Issue 584463005: Add debugging information to the SSL blocking page

Issue 584463005: Add debugging information to the SSL blocking page (Closed)

Created:
6 years, 3 months ago by felt

Modified:
6 years, 3 months ago

Reviewers:
palmer, Bernhard Bauer, agl

CC:
chromium-reviews, arv+watch_chromium.org, edwardjung

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Add debugging information to the SSL blocking page If you click on the SSL interstitial's error code, the following is now shown: * subject * issuer * validity end date * current date * pem encoded chain This CL adds a placeholder for debugging information to the security interstitial. It's intentionally meant to be flexible, so that it could support other debugging information in the future from other warnings. BUG=413838 Committed: https://crrev.com/df2931a70908043e07de24d3fa48c25cb68d7dc1 Cr-Commit-Position: refs/heads/master@{#296349}

Patch Set 1 #

Total comments: 6

Patch Set 2 : Using JoinString now #

Total comments: 4

Patch Set 3 : Removed null separator #

Total comments: 2

Patch Set 4 : Empty std::string constructor #

Patch Set 5 : Fixing chrome://interstitial segfault #

Total comments: 2

Patch Set 6 : Added a few more checks in x509_certificate_ files #

Total comments: 2

Patch Set 7 : Brackets for multi-line if #

Created: 6 years, 3 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+88 lines, -7 lines)			Patch
M	chrome/browser/resources/security_warnings/interstitial_v2.css	View	1	2 chunks	+14 lines, -0 lines	0 comments	Download
M	chrome/browser/resources/security_warnings/interstitial_v2.html	View		1 chunk	+4 lines, -1 line	0 comments	Download
M	chrome/browser/resources/security_warnings/interstitial_v2.js	View	1	4 chunks	+32 lines, -2 lines	0 comments	Download
M	chrome/browser/resources/security_warnings/ssl.js	View		1 chunk	+15 lines, -0 lines	0 comments	Download
M	chrome/browser/ssl/ssl_blocking_page.cc	View	1 2 3	2 chunks	+15 lines, -0 lines	0 comments	Download
M	net/cert/x509_certificate_ios.cc	View	1 2 3 4 5	1 chunk	+2 lines, -0 lines	0 comments	Download
M	net/cert/x509_certificate_mac.cc	View	1 2 3 4 5	1 chunk	+1 line, -1 line	0 comments	Download
M	net/cert/x509_certificate_nss.cc	View	1 2 3 4 5	1 chunk	+1 line, -1 line	0 comments	Download
M	net/cert/x509_certificate_openssl.cc	View	1 2 3 4 5	1 chunk	+1 line, -1 line	0 comments	Download
M	net/cert/x509_certificate_win.cc	View	1 2 3 4 5 6	1 chunk	+3 lines, -1 line	0 comments	Download

Messages

Total messages: 27 (5 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

felt

Hi, can you please review palmer: c/b/ssl/ bauerb: c/b/resources/security_warnings/ You can see screenshots on the ...

6 years, 3 months ago (2014-09-18 22:45:19 UTC) #2

Bernhard Bauer

https://codereview.chromium.org/584463005/diff/1/chrome/browser/resources/security_warnings/interstitial_v2.css File chrome/browser/resources/security_warnings/interstitial_v2.css (right): https://codereview.chromium.org/584463005/diff/1/chrome/browser/resources/security_warnings/interstitial_v2.css#newcode48 chrome/browser/resources/security_warnings/interstitial_v2.css:48: .debugging-par { What does "par" mean here? https://codereview.chromium.org/584463005/diff/1/chrome/browser/resources/security_warnings/interstitial_v2.js File ...

6 years, 3 months ago (2014-09-19 08:40:35 UTC) #4

felt

https://codereview.chromium.org/584463005/diff/1/chrome/browser/resources/security_warnings/interstitial_v2.css File chrome/browser/resources/security_warnings/interstitial_v2.css (right): https://codereview.chromium.org/584463005/diff/1/chrome/browser/resources/security_warnings/interstitial_v2.css#newcode48 chrome/browser/resources/security_warnings/interstitial_v2.css:48: .debugging-par { On 2014/09/19 08:40:35, Bernhard Bauer wrote: > ...

6 years, 3 months ago (2014-09-20 15:47:02 UTC) #5

Bernhard Bauer

https://codereview.chromium.org/584463005/diff/20001/chrome/browser/ssl/ssl_blocking_page.cc File chrome/browser/ssl/ssl_blocking_page.cc (right): https://codereview.chromium.org/584463005/diff/20001/chrome/browser/ssl/ssl_blocking_page.cc#newcode527 chrome/browser/ssl/ssl_blocking_page.cc:527: load_time_data.SetString("pem", JoinString(encoded_chain, '\0')); Urr... does that actually work? JoinString ...

6 years, 3 months ago (2014-09-22 09:13:27 UTC) #6

felt

6 years, 3 months ago (2014-09-22 16:29:02 UTC) #7

Bernhard Bauer

6 years, 3 months ago (2014-09-22 19:19:27 UTC) #8

felt

6 years, 3 months ago (2014-09-22 20:25:49 UTC) #9

Bernhard Bauer

Yay! LGTM w/ a nit: https://codereview.chromium.org/584463005/diff/40001/chrome/browser/ssl/ssl_blocking_page.cc File chrome/browser/ssl/ssl_blocking_page.cc (right): https://codereview.chromium.org/584463005/diff/40001/chrome/browser/ssl/ssl_blocking_page.cc#newcode527 chrome/browser/ssl/ssl_blocking_page.cc:527: load_time_data.SetString("pem", JoinString(encoded_chain, "")); Using ...

