Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(212)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2282183004: Add error information to VerifyCertificateChain(). (Closed)

Created:
4 years, 3 months ago by eroman
Modified:
4 years, 3 months ago
Reviewers:
mattm
CC:
chromium-reviews, chromium-apps-reviews_chromium.org, cbentzel+watch_chromium.org, extensions-reviews_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Add error information to VerifyCertificateChain(). * Errors are identified by strings * Errors may contain parameters * Chain verification may set multiple errors/warnings This is an initial stab at the problem, and there are multiple TODOs to follow-up on. BUG=634443 Committed: https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597 Cr-Commit-Position: refs/heads/master@{#415120}

Patch Set 1 #

Total comments: 15

Patch Set 2 : mattm's comments (part 1) #

Patch Set 3 : Add text label to errors #

Patch Set 4 : Update more tests #

Patch Set 5 : moar test data changes #

Patch Set 6 : fix typo in README #

Unified diffs Side-by-side diffs Delta from patch set Stats (+776 lines, -419 lines) Patch
A net/cert/internal/cert_errors.h View 1 1 chunk +182 lines, -0 lines 0 comments Download
A net/cert/internal/cert_errors.cc View 1 chunk +98 lines, -0 lines 0 comments Download
M net/cert/internal/path_builder.cc View 1 chunk +3 lines, -1 line 0 comments Download
M net/cert/internal/path_builder_unittest.cc View 2 chunks +6 lines, -3 lines 0 comments Download
M net/cert/internal/path_builder_verify_certificate_chain_unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M net/cert/internal/test_helpers.h View 1 chunk +2 lines, -1 line 0 comments Download
M net/cert/internal/test_helpers.cc View 3 chunks +10 lines, -1 line 0 comments Download
M net/cert/internal/verify_certificate_chain.h View 1 3 chunks +37 lines, -3 lines 0 comments Download
M net/cert/internal/verify_certificate_chain.cc View 1 23 chunks +146 lines, -36 lines 0 comments Download
M net/cert/internal/verify_certificate_chain_pkits_unittest.cc View 1 chunk +3 lines, -1 line 0 comments Download
M net/cert/internal/verify_certificate_chain_typed_unittest.h View 1 2 3 4 3 chunks +7 lines, -5 lines 0 comments Download
M net/cert/internal/verify_certificate_chain_unittest.cc View 1 2 3 4 1 chunk +22 lines, -4 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/README View 1 2 3 4 5 1 chunk +6 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/common.py View 1 2 3 chunks +9 lines, -6 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/constrained-non-self-signed-root.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/constrained-root-basic-constraints-ca-false.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/constrained-root-lacks-basic-constraints.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/expired-constrained-root.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/expired-intermediate.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/expired-target.pem View 1 2 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem View 1 2 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/expired-unconstrained-root.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-basic-constraints-pathlen-0-self-issued.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-constrained-non-self-signed-root.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-constrained-root-basic-constraints-ca-false.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-constrained-root-lacks-basic-constraints.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-expired-target.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-expired-unconstrained-root.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
A + net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py View 1 2 3 4 2 chunks +5 lines, -4 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-not-critical.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-non-critical-extension.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-key-rollover.py View 1 2 1 chunk +5 lines, -5 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-and-intermediate.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py View 1 2 3 1 chunk +3 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py View 1 2 1 chunk +3 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-not-end-entity.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-signed-using-ecdsa.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-unconstrained-non-self-signed-root.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-unconstrained-root-basic-constraints-ca-false.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-unconstrained-root-lacks-basic-constraints.py View 1 2 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-unknown-root.py View 1 2 3 4 1 chunk +0 lines, -30 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py View 1 2 3 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py View 1 chunk +2 lines, -1 line 0 comments Download
M net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-unconstrained-root.py View 1 chunk +2 lines, -1 line 0 comments Download
A + net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem View 1 2 3 4 2 chunks +11 lines, -4 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/key-rollover-newchain.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/key-rollover-rolloverchain.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/non-self-signed-root.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-and-intermediate.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem View 1 2 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-not-end-entity.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem View 1 2 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem View 1 2 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/target-wrong-signature.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/unconstrained-non-self-signed-root.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/unconstrained-root-basic-constraints-ca-false.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/unconstrained-root-lacks-basic-constraints.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/unknown-root.pem View 1 2 3 4 1 chunk +0 lines, -281 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem View 1 2 3 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/violates-pathlen-1-constrained-root.pem View 1 2 1 chunk +7 lines, -0 lines 0 comments Download
M net/data/verify_certificate_chain_unittest/violates-pathlen-1-unconstrained-root.pem View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
M net/net.gypi View 1 2 3 4 3 chunks +3 lines, -1 line 0 comments Download
M net/tools/cert_verify_tool/verify_using_path_builder.cc View 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 16 (7 generated)
eroman
I am still working on updating all the test data to include error information. But ...
4 years, 3 months ago (2016-08-27 01:25:50 UTC) #2
mattm
https://codereview.chromium.org/2282183004/diff/1/net/cert/internal/cert_errors.h File net/cert/internal/cert_errors.h (right): https://codereview.chromium.org/2282183004/diff/1/net/cert/internal/cert_errors.h#newcode1 net/cert/internal/cert_errors.h:1: // Copyright 2015 The Chromium Authors. All rights reserved. ...
4 years, 3 months ago (2016-08-29 22:15:11 UTC) #3
eroman
https://codereview.chromium.org/2282183004/diff/1/net/cert/internal/cert_errors.h File net/cert/internal/cert_errors.h (right): https://codereview.chromium.org/2282183004/diff/1/net/cert/internal/cert_errors.h#newcode1 net/cert/internal/cert_errors.h:1: // Copyright 2015 The Chromium Authors. All rights reserved. ...
4 years, 3 months ago (2016-08-29 22:55:18 UTC) #4
eroman
https://codereview.chromium.org/2282183004/diff/1/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem File net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem (right): https://codereview.chromium.org/2282183004/diff/1/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem#newcode285 net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem:285: -----BEGIN ERRORS----- On 2016/08/29 22:55:18, eroman wrote: > On ...
4 years, 3 months ago (2016-08-29 23:14:55 UTC) #5
eroman
OK I think all feedback is addressed now (updated the test data).
4 years, 3 months ago (2016-08-29 23:47:21 UTC) #8
mattm
lgtm
4 years, 3 months ago (2016-08-30 00:32:45 UTC) #10
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2282183004/100001
4 years, 3 months ago (2016-08-30 01:59:17 UTC) #13
commit-bot: I haz the power
Committed patchset #6 (id:100001)
4 years, 3 months ago (2016-08-30 04:53:37 UTC) #14
commit-bot: I haz the power
4 years, 3 months ago (2016-08-30 04:55:58 UTC) #16
Message was sent while issue was closed. 
Patchset 6 (id:??) landed as
https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597
Cr-Commit-Position: refs/heads/master@{#415120}

Powered by Google App Engine
This is Rietveld 408576698