Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(31)

Issue 1440643002: Certificate Transparency: Per-profile CT verification (Closed)

Created:
5 years, 1 month ago by Eran Messeri
Modified:
5 years ago
Reviewers:
droger, mmenke, davidben
CC:
chromium-reviews, Rob Percival
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Certificate Transparency: Per-profile CT verification Prepare for auditing Signed Certificate Timestamps (which are tied to specific certificates) by having a per-profile CT verification. That would allow auditing SCTs separately for separate profiles. BUG=506227 Committed: https://crrev.com/1a79db29a0ac4d6936581e0d1a82c267721841cf Cr-Commit-Position: refs/heads/master@{#361311}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Addressing review comments #

Patch Set 3 : Made CTLogVerifier const throughout. #

Total comments: 6

Patch Set 4 : Addressed review comments #

Patch Set 5 : Fixing iOS compilation #

Unified diffs Side-by-side diffs Delta from patch set Stats (+52 lines, -34 lines) Patch
M chrome/browser/io_thread.h View 1 2 2 chunks +2 lines, -1 line 0 comments Download
M chrome/browser/io_thread.cc View 1 2 4 chunks +5 lines, -3 lines 0 comments Download
M chrome/browser/profiles/profile_impl_io_data.cc View 1 2 1 chunk +1 line, -2 lines 0 comments Download
M chrome/browser/profiles/profile_io_data.h View 1 2 2 chunks +2 lines, -0 lines 0 comments Download
M chrome/browser/profiles/profile_io_data.cc View 1 2 3 2 chunks +7 lines, -0 lines 0 comments Download
M ios/chrome/browser/ios_chrome_io_thread.cc View 1 2 3 4 1 chunk +1 line, -1 line 0 comments Download
M net/cert/ct_known_logs.h View 1 2 1 chunk +1 line, -1 line 0 comments Download
M net/cert/ct_known_logs.cc View 1 2 1 chunk +3 lines, -2 lines 0 comments Download
M net/cert/ct_log_verifier.h View 1 2 4 chunks +11 lines, -7 lines 0 comments Download
M net/cert/ct_log_verifier.cc View 1 2 4 chunks +4 lines, -4 lines 0 comments Download
M net/cert/ct_log_verifier_nss.cc View 1 2 1 chunk +1 line, -1 line 0 comments Download
M net/cert/ct_log_verifier_openssl.cc View 1 2 1 chunk +1 line, -1 line 0 comments Download
M net/cert/ct_log_verifier_unittest.cc View 1 2 2 chunks +2 lines, -2 lines 0 comments Download
M net/cert/ct_objects_extractor_unittest.cc View 1 2 1 chunk +1 line, -1 line 0 comments Download
M net/cert/ct_verifier.h View 1 2 3 2 chunks +3 lines, -0 lines 0 comments Download
M net/cert/multi_log_ct_verifier.h View 1 2 3 2 chunks +4 lines, -5 lines 0 comments Download
M net/cert/multi_log_ct_verifier.cc View 1 2 1 chunk +1 line, -1 line 0 comments Download
M net/cert/multi_log_ct_verifier_unittest.cc View 1 2 2 chunks +2 lines, -2 lines 0 comments Download

Messages

Total messages: 27 (7 generated)
Eran Messeri
Matt / David: Wasn't sure who is more suitable for reviewing this change - any ...
5 years, 1 month ago (2015-11-11 17:41:39 UTC) #3
davidben
On 2015/11/11 17:41:39, Eran Messeri wrote: > Matt / David: Wasn't sure who is more ...
5 years, 1 month ago (2015-11-11 22:39:02 UTC) #4
mmenke
What's the motivation of doing this, instead of just sharing the IOThread's verifier? Being able ...
5 years, 1 month ago (2015-11-17 17:38:32 UTC) #5
Eran Messeri
On 2015/11/17 17:38:32, mmenke wrote: > What's the motivation of doing this, instead of just ...
5 years, 1 month ago (2015-11-17 17:59:44 UTC) #6
mmenke
On 2015/11/17 17:59:44, Eran Messeri wrote: > On 2015/11/17 17:38:32, mmenke wrote: > > What's ...
5 years, 1 month ago (2015-11-17 18:15:38 UTC) #7
Eran Messeri
On 2015/11/17 18:15:38, mmenke wrote: > On 2015/11/17 17:59:44, Eran Messeri wrote: > > On ...
5 years, 1 month ago (2015-11-18 14:11:06 UTC) #8
Eran Messeri
Also, addressed review comments. https://codereview.chromium.org/1440643002/diff/1/chrome/browser/io_thread.h File chrome/browser/io_thread.h (right): https://codereview.chromium.org/1440643002/diff/1/chrome/browser/io_thread.h#newcode27 chrome/browser/io_thread.h:27: #include "net/cert/ct_verifier.h" On 2015/11/17 17:38:32, ...
5 years, 1 month ago (2015-11-18 14:16:22 UTC) #9
mmenke
On 2015/11/18 14:11:06, Eran Messeri wrote: > On 2015/11/17 18:15:38, mmenke wrote: > > On ...
5 years, 1 month ago (2015-11-18 16:19:54 UTC) #10
Eran Messeri
On 2015/11/18 16:19:54, mmenke wrote: > On 2015/11/18 14:11:06, Eran Messeri wrote: > > On ...
5 years, 1 month ago (2015-11-18 18:07:19 UTC) #11
mmenke
On 2015/11/18 18:07:19, Eran Messeri wrote: > On 2015/11/18 16:19:54, mmenke wrote: > > On ...
5 years, 1 month ago (2015-11-18 18:45:07 UTC) #12
Eran Messeri
As discussed, made the CTLogVerifier const throughout (it is now not possible to hold a ...
5 years, 1 month ago (2015-11-20 13:28:10 UTC) #13
mmenke
Thanks for the change! This looks good. https://codereview.chromium.org/1440643002/diff/40001/chrome/browser/profiles/profile_io_data.cc File chrome/browser/profiles/profile_io_data.cc (right): https://codereview.chromium.org/1440643002/diff/40001/chrome/browser/profiles/profile_io_data.cc#newcode1146 chrome/browser/profiles/profile_io_data.cc:1146: cert_transparency_verifier_.reset(ct_verifier.release()); cert_transparency_verifier_ ...
5 years, 1 month ago (2015-11-20 17:23:59 UTC) #14
Eran Messeri
Matt, changed the documentation to better reflect the expected dependency. If that helps, Ryan suggested ...
5 years, 1 month ago (2015-11-23 12:34:39 UTC) #15
mmenke
LGTM
5 years, 1 month ago (2015-11-23 16:09:21 UTC) #16
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1440643002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1440643002/80001
5 years, 1 month ago (2015-11-23 21:58:45 UTC) #19
commit-bot: I haz the power
Try jobs failed on following builders: chromium_presubmit on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/121434)
5 years, 1 month ago (2015-11-23 22:23:48 UTC) #21
droger
//ios lgtm
5 years ago (2015-11-24 10:24:59 UTC) #23
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1440643002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1440643002/80001
5 years ago (2015-11-24 10:25:47 UTC) #25
commit-bot: I haz the power
Committed patchset #5 (id:80001)
5 years ago (2015-11-24 10:56:57 UTC) #26
commit-bot: I haz the power
5 years ago (2015-11-24 10:57:51 UTC) #27
Message was sent while issue was closed.
Patchset 5 (id:??) landed as
https://crrev.com/1a79db29a0ac4d6936581e0d1a82c267721841cf
Cr-Commit-Position: refs/heads/master@{#361311}

Powered by Google App Engine
This is Rietveld 408576698