_classification.h:99: // Returns true if
GetWWWSubDomainMatch finds a www mismatch.
Why have this function at all then? It seems like it can just be
replaced/inlined, isn't needed as a separate function.

Bhanu Dev

On 2015/08/07 00:14:11, Ryan Sleevi wrote: > I've taken a look at this, with a ...

5 years, 4 months ago (2015-08-07 00:37:41 UTC) #41

On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> I've taken a look at this, with a focus on testing.
> 
> On a high-level, I really don't think we should just kick off such URL
requests,
> from the point of view of bandwidth, of privacy, and of power usage. That is,
I
> think Chrome already does too much 'magic under the hood', and we're seeing
that
> the magic is costing us - and, for users in emerging markets, has real,
> tangible, monetary costs.
> 
> From a design perspective, I'd love if you and -enamel could iterate and
> evaluate whether or not the background request is strictly necessary, or
whether
> it still represents a user improvement to simply offer the Suggest URL w/o any
> background requests. I don't know if I'm stubborn enough to block this CL, but
I
> think it's something that the costs/chance for harm of the background request
> exceed the value.
> 
>
https://codereview.chromium.org/1223233002/diff/220001/net/test/spawned_test_...
> File net/test/spawned_test_server/base_test_server.cc (left):
> 
>
https://codereview.chromium.org/1223233002/diff/220001/net/test/spawned_test_...
> net/test/spawned_test_server/base_test_server.cc:44: 
> Unnecessary change?
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/captive...
> File chrome/browser/captive_portal/captive_portal_browsertest.cc (right):
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/captive...
> chrome/browser/captive_portal/captive_portal_browsertest.cc:351:
> reinterpret_cast<const char*>(google_der), sizeof(google_der));
> I would encourage you to use ImportCertFromFile using any of those certs,
since
> like I expressed on https://code.google.com/p/chromium/issues/detail?id=515969
,
> we can/should clean these constants up.
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/com...
> File chrome/browser/ssl/common_name_mismatch_handler.h (right):
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/com...
> chrome/browser/ssl/common_name_mismatch_handler.h:22: class
> CommonNameMismatchHandler : public net::URLFetcherDelegate,
> From a design perspective, this seems really wrong to trigger such requests.
> 
> We're already looking for ways at properly accounting for how Chrome eats up
> user data. I didn't realize the design rested on kicking off background
> requests. Is there any design suitable for your goal that doesn't involve
doing
> this?
> 
> [I'm ignoring the fact that URLFetcher will fail to properly handle client
auth,
> proxy auth, HTTP auth, and a variety of ways in which it doesn't align with an
> actual navigation request, other than mentioning it here]
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> File chrome/browser/ssl/ssl_browser_tests.cc (right):
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> chrome/browser/ssl/ssl_browser_tests.cc:2279: reinterpret_cast<const
> char*>(google_der), sizeof(google_der));
> Same comments; like I said on email, use ImportCertFromFile here; that's the
> preferred pattern :)
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> chrome/browser/ssl/ssl_browser_tests.cc:2305:
> IN_PROC_BROWSER_TEST_F(CertVerifierBrowserTest,
> From a testing design, normally the fixture naming matches what's being
tested.
> 
> I totally understand that your fixture either needs to be a
> CertVerifierBrowserTest, but you have two options to better express this for
> test naming
> 
> 1) Using inheritance - i.e. class MyTestName : public CertVerifierBrowserTest
> 2) Using aliasing (typedefs or using) - e.g. using MyTestName =
> CertVerifierBrowserTest
> 
> Both of these ensure that the stringified test name is meaningful, even if the
> actual implementation is a CertVerifierBrowserTest
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> chrome/browser/ssl/ssl_browser_tests.cc:2314:
> host_resolver()->AddRule("test.example.com", "127.0.0.1");
> BUG: You shouldn't assume that SpawnedTestServer is 127.0.0.1
> 
> You should be using AddRule() to add the test server's hostname - either using
> AddRule(..., https_server_example_domain_.GetURL("").host()), or, simpler,
> AddRule(..., https_server_example_domain_.host_port_pair().host())   
> 
> using host_port_pair() should properly handle  any IPv6 support
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> chrome/browser/ssl/ssl_browser_tests.cc:2322: net::GetTestCertsDirectory(),
> "quic_test.example.com.crt");
> Haha, I should have been clearer in my email. Out of *all* of the test certs
you
> could have picked, you arguably picked the least-best one. Sorry! :P
> 
> They're the least-best because they're kept in sync with Google3 and it gets a
> whole messy thing to update. I would pick any of the test certificates that
have
> a checked in generator script in net/data/ssl/scripts (you can see what
> certificates this is via net/data/ssl/certificates/README )
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> chrome/browser/ssl/ssl_browser_tests.cc:2357: ->GetTypeForTesting());
> did git cl format do this? Weirdest formatting I've seen yet from it.
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> File chrome/browser/ssl/ssl_error_classification.h (right):
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> chrome/browser/ssl/ssl_error_classification.h:84: static bool
> GetWWWSubDomainMatch(const std::string& host_name,
> This is more of a nit, but it seems like this would be better clumped with the
> remaining static functions on line 52.
> 
> From an API contract level, it makes me somewhat sad to see all of these as
> static public, since it feels like it's revealing a lot of the internal
details
> just for unit tests. Makes me wonder whether it'd be better with just
friending
> the test fixture in the private section. You shouldn't have to do that in this
> CL, though, because we should update the other public static methods
> simultaneously.
> 
>
https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
> chrome/browser/ssl/ssl_error_classification.h:99: // Returns true if
> GetWWWSubDomainMatch finds a www mismatch.
> Why have this function at all then? It seems like it can just be
> replaced/inlined, isn't needed as a separate function.

