Issue 1294673005: Disable Name Mismatch redirection for non-overridable SSL errors

Issue 1294673005: Disable Name Mismatch redirection for non-overridable SSL errors (Closed)

Created:
5 years, 4 months ago by Bhanu Dev

Modified:
5 years, 4 months ago

Reviewers:
meacer

CC:
chromium-reviews

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Disable name mismatch redirection for non-overridable SSL errors BUG=507454 This CL ensures that we do not do name mismatch redirection for HSTS enabled sites. Also, we make sure that redirection is done only when Common Name Invalid is the only error present. This automatically ensures that SSL pinning failures are not handled by name mismatch redirection. Committed: https://crrev.com/3999e3789ae5924180a25ba5002e8eb0c8d9bff2 Cr-Commit-Position: refs/heads/master@{#344715}

Patch Set 1 #

Total comments: 2

Patch Set 2 : Unittest #

Total comments: 12

Patch Set 3 : Comments #

Total comments: 2

Patch Set 4 : Comments, Rebase #

Patch Set 5 : Rebase Again #

Created: 5 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+32 lines, -7 lines)			Patch
M	chrome/browser/ssl/ssl_error_handler.h	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
M	chrome/browser/ssl/ssl_error_handler.cc	View	1 2 3	5 chunks	+10 lines, -6 lines	0 comments	Download
M	chrome/browser/ssl/ssl_error_handler_unittest.cc	View	1 2 3 4	5 chunks	+21 lines, -1 line	0 comments	Download

Messages

Total messages: 22 (8 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Bhanu Dev

HSTS is checked as a part of deciding Overridable and Non overridable errors. So, do ...

5 years, 4 months ago (2015-08-20 20:31:54 UTC) #2

meacer

On 2015/08/20 20:31:54, Bhanu Dev wrote: > HSTS is checked as a part of deciding ...

5 years, 4 months ago (2015-08-20 20:51:34 UTC) #3

meacer

https://codereview.chromium.org/1294673005/diff/1/chrome/browser/ssl/ssl_error_handler.cc File chrome/browser/ssl/ssl_error_handler.cc (right): https://codereview.chromium.org/1294673005/diff/1/chrome/browser/ssl/ssl_error_handler.cc#newcode159 chrome/browser/ssl/ssl_error_handler.cc:159: SSLBlockingPage::IsOverridable(options_mask_, profile_) && Can you add a unit test ...

5 years, 4 months ago (2015-08-20 20:51:39 UTC) #4

Bhanu Dev

5 years, 4 months ago (2015-08-20 22:45:06 UTC) #5

meacer

https://codereview.chromium.org/1294673005/diff/20001/chrome/browser/ssl/ssl_error_handler.h File chrome/browser/ssl/ssl_error_handler.h (right): https://codereview.chromium.org/1294673005/diff/20001/chrome/browser/ssl/ssl_error_handler.h#newcode107 chrome/browser/ssl/ssl_error_handler.h:107: virtual bool IsOverridable(); nit: Rename this to IsErrorOverridable() https://codereview.chromium.org/1294673005/diff/20001/chrome/browser/ssl/ssl_error_handler.h#newcode107 ...

5 years, 4 months ago (2015-08-20 23:15:22 UTC) #6

Bhanu Dev

5 years, 4 months ago (2015-08-21 00:52:16 UTC) #7

meacer

LGTM, please add a better CL description for the first line. (e.g. "Disable name mismatch ...

5 years, 4 months ago (2015-08-21 01:00:10 UTC) #8

Bhanu Dev

https://codereview.chromium.org/1294673005/diff/40001/chrome/browser/ssl/ssl_error_handler_unittest.cc File chrome/browser/ssl/ssl_error_handler_unittest.cc (right): https://codereview.chromium.org/1294673005/diff/40001/chrome/browser/ssl/ssl_error_handler_unittest.cc#newcode279 chrome/browser/ssl/ssl_error_handler_unittest.cc:279: error_handler()->set_non_overridable_error(); On 2015/08/21 01:00:10, Mustafa Emre Acer wrote: > ...

5 years, 4 months ago (2015-08-21 01:11:26 UTC) #9