Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(2)

Issue 6824069: Allow revocation checking to be disabled on Mac, overriding/ignoring system settings (Closed)

Created:
8 years, 4 months ago by Ryan Sleevi
Modified:
8 years, 3 months ago
Reviewers:
wtc, agl
CC:
chromium-reviews, ramant (doing other things)
Visibility:
Public.

Description

Allow certificate revocation checking to be enabled/disabled independent of the OS settings on OS X. R=agl BUG=78523, 79533 TEST=See bug for test case Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=81702

Patch Set 1 : #

Total comments: 6

Patch Set 2 : Comment update #

Patch Set 3 : With suppressions #

Total comments: 11
Unified diffs Side-by-side diffs Delta from patch set Stats (+241 lines, -63 lines) Patch
M chrome/browser/resources/options/advanced_options.html View 1 chunk +0 lines, -4 lines 0 comments Download
M chrome/browser/resources/options/advanced_options.js View 1 chunk +4 lines, -8 lines 0 comments Download
M chrome/browser/ui/webui/options/advanced_options_handler.cc View 2 chunks +0 lines, -4 lines 0 comments Download
M net/DEPS View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M net/base/x509_certificate_mac.cc View 1 2 6 chunks +124 lines, -39 lines 10 comments Download
M third_party/apple_apsl/README.chromium View 2 chunks +10 lines, -1 line 1 comment Download
A third_party/apple_apsl/cssmapplePriv.h View 1 chunk +84 lines, -0 lines 0 comments Download
M tools/valgrind/memcheck/suppressions_mac.txt View 1 2 2 chunks +18 lines, -7 lines 0 comments Download

Messages

Total messages: 7 (0 generated)
Ryan Sleevi
agl: Would you be comfortable reviewing this? It's targeted presently at M13, so if you ...
8 years, 4 months ago (2011-04-12 07:17:29 UTC) #1
agl
LGTM http://codereview.chromium.org/6824069/diff/2001/net/base/x509_certificate_mac.cc File net/base/x509_certificate_mac.cc (right): http://codereview.chromium.org/6824069/diff/2001/net/base/x509_certificate_mac.cc#newcode319 net/base/x509_certificate_mac.cc:319: // ignored. On 2011/04/12 07:17:29, Ryan Sleevi wrote: ...
8 years, 4 months ago (2011-04-12 13:19:50 UTC) #2
Ryan Sleevi
agl: Updated the comment explaining a bit more about the behaviour. Would you mind checking ...
8 years, 4 months ago (2011-04-13 03:45:37 UTC) #3
agl
LGTM. The behaviour (which, from the new comments, appears to be the case with this ...
8 years, 4 months ago (2011-04-13 13:40:51 UTC) #4
wtc
LGTM. Thanks for fixing this in M12. Just some nits below. http://codereview.chromium.org/6824069/diff/8001/net/base/x509_certificate_mac.cc File net/base/x509_certificate_mac.cc (right): ...
8 years, 4 months ago (2011-04-20 19:40:33 UTC) #5
Ryan Sleevi
http://codereview.chromium.org/6824069/diff/8001/net/base/x509_certificate_mac.cc File net/base/x509_certificate_mac.cc (right): http://codereview.chromium.org/6824069/diff/8001/net/base/x509_certificate_mac.cc#newcode320 net/base/x509_certificate_mac.cc:320: // ignored. On 2011/04/20 19:40:33, wtc wrote: > Is ...
8 years, 4 months ago (2011-04-20 22:46:51 UTC) #6
wtc
8 years, 4 months ago (2011-04-20 23:23:54 UTC) #7
http://codereview.chromium.org/6824069/diff/8001/net/base/x509_certificate_ma...
File net/base/x509_certificate_mac.cc (right):

http://codereview.chromium.org/6824069/diff/8001/net/base/x509_certificate_ma...
net/base/x509_certificate_mac.cc:339: // CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY.
On 2011/04/20 22:46:51, Ryan Sleevi wrote:
>
> I just want to confirm your intent here is that revocation checking /fully/
> disables revocation checking, and that known-revoked certificates (potentially
> including the Comodo certificates) will be accepted as valid here.

Yes.  That's what I expect if I uncheck the "Check for
server certificate revocation" checkbox in our Options UI.
I believe a user unfamiliar with how revocation checking
is done will expect the same thing.

Does IE not behave this way?  Can you test the URL
https://test-ssev.verisign.com:2443/test-SSEV-revoked-verisign.html ?
(I don't have access to a Windows computer now.)  Thanks.

Note: Safari and Mac Chrome do behave this way as you
described.

In any case, either behavior is acceptable, so no need to
change this.

Powered by Google App Engine
This is Rietveld 408576698