Thank you for the review. Yes, having extra URL checks might not be good. This
CL does not add any extra background URL checks. When there is a www mismatch,
we do not do the captive portal check. So, in these cases, instead of captive
portal check, there is a check for some other URL. Also, this is a HEAD request,
so this might be a little less resource intensive that if it was a GET request.
Thanks.

Bhanu Dev

The UI design has been changed, so we would be directly redirecting to the WWW ...

5 years, 4 months ago (2015-08-07 22:28:48 UTC) #42

The UI design has been changed, so we would be directly redirecting to the WWW
mismatched domain, without any interstitial or infobar.

This is the patch which implements this, unittests and browser tests are changed
accordingly. So, the previous changes for interstitial, JS link handler, tests,
ssl blocking page are all reverted.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/captive...
File chrome/browser/captive_portal/captive_portal_browsertest.cc (right):

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/captive...
chrome/browser/captive_portal/captive_portal_browsertest.cc:351:
reinterpret_cast<const char*>(google_der), sizeof(google_der));
On 2015/08/07 00:14:10, Ryan Sleevi wrote:
> I would encourage you to use ImportCertFromFile using any of those certs,
since
> like I expressed on https://code.google.com/p/chromium/issues/detail?id=515969
,
> we can/should clean these constants up.

Done.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/com...
File chrome/browser/ssl/common_name_mismatch_handler.h (right):

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:22: class
CommonNameMismatchHandler : public net::URLFetcherDelegate,
On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> From a design perspective, this seems really wrong to trigger such requests.
> 
> We're already looking for ways at properly accounting for how Chrome eats up
> user data. I didn't realize the design rested on kicking off background
> requests. Is there any design suitable for your goal that doesn't involve
doing
> this?
> 
> [I'm ignoring the fact that URLFetcher will fail to properly handle client
auth,
> proxy auth, HTTP auth, and a variety of ways in which it doesn't align with an
> actual navigation request, other than mentioning it here]

Acknowledged.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_browser_tests.cc (right):

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2279: reinterpret_cast<const
char*>(google_der), sizeof(google_der));
On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> Same comments; like I said on email, use ImportCertFromFile here; that's the
> preferred pattern :)

Done.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2305:
IN_PROC_BROWSER_TEST_F(CertVerifierBrowserTest,
On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> From a testing design, normally the fixture naming matches what's being
tested.
> 
> I totally understand that your fixture either needs to be a
> CertVerifierBrowserTest, but you have two options to better express this for
> test naming
> 
> 1) Using inheritance - i.e. class MyTestName : public CertVerifierBrowserTest
> 2) Using aliasing (typedefs or using) - e.g. using MyTestName =
> CertVerifierBrowserTest
> 
> Both of these ensure that the stringified test name is meaningful, even if the
> actual implementation is a CertVerifierBrowserTest

