Issue 22893021: Normalize certificate name verification across all platforms

Issue 22893021: Normalize certificate name verification across all platforms (Closed)

Created:
7 years, 4 months ago by Ryan Sleevi

Modified:
7 years, 4 months ago

Reviewers:
wtc

CC:
chromium-reviews, cbentzel+watch_chromium.org

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

Normalize certificate name verification across all platforms This brings Linux/ChromeOS, iOS, and Windows in line with the Android/OS X implementations by using Chromium's internal RFC 6125 name validation routines, rather than the platform-specific routines. In particular, this adds support for iPAddress subjectAltName matching on Windows, ignores trailing dots for dNSNames, and on Windows, removes support for matching against non-IDNA commonNames when no subjectAltName is present. BUG=72726, 91072 R=wtc@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=218121

Patch Set 1 : Comment fix #

Total comments: 1

Patch Set 2 : Update cert #

Total comments: 6

Patch Set 3 : Review feedback #

Created: 7 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+117 lines, -89 lines)			Patch
M	net/cert/cert_verify_proc_nss.cc	View		2 chunks	+4 lines, -5 lines	0 comments	Download
M	net/cert/cert_verify_proc_unittest.cc	View	1 2	2 chunks	+65 lines, -1 line	0 comments	Download
M	net/cert/cert_verify_proc_win.cc	View	1 2	2 chunks	+9 lines, -46 lines	0 comments	Download
M	net/data/ssl/certificates/subjectAltName_sanity_check.pem	View	1	1 chunk	+37 lines, -36 lines	0 comments	Download
M	net/data/ssl/scripts/ee.cnf	View	1	1 chunk	+2 lines, -1 line	0 comments	Download

Messages

Total messages: 7 (0 generated)

Expand Messages | Collapse Messages

Ryan Sleevi

wtc: This just normalizes across all platforms. It also makes sure each of the CertVerifyProc's ...

7 years, 4 months ago (2013-08-16 00:42:34 UTC) #1

wtc

Patch set 2 LGTM. https://codereview.chromium.org/22893021/diff/2/net/cert/cert_verify_proc_unittest.cc File net/cert/cert_verify_proc_unittest.cc (right): https://codereview.chromium.org/22893021/diff/2/net/cert/cert_verify_proc_unittest.cc#newcode1374 net/cert/cert_verify_proc_unittest.cc:1374: { ".test.example", false }, // ...

7 years, 4 months ago (2013-08-16 19:59:18 UTC) #2

Ryan Sleevi

https://codereview.chromium.org/22893021/diff/2/net/cert/cert_verify_proc_win.cc File net/cert/cert_verify_proc_win.cc (right): https://codereview.chromium.org/22893021/diff/2/net/cert/cert_verify_proc_win.cc#newcode720 net/cert/cert_verify_proc_win.cc:720: // Flag certificates that have a Subject common name ...

7 years, 4 months ago (2013-08-16 20:38:27 UTC) #3

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rsleevi@chromium.org/22893021/22001

7 years, 4 months ago (2013-08-16 20:38:54 UTC) #4

commit-bot: I haz the power

Step "update" is always a major failure. Look at the try server FAQ for more ...

7 years, 4 months ago (2013-08-16 20:49:18 UTC) #5

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rsleevi@chromium.org/22893021/22001

7 years, 4 months ago (2013-08-16 20:58:48 UTC) #6

Message was sent while issue was closed.

Change committed as 218121

Expand Messages | Collapse Messages