Issue 10827104: Revert 149261 - Support SHA-256 in public key pins for HTTPS.

Issue 10827104: Revert 149261 - Support SHA-256 in public key pins for HTTPS. (Closed)

Created:
8 years, 4 months ago by vandebo (ex-Chrome)

Modified:
8 years, 4 months ago

Reviewers:
palmer, wtc

CC:
chromium-reviews, cbentzel+watch_chromium.org, eroman, darin-cc_chromium.org, mmenke

Base URL:
svn://svn.chromium.org/chrome/trunk/src/

Visibility:
Public.

More Reviews

Description

Revert 149261 - Support SHA-256 in public key pins for HTTPS. Broke the compile on CrOS. Looks like const-ness problem: net/socket/ssl_client_socket_nss.cc: In member function 'int net::SSLClientSocketNSS::DoVerifyCertComplete(int)': net/socket/ssl_client_socket_nss.cc:3458:error: no matching function for call to 'net::TransportSecurityState::DomainState::IsChainOfPublicKeysPermitted(std::vector<std::vector<net::HashValue, std::allocator<net::HashValue> >, std::allocator<std::vector<net::HashValue, std::allocator<net::HashValue> > > >&)' ./net/base/transport_security_state.h:94: note: candidates are: bool net::TransportSecurityState::DomainState::IsChainOfPublicKeysPermitted(const net::HashValueVector&) const The HTTP-based Public Key Pinning Internet Draft (tools.ietf.org/html/draft-ietf-websec-key-pinning) requires this. Per wtc, give the *Fingeprint* types more meaningful *HashValue* names. Cleaning up lint along the way. BUG=117914 TEST=net_unittests, unit_tests TransportSecurityPersisterTest Review URL: https://chromiumcodereview.appspot.com/10545166 TBR=palmer@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=149268

Patch Set 1 #

Total comments: 1

Created: 8 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+241 lines, -519 lines)			Patch
M	chrome/browser/net/transport_security_persister.cc	View	1 chunk	+9 lines, -23 lines	0 comments	Download
M	chrome/browser/net/transport_security_persister_unittest.cc	View	4 chunks	+12 lines, -16 lines	0 comments	Download
M	chrome/browser/ui/webui/net_internals/net_internals_ui.cc	View	2 chunks	+6 lines, -20 lines	0 comments	Download
M	net/base/cert_test_util.h	View	1 chunk	+2 lines, -2 lines	0 comments	Download
M	net/base/cert_test_util.cc	View	1 chunk	+1 line, -1 line	0 comments	Download
M	net/base/cert_verify_proc.h	View	1 chunk	+2 lines, -2 lines	0 comments	Download
M	net/base/cert_verify_proc.cc	View	2 chunks	+4 lines, -8 lines	0 comments	Download
M	net/base/cert_verify_proc_mac.cc	View	4 chunks	+5 lines, -14 lines	0 comments	Download
M	net/base/cert_verify_proc_nss.cc	View	3 chunks	+8 lines, -25 lines	0 comments	Download
M	net/base/cert_verify_proc_openssl.cc	View	3 chunks	+4 lines, -14 lines	0 comments	Download
M	net/base/cert_verify_proc_unittest.cc	View	3 chunks	+9 lines, -15 lines	0 comments	Download
M	net/base/cert_verify_proc_win.cc	View	5 chunks	+6 lines, -15 lines	0 comments	Download
M	net/base/cert_verify_result.h	View	2 chunks	+5 lines, -10 lines	0 comments	Download
M	net/base/cert_verify_result.cc	View	2 chunks	+2 lines, -8 lines	0 comments	Download
M	net/base/ev_root_ca_metadata.h	View	5 chunks	+8 lines, -9 lines	0 comments	Download
M	net/base/ev_root_ca_metadata.cc	View	9 chunks	+10 lines, -10 lines	0 comments	Download
M	net/base/ev_root_ca_metadata_unittest.cc	View	2 chunks	+3 lines, -3 lines	0 comments	Download
M	net/base/multi_threaded_cert_verifier.h	View	2 chunks	+4 lines, -4 lines	0 comments	Download
M	net/base/multi_threaded_cert_verifier_unittest.cc	View	1 chunk	+2 lines, -2 lines	0 comments	Download
M	net/base/ssl_info.h	View	1 chunk	+2 lines, -5 lines	0 comments	Download
M	net/base/ssl_info.cc	View	2 chunks	+0 lines, -7 lines	0 comments	Download
M	net/base/transport_security_state.h	View	4 chunks	+6 lines, -6 lines	0 comments	Download
M	net/base/transport_security_state.cc	View	10 chunks	+47 lines, -69 lines	0 comments	Download
M	net/base/transport_security_state_unittest.cc	View	12 chunks	+29 lines, -70 lines	0 comments	Download
M	net/base/x509_cert_types.h	View	3 chunks	+13 lines, -115 lines	0 comments	Download
M	net/base/x509_cert_types.cc	View	1 chunk	+1 line, -1 line	0 comments	Download
M	net/base/x509_certificate.h	View	3 chunks	+6 lines, -6 lines	0 comments	Download
M	net/base/x509_certificate.cc	View	3 chunks	+3 lines, -3 lines	0 comments	Download
M	net/base/x509_certificate_mac.cc	View	3 chunks	+5 lines, -5 lines	0 comments	Download
M	net/base/x509_certificate_nss.cc	View	2 chunks	+4 lines, -4 lines	0 comments	Download
M	net/base/x509_certificate_openssl.cc	View	2 chunks	+4 lines, -4 lines	0 comments	Download
M	net/base/x509_certificate_unittest.cc	View	4 chunks	+4 lines, -4 lines	0 comments	Download
M	net/base/x509_certificate_win.cc	View	2 chunks	+4 lines, -4 lines	0 comments	Download
M	net/socket/ssl_client_socket_nss.h	View	1 chunk	+1 line, -1 line	0 comments	Download
M	net/socket/ssl_client_socket_nss.cc	View	2 chunks	+6 lines, -10 lines	1 comment	Download
M	net/url_request/url_request_unittest.cc	View	4 chunks	+4 lines, -4 lines	0 comments	Download

Messages

Total messages: 3 (0 generated)

Expand Messages | Collapse Messages

wtc

https://chromiumcodereview.appspot.com/10827104/diff/1/net/socket/ssl_client_socket_nss.cc File net/socket/ssl_client_socket_nss.cc (left): https://chromiumcodereview.appspot.com/10827104/diff/1/net/socket/ssl_client_socket_nss.cc#oldcode3458 net/socket/ssl_client_socket_nss.cc:3458: server_cert_verify_result_.public_key_hashes)) { server_cert_verify_result_.public_key_hashes is a vector of vectors (std::vector<HashValueVector>), ...

8 years, 4 months ago (2012-08-01 22:06:33 UTC) #2

palmer

8 years, 4 months ago (2012-08-01 22:16:42 UTC) #3

> server_cert_verify_result_.public_key_hashes is a vector of
> vectors (std::vector<HashValueVector>), so we'll need to
> take an element of the outer vector here.

Yep, I fixed it yesterday but I haven't posted the new CL yet. Will do so today.

Expand Messages | Collapse Messages