Done.
Thank you for letting me know about this.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2314:
host_resolver()->AddRule("test.example.com", "127.0.0.1");
On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> BUG: You shouldn't assume that SpawnedTestServer is 127.0.0.1
> 
> You should be using AddRule() to add the test server's hostname - either using
> AddRule(..., https_server_example_domain_.GetURL("").host()), or, simpler,
> AddRule(..., https_server_example_domain_.host_port_pair().host())   
> 
> using host_port_pair() should properly handle  any IPv6 support

Done.
I was using 127.0.0.1 as I verified that GetHostName() returns 127.0.0.1 for
CERT_OK. Anyway, I agree with you that it is good to get the hostname each time.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2322: net::GetTestCertsDirectory(),
"quic_test.example.com.crt");
On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> Haha, I should have been clearer in my email. Out of *all* of the test certs
you
> could have picked, you arguably picked the least-best one. Sorry! :P
> 
> They're the least-best because they're kept in sync with Google3 and it gets a
> whole messy thing to update. I would pick any of the test certificates that
have
> a checked in generator script in net/data/ssl/scripts (you can see what
> certificates this is via net/data/ssl/certificates/README )

Haha. Ok, I went through most of the certs and *picked* this because this has
the most suitable dns name(test.example.com) which is a top level domain and not
127.0.0.1 or localhost as used by most certs. 

I changed this and used spdy_pooling.pem now.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2357: ->GetTypeForTesting());
On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> did git cl format do this? Weirdest formatting I've seen yet from it.

Yes. Anyway, the browser tests are changed now, so I don't need this anymore.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_error_classification.h (right):

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_classification.h:84: static bool
GetWWWSubDomainMatch(const std::string& host_name,
On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> This is more of a nit, but it seems like this would be better clumped with the
> remaining static functions on line 52.
> 
> From an API contract level, it makes me somewhat sad to see all of these as
> static public, since it feels like it's revealing a lot of the internal
details
> just for unit tests. Makes me wonder whether it'd be better with just
friending
> the test fixture in the private section. You shouldn't have to do that in this
> CL, though, because we should update the other public static methods
> simultaneously.

Done.

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_classification.h:99: // Returns true if
GetWWWSubDomainMatch finds a www mismatch.
On 2015/08/07 00:14:11, Ryan Sleevi wrote:
> Why have this function at all then? It seems like it can just be
> replaced/inlined, isn't needed as a separate function.

This method gets the hostname,dns names and calls the static method
GetWWWSubDomainMatch. I thought that it might not be good to have it inline with
definition in header file, tests also use this.

Ryan Sleevi

https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl_error_classification.h File chrome/browser/ssl/ssl_error_classification.h (right): https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl_error_classification.h#newcode99 chrome/browser/ssl/ssl_error_classification.h:99: // Returns true if GetWWWSubDomainMatch finds a www mismatch. ...

5 years, 4 months ago (2015-08-07 22:31:11 UTC) #43

Bhanu Dev

On 2015/08/07 22:31:11, Ryan Sleevi wrote: > https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl_error_classification.h > File chrome/browser/ssl/ssl_error_classification.h (right): > > https://codereview.chromium.org/1223233002/diff/260001/chrome/browser/ssl/ssl_error_classification.h#newcode99 ...

5 years, 4 months ago (2015-08-07 22:35:01 UTC) #44

Bhanu Dev

@rsleevi, I have added the code to handle thread restrictions. Thanks a lot for helping ...

5 years, 4 months ago (2015-08-12 05:18:35 UTC) #45

meacer

Still LGTM. Please wait for an l-g-t-m from rsleevi@ before submitting. https://codereview.chromium.org/1223233002/diff/320001/chrome/browser/ssl/ssl_browser_tests.cc File chrome/browser/ssl/ssl_browser_tests.cc (right): ...

5 years, 4 months ago (2015-08-12 22:32:56 UTC) #46

Bhanu Dev

https://codereview.chromium.org/1223233002/diff/320001/chrome/browser/ssl/ssl_browser_tests.cc File chrome/browser/ssl/ssl_browser_tests.cc (right): https://codereview.chromium.org/1223233002/diff/320001/chrome/browser/ssl/ssl_browser_tests.cc#newcode2298 chrome/browser/ssl/ssl_browser_tests.cc:2298: net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem"); On 2015/08/12 22:32:56, Mustafa Emre Acer wrote: ...

5 years, 4 months ago (2015-08-13 01:28:00 UTC) #47

Bhanu Dev

rsleevi@, Can you please let me know if the code is good enough to commit. ...

5 years, 4 months ago (2015-08-13 20:03:17 UTC) #48

mmenke

On 2015/08/13 20:03:17, Bhanu Dev wrote: > rsleevi@, Can you please let me know if ...

5 years, 4 months ago (2015-08-13 20:06:09 UTC) #49

Ryan Sleevi

Chatted with felt@ a bit. I guess I'm still reserved about background requests, but not ...

5 years, 4 months ago (2015-08-14 00:40:17 UTC) #50

Bhanu Dev

@rsleevi, Thanks a lot for your review. I think I learnt about some possible security ...

5 years, 4 months ago (2015-08-15 00:18:54 UTC) #52

@rsleevi, Thanks a lot for your review. I think I learnt about some possible
security bugs while addressing them. 

@davidben, can you please take a second pass and see if the comments are
resolved well. Thanks.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
File chrome/browser/ssl/common_name_mismatch_handler.cc (right):

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.cc:47: net::LOAD_BYPASS_CACHE |
net::LOAD_DO_NOT_SAVE_COOKIES |
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> The LOAD_BYPASS_CACHE is subtle and surprising - document why.
> 
> [My own presumption is that you want to make sure that you don't get a
> 200-series success code, since there's more than 200 to indicate a successful
> load, and you also want to make sure the page will actually load if you
directed
> the user there, even though the latter part seems somewhat weird because the
> actual load would be from the cache]

I used this because I like wanted to completely make sure the page loads. But,
you are right as the load would be from cache only. Removing this. Thanks.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.cc:64: callback.Run(results);
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> GetSuggestedUrlCheckResult(...)
> url_fetcher_.reset();
> base::ResetAndReturn(&check_url_callback_).Run(...);

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.cc:81: // Make sure the
|landing_url| is a valid https page.
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> s/HTTPS/

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.cc:81: // Make sure the
|landing_url| is a valid https page.
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> Comment-wise, this seems to hide what 'valid' means - here, you seemingly are
> wanting to check if it loads and doesn't result in a redirect loop to the
> current page?

Done.

I was meaning "valid" to be, without any error and having a valid certificate.
Modified it.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.cc:91: bool
CommonNameMismatchHandler::GetSuggestedUrl(
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> The order of definitions should match the order of declarations - this should
be
> before OnURLFetchComplete

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.cc:100: } else {
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> Don't use else after return -
> https://www.chromium.org/developers/coding-style#Code_Formatting

Done. Thanks.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.cc:112: return
url_fetcher_.get() != NULL;
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> nullptr is recommended for new code ( https://chromium-cpp.appspot.com/ ),
> however, an even better strategy is to rely on the implicit bool coercion,
which
> allows the same pattern across multiple containers
> 
> return url_fetcher_;
> 
> (scoped_ptr/scoped_refptr<> will convert to bool through conversion helpers,
and
> raw pointers are always convertable)

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
File chrome/browser/ssl/common_name_mismatch_handler.h (right):

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:14: #include
"net/url_request/url_fetcher.h"
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> Can forward declare

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:21: // perform a network
request to check the validity of new URL.
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> As a class comment, this feels worded wrong. Perhaps the following:
> 
> // This class handles errors due to common name mismatches
> (|ERR_CERT_COMMON_NAME_INVALID|)
> // and helps remediate them by suggesting alternative URLs that may be what
> // the user intended to load.

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:44: };
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> The use of a struct helper for this seems unnecessary; why not just return the
> two arguments?

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:49: const GURL request_url,
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> const GURL&

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:54: // |callback|.
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> This comment could use beefing up.
> 
> If I'm only reading this header file, and trying to understand what the class
> does, what is a check to validate a URL? What might I reasonably expect?
> 
> At the same time, you want to be careful to avoid documenting exactly what
will
> happen (that is, your header comment shouldn't be a prose form of the code,
> since code will change but prose lives on), but attempt to explain the
narrative
> of what are the preconditions/postconditions and what might happen / how might
> this be used

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:60: // to try into
|suggested_url|.
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> comment-wise, "writes a suggestion" feels weird in the broader context.
> 
> // Determines if, for |request_url| serving a certificate that is valid for
> // the domain names |dns_names|, there is a name that the certificate is
> // valid for that closely matches the original name in |request_url|. If
> // so, returns true, and sets |*suggested_url| to a URL that is unlikely
> // to cause an ERR_CERT_COMMON_NAME_INVALID error.

