Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(7)

Issue 762013002: Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard ha… (Closed)

Created:
4 years, 5 months ago by Ryan Sleevi
Modified:
4 years, 5 months ago
Reviewers:
davidben
CC:
chromium-reviews, cbentzel+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard handling. RFC 2818 deprecates these esoteric forms, thus RFC 6125 documents them, but they should never appear in a publicly trusted certificate, and are dang weird for internal certificates. Instead, require that the wildcard - Appear ONLY in the left-most label of a presented name. This is existing behaviour. - Appear as the ONLY character in the label (e.g. it is the full label). This is the new behaviour. BUG=434960 R=davidben@chromium.org Committed: https://crrev.com/11b72a072effbf22f4f80eaba75acb38e33967dd Cr-Commit-Position: refs/heads/master@{#306603}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+13 lines, -22 lines) Patch
M net/cert/x509_certificate.cc View 1 chunk +2 lines, -13 lines 0 comments Download
M net/cert/x509_certificate_unittest.cc View 2 chunks +11 lines, -9 lines 0 comments Download

Messages

Total messages: 7 (1 generated)
Ryan Sleevi
David: For your bemusement.
4 years, 5 months ago (2014-11-27 15:09:21 UTC) #1
davidben
lgtm. I can't imagine anyone could possibly be relying on this, but, for completeness: were ...
4 years, 5 months ago (2014-12-01 21:39:06 UTC) #2
Ryan Sleevi
On 2014/12/01 21:39:06, David Benjamin wrote: > lgtm. > > I can't imagine anyone could ...
4 years, 5 months ago (2014-12-03 14:05:45 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/762013002/1
4 years, 5 months ago (2014-12-03 14:06:53 UTC) #5
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 5 months ago (2014-12-03 15:01:48 UTC) #6
commit-bot: I haz the power
4 years, 5 months ago (2014-12-03 15:02:32 UTC) #7
Message was sent while issue was closed.
Patchset 1 (id:??) landed as
https://crrev.com/11b72a072effbf22f4f80eaba75acb38e33967dd
Cr-Commit-Position: refs/heads/master@{#306603}

Powered by Google App Engine
This is Rietveld 408576698