6 years, 3 months ago (2014-09-22 20:51:30 UTC) #10

felt

https://codereview.chromium.org/584463005/diff/40001/chrome/browser/ssl/ssl_blocking_page.cc File chrome/browser/ssl/ssl_blocking_page.cc (right): https://codereview.chromium.org/584463005/diff/40001/chrome/browser/ssl/ssl_blocking_page.cc#newcode527 chrome/browser/ssl/ssl_blocking_page.cc:527: load_time_data.SetString("pem", JoinString(encoded_chain, "")); On 2014/09/22 20:51:30, Bernhard Bauer wrote: ...

6 years, 3 months ago (2014-09-22 21:41:34 UTC) #11

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/584463005/60001

6 years, 3 months ago (2014-09-22 21:43:14 UTC) #13

commit-bot: I haz the power

Try jobs failed on following builders: linux_chromium_chromeos_rel_swarming on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_swarming/builds/16736)

6 years, 3 months ago (2014-09-22 22:53:36 UTC) #15

felt

agl@: Can you review the change to net/cert/x509_certificate.cc? The chrome://interstitials page doesn't have a proper ...

6 years, 3 months ago (2014-09-23 19:22:24 UTC) #17

agl

https://codereview.chromium.org/584463005/diff/80001/net/cert/x509_certificate.cc File net/cert/x509_certificate.cc (right): https://codereview.chromium.org/584463005/diff/80001/net/cert/x509_certificate.cc#newcode700 net/cert/x509_certificate.cc:700: if (!os_cert_handle() || !GetPEMEncoded(os_cert_handle(), &pem_data)) Should this not be ...

6 years, 3 months ago (2014-09-23 19:59:44 UTC) #18

felt

6 years, 3 months ago (2014-09-23 20:26:50 UTC) #19

agl

lgtm LGTM https://codereview.chromium.org/584463005/diff/100001/net/cert/x509_certificate_win.cc File net/cert/x509_certificate_win.cc (right): https://codereview.chromium.org/584463005/diff/100001/net/cert/x509_certificate_win.cc#newcode239 net/cert/x509_certificate_win.cc:239: !cert_handle->cbCertEncoded) this needs { } now that ...

6 years, 3 months ago (2014-09-23 20:30:00 UTC) #20

felt

https://codereview.chromium.org/584463005/diff/100001/net/cert/x509_certificate_win.cc File net/cert/x509_certificate_win.cc (right): https://codereview.chromium.org/584463005/diff/100001/net/cert/x509_certificate_win.cc#newcode239 net/cert/x509_certificate_win.cc:239: !cert_handle->cbCertEncoded) On 2014/09/23 20:30:00, agl wrote: > this needs ...

6 years, 3 months ago (2014-09-24 03:53:49 UTC) #21

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/584463005/120001

6 years, 3 months ago (2014-09-24 03:55:17 UTC) #23

commit-bot: I haz the power

Committed patchset #7 (id:120001) as e18de6443b860af5bc3b385304ab1f94acc965fa

6 years, 3 months ago (2014-09-24 04:49:09 UTC) #24

commit-bot: I haz the power

Patchset 7 (id:??) landed as https://crrev.com/df2931a70908043e07de24d3fa48c25cb68d7dc1 Cr-Commit-Position: refs/heads/master@{#296349}

6 years, 3 months ago (2014-09-24 04:50:00 UTC) #25

Ryan Sleevi

On 2014/09/23 19:22:24, felt wrote: > agl@: Can you review the change to net/cert/x509_certificate.cc? The ...

6 years, 3 months ago (2014-09-24 04:54:33 UTC) #26

felt

6 years, 3 months ago (2014-09-24 06:23:04 UTC) #27

Message was sent while issue was closed.

On 2014/09/24 04:54:33, Ryan Sleevi (expect_delays) wrote:
> On 2014/09/23 19:22:24, felt wrote:
> > agl@: Can you review the change to net/cert/x509_certificate.cc? The
> > chrome://interstitials page doesn't have a proper cert chain, which is a
> problem
> > when ssl_blocking_page.cc calls ssl_info_.cert->GetPEMEncodedChain. This
adds
> a
> > check to GetPEMEncodedChain to fail gracefully.
> > 
> > On 2014/09/22 22:53:36, I haz the power (commit-bot) wrote:
> > > Try jobs failed on following builders:
> > >   linux_chromium_chromeos_rel_swarming on tryserver.chromium.linux
> > >
> >
>
(http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
> 
> I'd previously objected to this because 99/100, calling GetDEREncoded without
a
> valid cert is endemic of a bigger issue. I didn't add the DCHECK simply
because
> the null-deref would be enough to cause a crash.
> 
> Is there any reason we can't do this check on the blocking page for the cases
> where we truly don't have a cert?

Is it possible that INVALID means a cert chain wasn't built & it'll be null
there too?
If so then I think the check ought to be in GetDEREncoded. If not I can move it.

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages