Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1546653004: Name constraints with excluded names but no permitted names should allow names not matching the exc… (Closed)

Created:
5 years ago by mattm
Modified:
4 years, 11 months ago
Reviewers:
Ryan Sleevi, davidben
CC:
chromium-reviews, cbentzel+watch_chromium.org, eroman
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Name constraints with excluded names but no permitted names should allow names not matching the excluded names. BUG=410574 Committed: https://crrev.com/683a9a97368659d5792d71f3490f94c304971198 Cr-Commit-Position: refs/heads/master@{#371603}

Patch Set 1 #

Total comments: 8

Patch Set 2 : rebase #

Patch Set 3 : changes for comment #4 #

Patch Set 4 : rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+32 lines, -28 lines) Patch
M net/cert/internal/name_constraints.cc View 1 2 5 chunks +18 lines, -14 lines 0 comments Download
M net/cert/internal/name_constraints_unittest.cc View 1 2 3 5 chunks +14 lines, -14 lines 0 comments Download

Messages

Total messages: 12 (4 generated)
mattm
Saw that NIST PKITS tests show a different interpretation of name constraints than I had.(Ex, ...
5 years ago (2015-12-23 00:15:33 UTC) #2
mattm
On 2015/12/23 00:15:33, mattm wrote: > Saw that NIST PKITS tests show a different interpretation ...
5 years ago (2015-12-23 00:16:56 UTC) #3
davidben
This interpretation seems correct, yeah. Section 6.1.3 checks permitted_subtrees and excluded_subtrees separately. https://codereview.chromium.org/1546653004/diff/1/net/cert/internal/name_constraints.cc File net/cert/internal/name_constraints.cc ...
4 years, 11 months ago (2016-01-05 19:34:44 UTC) #4
mattm
https://codereview.chromium.org/1546653004/diff/1/net/cert/internal/name_constraints.cc File net/cert/internal/name_constraints.cc (right): https://codereview.chromium.org/1546653004/diff/1/net/cert/internal/name_constraints.cc#newcode402 net/cert/internal/name_constraints.cc:402: if (!extnvalue_parser.ReadTag(der::kOctetString, &subject_alt_name_tlv)) On 2016/01/05 19:34:44, davidben wrote: > ...
4 years, 11 months ago (2016-01-05 20:40:25 UTC) #5
Ryan Sleevi
lgtm
4 years, 11 months ago (2016-01-06 01:53:29 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1546653004/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1546653004/60001
4 years, 11 months ago (2016-01-26 19:59:17 UTC) #9
commit-bot: I haz the power
Committed patchset #4 (id:60001)
4 years, 11 months ago (2016-01-26 21:36:54 UTC) #10
commit-bot: I haz the power
4 years, 11 months ago (2016-01-26 21:38:10 UTC) #12
Message was sent while issue was closed. 
Patchset 4 (id:??) landed as
https://crrev.com/683a9a97368659d5792d71f3490f94c304971198
Cr-Commit-Position: refs/heads/master@{#371603}

Powered by Google App Engine
This is Rietveld 408576698