Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(81)

Issue 7791032: net: block bad DigiNotar serial numbers and several intermediates. (Closed)

Created:
9 years, 3 months ago by agl
Modified:
9 years, 3 months ago
Reviewers:
wtc, Chris Evans, phshah
CC:
chromium-reviews, cbentzel+watch_chromium.org, darin-cc_chromium.org
Visibility:
Public.

Description

net: block bad DigiNotar serial numbers and several intermediates. BUG=94673 TEST=None. No sites using these certs are known. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=98980

Patch Set 1 #

Patch Set 2 : ... #

Total comments: 5

Patch Set 3 : Addressing wtc's comments #

Unified diffs Side-by-side diffs Delta from patch set Stats (+273 lines, -4 lines) Patch
M net/base/x509_certificate.cc View 1 2 2 chunks +273 lines, -4 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
agl
cevans: wtc is ill today and may not be able to do the review so, ...
9 years, 3 months ago (2011-08-30 17:34:17 UTC) #1
wtc
agl: I'll let cevans do the primary review. I think this CL will do what ...
9 years, 3 months ago (2011-08-30 17:47:20 UTC) #2
Chris Evans
LGTM modulo wtc's comments. I checked the numbers add up and we discussed the performance ...
9 years, 3 months ago (2011-08-30 17:48:44 UTC) #3
wtc
http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.cc File net/base/x509_certificate.cc (right): http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.cc#newcode838 net/base/x509_certificate.cc:838: {0x00,0x17,0x7f,0xb6,0x53,0x6b,0x98,0xce,0x40,0xd5,0x4b,0x8b,0x24,0xe3,0x16,0x05}, This serial number starts with 0x00. Our serial ...
9 years, 3 months ago (2011-08-30 18:13:49 UTC) #4
phshah
http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.cc File net/base/x509_certificate.cc (right): http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.cc#newcode644 net/base/x509_certificate.cc:644: static const unsigned kNumSerials = 257; This should be ...
9 years, 3 months ago (2011-09-01 20:05:48 UTC) #5
wtc
9 years, 3 months ago (2011-09-01 21:16:05 UTC) #6
http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.cc
File net/base/x509_certificate.cc (right):

http://codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.cc...
net/base/x509_certificate.cc:644: static const unsigned kNumSerials = 257;
On 2011/09/01 20:05:48, phshah wrote:
> This should be 256, since DigiNotar is being special cased.

You are right.  I wrote a new CL to fix this:
http://codereview.chromium.org/7792077/

Thanks.

Powered by Google App Engine
This is Rietveld 408576698