Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(109)

Issue 418001: Work around the NSS bugs in the AIA certificate fetch code by retrying... (Closed)

Created:
11 years, 1 month ago by wtc
Modified:
9 years, 7 months ago
Reviewers:
eroman
CC:
chromium-reviews_googlegroups.com, darin (slow to review), PaweĊ‚ Hajdan Jr.
Visibility:
Public.

Description

Work around the NSS bugs in the AIA certificate fetch code by retrying CERT_PKIXVerifyCert without cert_pi_useAIACertFetch. Add a unit test with a certificate that gives cert_pi_useAIACertFetch trouble. Remove workarounds for old versions of NSS. Map the NSPR error PR_DIRECTORY_LOOKUP_ERROR to ERR_NAME_NOT_RESOLVED. Move the certificate data to a new header x509_certificate_unittest.h to make x509_certificate_unittest.cc less crowded. R=eroman BUG=27497 TEST=new unit test Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=32712

Patch Set 1 #

Total comments: 4

Patch Set 2 : Change && to ||. #

Patch Set 3 : Move test certificate data to a new header. #

Patch Set 4 : Move test certificate data to a new header. #

Patch Set 5 : Rename the new header test_certificate_data.h. #

Patch Set 6 : Fix a mistake in net.gyp in the previous patch set. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+177 lines, -789 lines) Patch
A + net/base/test_certificate_data.h View 6 chunks +120 lines, -351 lines 0 comments Download
M net/base/x509_certificate_nss.cc View 1 2 3 4 4 chunks +26 lines, -9 lines 0 comments Download
M net/base/x509_certificate_unittest.cc View 1 2 3 4 5 chunks +30 lines, -429 lines 0 comments Download
M net/net.gyp View 3 4 5 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
wtc
11 years, 1 month ago (2009-11-20 02:00:52 UTC) #1
eroman
lgtm http://codereview.chromium.org/418001/diff/1/2 File net/base/x509_certificate_unittest.cc (right): http://codereview.chromium.org/418001/diff/1/2#newcode493 Line 493: unsigned char unosoft_hu_der[] = { Please consider ...
11 years, 1 month ago (2009-11-20 02:17:50 UTC) #2
wtc
http://codereview.chromium.org/418001/diff/1/2 File net/base/x509_certificate_unittest.cc (right): http://codereview.chromium.org/418001/diff/1/2#newcode493 Line 493: unsigned char unosoft_hu_der[] = { On 2009/11/20 02:17:50, ...
11 years, 1 month ago (2009-11-20 05:05:50 UTC) #3
eroman
> I will do this in the interest of time. How about creating > src/net/base/test_certificate_data.h ...
11 years, 1 month ago (2009-11-20 07:42:40 UTC) #4
wtc
Eric, please review Patch Set 4. Thanks.
11 years, 1 month ago (2009-11-20 19:00:49 UTC) #5
eroman
11 years, 1 month ago (2009-11-20 19:31:01 UTC) #6
lgtm.

nit: i would suggest naming the file something more like
"test_certificates_data.".

Powered by Google App Engine
This is Rietveld 408576698