Done. Thanks.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:66: static void
set_state_for_testing(TestingState testing_state) {
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> Static methods are generally a strong anti-pattern, especially for tests (as
> implicitly it makes test non-hermetic unless the state is reset)
> 
> Why can't this be exposed as an instance method with an instance member?

I was considering that this is good enough as long as we are setting and
resetting the states correctly. Also, was trying to follow existing peices of
code like
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/cap...

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:69: static TestingState
get_state_for_testing() { return testing_state_; }
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> Why is it needed to access the testing state? We rarely (never?) return this.

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:78: Results* results) const;
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> This doesn't seem like it needs to be a private method - that is, it could be
> fully localized to the .cc in an unnamed namespace.

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:81: bool
CheckingSuggestedUrl() const;
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> s/CheckingSuggestedUrl/IsCheckingSuggestedUrl/

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/com...
chrome/browser/ssl/common_name_mismatch_handler.h:91:
scoped_ptr<net::URLFetcher> url_fetcher_;
On 2015/08/14 00:40:16, Ryan Sleevi (out until 8-24) wrote:
> There seems to be a lot of unnecessary vertical whitespace here. You can
delete
> the line breaks on 84, 86, 88, and 90.

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_browser_tests.cc (right):

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2390: class SSLInterstitialTimerObserver
{
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> ODR VIOLATION DANGER: Putting this helper in the main scope is extremely
> dangerous and may cause ODR violations (I've found and fixed multiple bugs
> related to this in other tests in the past). Strongly suggest you move this
> helper up to the unnamed namespace.

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_browser_tests.cc:2404:
scoped_refptr<content::MessageLoopRunner> message_loop_runner_;
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> Wow, I'm surprised jam@ hasn't nuked this.
> 
> base::RunLoop is the preferred hotness for this; anything you see that says
> "MessageLoop" is highly suspect and should be avoided as deprecated, and there
> should be alternatives that exist.

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_error_classification.cc (right):

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_classification.cc:334: if (dns_names[i].empty() ||
dns_names[i].find('\0') != std::string::npos
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> DANGER: There is _zero_ guarantee that |dns_names| are well-formed/canonical.
> That is, a cert could totally have the name
mailto:"www....monkeypants!!@#example.com",
> which is in no way valid.
> 
> This is independent of the CL, but reflects the danger in just blindly loading
> it.

Acknowledged. I think we are not executing the dns name or so, we just compare
it with hostname.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_classification.cc:340:
base::ASCIIToUTF16(host_name)) {
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> Hrm, this is problematic from the original code - converting to String16 only
to
> ignore the result is just wasting bytes.
> 
> I'll try to resolve this as part of https://crbug.com/488531

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_error_handler.cc (right):

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_handler.cc:157: if (extra_cert_errors) {
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> This is not correct. CertStatus contains errors _and_ informational status
bits.
> 
> Our preferred idiom is to look at both IsCertStatusError and
> IsCertStatusMinorError to make a decision.

Done. Thanks for pointing this out. This might have resulted in false negatives.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_handler.cc:217: base::Unretained(this)));
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> This seems incredibly dangerous - base::Unretained() is almost universally a
red
> flag that signals "carefully review the threading contracts", and I don't see
> code that guarantees this is safe.

Done. Added a method |Cancel()| in CommonNameMismatchHandler and it is called
before the SSLErrorHandler gets deleted.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_error_handler.h (right):

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_handler.h:14: #include
"chrome/browser/profiles/profile.h"
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> Can forward declare

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_handler.h:69: const
CommonNameMismatchHandler::Results& results);
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> Yet another reason not to use the struct for results and just pass it as two
> parameters - you could totally get away w/o including the
> CommonNameMismatchHandler header

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
File chrome/browser/ssl/ssl_error_handler_unittest.cc (right):

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_handler_unittest.cc:250:
base::MessageLoop::current()->RunUntilIdle();
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> Hrm, I missed that existing code calls this, but base::RunLoop should be
> preferred over calling base::MessageLoop::current()

Done.

https://codereview.chromium.org/1223233002/diff/340001/chrome/browser/ssl/ssl...
chrome/browser/ssl/ssl_error_handler_unittest.cc:287:
EXPECT_FALSE(error_handler()->IsTimerRunning());
On 2015/08/14 00:40:17, Ryan Sleevi (out until 8-24) wrote:
> Why have this call? This is guaranteed by the testing framework, is it not?
> Every test will fully create a new SSLErrorHandler (and thus a new timer), and
> you should not have any URLs loaded.

