Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(322)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: tools/metrics/histograms/histograms.xml

Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation (Closed)
Patch Set: Address Emily's feedback, add new histogram values. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
Download patch
« components/ssl_errors/error_info.cc ('K') | « net/test/test_certificate_data.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: tools/metrics/histograms/histograms.xml
diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml
index 0a268919a1b35d0c32f6acc65993bdfbc6755aad..61ae9a9ebd72d82b03e9918c7274782aab4d87f1 100644
--- a/tools/metrics/histograms/histograms.xml
+++ b/tools/metrics/histograms/histograms.xml
@@ -111544,44 +111544,24 @@ from previous Chrome versions.
reason to believe that the system clock was behind. Methods of detecting
clock inaccuracy have changed over time.
</int>
- <int value="2"
- label="WWW_SUBDOMAIN_MATCH: Difference between the URL and the DNS is
- www">
- This cause is recorded if the ssl error is CERT_COMMON_NAME_INVALID and the
- hostname differs from one of the DNS names in the certificate (CN or SANs)
- only by the presence or absence of the single-label prefix &quot;www&quot;.
- This case is not recored if the host name is not a known TLD.
+ <int value="2" label="WWW_SUBDOMAIN_MATCH: (Deprecated)">
+ (Deprecated in favor of WWW_SUBDOMAIN_MATCH2)
</int>
- <int value="3" label="SUBDOMAIN_MATCH: The URL is a subdomain of the DNS">
- This cause is recorded if the ssl error is CERT_COMMON_NAME_INVALID and the
- difference between the URL and the DNS name is not &quot;www&quot;. This
- case is not recorded if the host name is not a known TLD.
+ <int value="3" label="SUBDOMAIN_MATCH: (Deprecated)">
+ (Deprecated in favor of SUBDOMAIN_MATCH2)
</int>
- <int value="4"
- label="SUBDOMAIN_INVERSE_MATCH: The DNS is a subdomain of the URL">
- This cause is recorded if the ssl error is CERT_COMMON_NAME_INVALID and the
- difference between the DNS name and the URL is not &quot;www&quot;. This
- case is not recorded if the host name is not a known TLD.
+ <int value="4" label="SUBDOMAIN_INVERSE_MATCH: (Deprecated)">
+ (Deprecated in favor of SUBDOMAIN_INVERSE_MATCH2)
</int>
- <int value="5"
- label="SUBDOMAIN_OUTSIDE_WILDCARD: The URL is outside the scope of the
- wildcard certificate">
- This cause is recorded only if the ssl error is CERT_COMMON_NAME_INVALID, we
- have received a wildcard certificate and the scope of a wildcard certificate
- is too narrow for the hostname. This case is not recorded if the host name
- is not a known TLD.
+ <int value="5" label="SUBDOMAIN_OUTSIDE_WILDCARD: (Deprecated)">
+ (Deprecated in favor of SUBDOMAIN_OUTSIDE_WILDCARD2)
</int>
<int value="6"
label="HOST_NAME_NOT_KNOWN_TLD: The host name is not a known TLD">
This cause is recorded only for CERT_COMMON_NAME_INVALID errors.
</int>
- <int value="7"
- label="LIKELY_MULTI_TENANT_HOSTING: The certificate is a shared
- certificate">
- This cause is recorded only for CERT_COMMON_NAME_INVALID errors. It is
- possible that this error overlaps with others but it is not likely because
- of the heuristics which decide as to what constitutes a shared certificate.
- In cases of overlap, we emit to only one bucket.
+ <int value="7" label="LIKELY_MULTI_TENANT_HOSTING: (Deprecated)">
+ (Deprecated in favor of LIKELY_MULTI_TENANT_HOSTING2)
</int>
<int value="8" label="LOCALHOST: The user is trying to connect to local host">
This cause is recorded only for CERT_AUTHORITY_INVALID errors.
@@ -111601,8 +111581,51 @@ from previous Chrome versions.
