Chromium Code Reviews
Help | Chromium Project | Sign in
(42)

Issue 3148034: Fix PEM parsing on Linux when using X509Certificate::FORMAT_AUTO (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
3 years, 8 months ago by Ryan Sleevi
Modified:
2 years, 11 months ago
Reviewers:
David Benjamin
CC:
chromium-reviews_chromium.org, cbentzel+watch_chromium.org, darin-cc_chromium.org, PaweĊ‚ Hajdan Jr.
Visibility:
Public.

Description

Fix PEM parsing on Linux when using X509Certificate::FORMAT_AUTO

When using X509Certificate::FORMAT_AUTO, parsing is attempted optimistically first by seeing if the data decodes as any of the supported binary formats. The NSS routine used to handle PKCS#7 data is actually a generic routine, capable of supporting multiple formats.

When a PEM encoded certificate is decoded using PKCS#7, as is the case with FORMAT_AUTO, NSS will, upon encountering a failure to parse as PKCS#7, attempt to PEM decode the data and parse as either a certificate or a PKCS#7 structure. The problem with NSS's implementation is that it only decodes a single certificate, rather than all of the certificates in the file, preventing a full PEM chain from being read in.

The solution is to no longer optimistically try to decode the data as binary prior to trying to decode as PEM, and instead unconditionally attempt decoding as PEM-wrapped data before falling back to binary. This allows our handling routines to properly parse all of the supported PEM types, before the underlying crypto library is exposed to the data.

BUG=37142
TEST=X509CertificateParseTest.CanParseFormat

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=60023

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+62 lines, -50 lines) Lint Patch
M net/base/x509_certificate.cc View 2 chunks +49 lines, -48 lines 0 comments 0 errors Download
M net/base/x509_certificate_unittest.cc View 1 chunk +13 lines, -2 lines 0 comments 0 errors Download
Commit:

Messages

Total messages: 2
Ryan Sleevi
David, Would you mind taking a look at this? This is a similar problem as ...
3 years, 8 months ago #1
David Benjamin
3 years, 8 months ago #2
LGTM.

(By the way, my internship has ended. I still intend to contribute to Chromium,
but you may want to avoid sending code reviews to only me as I may not always be
able to get to them timely.)
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1280:2d3e6564b7b6