Done. Yes, timer would not be running when SSLErrorHandler gets created. It
starts only after the method StartHandlingError() is invoked. I just tried to
make sure this and also since previous tests were doing the same.

davidben

https://codereview.chromium.org/1223233002/diff/380001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/380001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode41 chrome/browser/ssl/common_name_mismatch_handler.cc:41: net::URLFetcher::HEAD, this); If you're always passing zero, you can ...

5 years, 4 months ago (2015-08-17 18:59:19 UTC) #53

Ryan Sleevi

https://codereview.chromium.org/1223233002/diff/380001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/380001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode103 chrome/browser/ssl/common_name_mismatch_handler.cc:103: return url_fetcher_; On 2015/08/17 18:59:18, David Benjamin wrote: > ...

5 years, 4 months ago (2015-08-18 04:31:55 UTC) #54

Bhanu Dev

https://codereview.chromium.org/1223233002/diff/380001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/380001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode41 chrome/browser/ssl/common_name_mismatch_handler.cc:41: net::URLFetcher::HEAD, this); On 2015/08/17 18:59:18, David Benjamin wrote: > ...

5 years, 4 months ago (2015-08-18 05:09:10 UTC) #55

davidben

lgtm https://codereview.chromium.org/1223233002/diff/420001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/420001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode86 chrome/browser/ssl/common_name_mismatch_handler.cc:86: // |suggested_url| and |landing_url| can be different in ...

5 years, 4 months ago (2015-08-18 20:19:05 UTC) #56

Bhanu Dev

https://codereview.chromium.org/1223233002/diff/420001/chrome/browser/ssl/common_name_mismatch_handler.cc File chrome/browser/ssl/common_name_mismatch_handler.cc (right): https://codereview.chromium.org/1223233002/diff/420001/chrome/browser/ssl/common_name_mismatch_handler.cc#newcode86 chrome/browser/ssl/common_name_mismatch_handler.cc:86: // |suggested_url| and |landing_url| can be different in case ...

5 years, 4 months ago (2015-08-18 21:34:32 UTC) #57

Bhanu Dev

The patchset sent to the CQ was uploaded after l-g-t-m from palmer@chromium.org, meacer@chromium.org, rsleevi@chromium.org, mmenke@chromium.org, ...

5 years, 4 months ago (2015-08-18 21:34:39 UTC) #59

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1223233002/440001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1223233002/440001

5 years, 4 months ago (2015-08-18 21:34:59 UTC) #60

commit-bot: I haz the power

5 years, 4 months ago (2015-08-18 22:22:13 UTC) #62

Message was sent while issue was closed.

Patchset 23 (id:??) landed as
https://crrev.com/2051ce7a01a4026ec1611c940a3d83a55a6e19ef
Cr-Commit-Position: refs/heads/master@{#344052}

Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)

Description

Patch Set 1 : Added new class CommonNameMismatchHandler #

Patch Set 2 : Added CommonNameMismatch check in SSLErrorHandler #

Patch Set 3 : Changing function signature in unnittest file #

Patch Set 4 : Handling redirection, Resolving Comments #

Patch Set 5 : Unittests #

Patch Set 6 : Added Navigation, Resolved Comments #

Patch Set 7 : Resolving Comments #

Patch Set 8 : Browsertests #

Patch Set 9 : Minor Changes: Removing test code #

Patch Set 10 : Resolved comments, added UMA #

Patch Set 11 : resolved comments: documentation, style changes #

Patch Set 12 : mmenke's comments #

Patch Set 13 : Rebasing #

Patch Set 14 : Browsertests using MockCertVerifier #

Patch Set 15 : Removed interstitial code, Implemented Redirection #

Patch Set 16 : Revert changes in security_interstitial_page.h #

Patch Set 17 : Fixing trybot failures #

Patch Set 18 : Documentation Changes #

Patch Set 19 : Resolving comments: Fixing some bugs, documentation #

Patch Set 20 : Fixing Unittests #

Patch Set 21 : Resolving Comments #

Patch Set 22 : Rebasing #

Patch Set 23 : Resolving comments #

Messages