<int value="12" label="EXPIRED_RECENTLY: Cert expired within last 28 days.">
</int>
- <int value="13"
- label="LIKELY_SAME_DOMAIN: Cert likely belongs to the same domain">
+ <int value="13" label="LIKELY_SAME_DOMAIN: (Deprecated)">
+ (Deprecated in favor of LIKELY_SAME_DOMAIN2)
+ </int>
+ <int value="14" label="NO_SUBJECT_ALT_NAMES: Cert lacks SubjectAltNames">
+ This case is recorded if the SSL error is CERT_COMMON_NAME_INVALID error and
+ the certificate does not contain DNSNames in the SubjectAltNames extension.
+ (Chrome 58 deprecated matching hostnames to the SubjectCN Field.)
+ </int>
+ <int value="15"
+ label="WWW_SUBDOMAIN_MATCH2: Difference between the URL and the DNS is
+ www">
+ This cause is recorded if the ssl error is CERT_COMMON_NAME_INVALID and the
+ hostname differs from one of the DNS names in the certificate (CN or SANs)
estark 2017/04/04 17:22:08 remove "CN or", right?
elawrence 2017/04/04 19:53:24 Done.
+ only by the presence or absence of the single-label prefix &quot;www&quot;.
+ This case is not recored if the host name is not a known TLD.
+ </int>
+ <int value="16" label="SUBDOMAIN_MATCH2: The URL is a subdomain of the DNS">
+ This cause is recorded if the ssl error is CERT_COMMON_NAME_INVALID and the
+ difference between the URL and the DNS name is not &quot;www&quot;. This
+ case is not recorded if the host name is not a known TLD.
+ </int>
+ <int value="17"
+ label="SUBDOMAIN_INVERSE_MATCH2: The DNS is a subdomain of the URL">
+ This cause is recorded if the ssl error is CERT_COMMON_NAME_INVALID and the
+ difference between the DNS name and the URL is not &quot;www&quot;. This
+ case is not recorded if the host name is not a known TLD.
+ </int>
+ <int value="18"
+ label="SUBDOMAIN_OUTSIDE_WILDCARD2: The URL is outside the scope of the
+ wildcard certificate">
+ This cause is recorded only if the ssl error is CERT_COMMON_NAME_INVALID, we
+ have received a wildcard certificate and the scope of a wildcard certificate
+ is too narrow for the hostname. This case is not recorded if the host name
+ is not a known TLD.
+ </int>
+ <int value="19"
+ label="LIKELY_MULTI_TENANT_HOSTING2: The certificate is a shared
+ certificate">
+ This cause is recorded only for CERT_COMMON_NAME_INVALID errors. It is
+ possible that this error overlaps with others but it is not likely because
+ of the heuristics which decide as to what constitutes a shared certificate.
+ In cases of overlap, we emit to only one bucket.
+ </int>
+ <int value="20"
+ label="LIKELY_SAME_DOMAIN2: Cert likely belongs to the same domain">
This case is recorded if the SSL error is CERT_COMMON_NAME_INVALID error and
the hostname in request URL has the same domain (effective TLD + 1 label) as
the common name or at least one of the subject alternative names in
@@ -111616,11 +111639,12 @@ from previous Chrome versions.
<int value="2" label="SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE"/>
<int value="3" label="SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE"/>
<int value="4" label="SHOW_SSL_INTERSTITIAL_OVERRIDABLE"/>
- <int value="5" label="WWW_MISMATCH_FOUND"/>
+ <int value="5" label="WWW_MISMATCH_FOUND (Deprecated)"/>
<int value="6" label="WWW_MISMATCH_URL_AVAILABLE"/>
<int value="7" label="WWW_MISMATCH_URL_NOT_AVAILABLE"/>
<int value="8" label="SHOW_BAD_CLOCK"/>
<int value="9" label="CAPTIVE_PORTAL_CERT_FOUND"/>
+ <int value="10" label="WWW_MISMATCH_FOUND_IN_SAN"/>
</enum>
<enum name="SSLErrorTypes" type="int">
« components/ssl_errors/error_info.cc ('K') | « net/test/test_certificate_data.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698