Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(562)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2772283004: De-prioritize 2.23.140.1.1 when searching for EV policy. (Closed)

Created:
3 years, 9 months ago by eroman
Modified:
3 years, 9 months ago
Reviewers:
Ryan Sleevi, mattm
CC:
chromium-reviews, cbentzel+watch_chromium.org, mac-reviews_chromium.org, net-reviews_chromium.org
Target Ref:
refs/heads/master
Project:
chromium
Visibility:
Public.

Description

De-prioritize 2.23.140.1.1 when searching for EV policy. This fixes an issue where Symantec issued certificates containing multiple EV policy OIDs were not being recognized as EV. BUG=705285 Review-Url: https://codereview.chromium.org/2772283004 Cr-Commit-Position: refs/heads/master@{#459987} Committed: https://chromium.googlesource.com/chromium/src/+/58d31a73a5143a2faee4f41fa5a2072aa8a34a9e

Patch Set 1 #

Patch Set 2 : rebase onto master #

Patch Set 3 : make the .pem happier #

Patch Set 4 : mac compile #

Patch Set 5 : fix win compile #

Unified diffs Side-by-side diffs Delta from patch set Stats (+332 lines, -13 lines) Patch
M net/cert/cert_verify_proc_mac.cc View 1 chunk +5 lines, -1 line 0 comments Download
M net/cert/cert_verify_proc_nss.cc View 2 chunks +7 lines, -2 lines 0 comments Download
M net/cert/cert_verify_proc_unittest.cc View 3 chunks +42 lines, -4 lines 0 comments Download
M net/cert/cert_verify_proc_win.cc View 1 chunk +5 lines, -1 line 0 comments Download
M net/cert/ev_root_ca_metadata.h View 1 chunk +5 lines, -0 lines 0 comments Download
M net/cert/ev_root_ca_metadata.cc View 3 chunks +21 lines, -0 lines 0 comments Download
M net/cert/ev_root_ca_metadata_unittest.cc View 1 2 3 4 7 chunks +20 lines, -5 lines 0 comments Download
M net/data/ssl/certificates/README View 1 chunk +2 lines, -0 lines 0 comments Download
A net/data/ssl/certificates/trustcenter.websecurity.symantec.com.pem View 1 2 1 chunk +225 lines, -0 lines 0 comments Download

Messages

Total messages: 29 (23 generated)
eroman
* Tried to keep this small to make it merge-friendly * There are additional tests ...
3 years, 9 months ago (2017-03-28 00:13:39 UTC) #12
mattm
lgtm
3 years, 9 months ago (2017-03-28 00:43:39 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2772283004/80001
3 years, 9 months ago (2017-03-28 02:07:49 UTC) #24
commit-bot: I haz the power
Committed patchset #5 (id:80001) as https://chromium.googlesource.com/chromium/src/+/58d31a73a5143a2faee4f41fa5a2072aa8a34a9e
3 years, 9 months ago (2017-03-28 02:14:46 UTC) #27
RE66
On 2017/03/28 02:14:46, commit-bot: I haz the power wrote: > Committed patchset #5 (id:80001) as ...
3 years, 9 months ago (2017-03-28 03:55:30 UTC) #28
Ryan Sleevi
3 years, 9 months ago (2017-03-28 05:37:39 UTC) #29
Message was sent while issue was closed. 
On 2017/03/28 03:55:30, RE66 wrote:
> On 2017/03/28 02:14:46, commit-bot: I haz the power wrote:
> > Committed patchset #5 (id:80001) as
> >
>
https://chromium.googlesource.com/chromium/src/+/58d31a73a5143a2faee4f41fa5a2...
> 
> Does publishing openliy
> net/data/ssl/certificates/trustcenter.websecurity.symantec.com.pem
> is a huge security risk ?

No. This is a public certificate, not the private key.
https://crt.sh/?id=79567825 easily has this information made publicly available
- by Symantec.

Powered by Google App Engine
This is Rietveld 408576698