Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(847)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 12212135: Return specific cert verification errors on Android (Closed)

Created:
7 years, 10 months ago by ppi
Modified:
7 years, 10 months ago
CC:
chromium-reviews, cbentzel+watch_chromium.org, darin-cc_chromium.org, yfriedman+watch_chromium.org, bulach+watch_chromium.org, klundberg+watch_chromium.org, ilevy+watch_chromium.org, frankf+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Visibility:
Public.

Description

Return specific cert verification errors on Android To implement CertVerifyProc on Android we refer to the Java side to query the platform trust managers. Currently the information we get from the platform is binary - each certificate chain is either identified as trusted or not, in which case we assume that this is due to not-trusted root. This patch provides better granularity distinguishing the following cases: expired, not yet valid, incorrect (could not be parsed), not trusted root. This allowed to reenable two net unittests: - CertVerifyProcTest.ExtraneousMD5RootCert - CertVerifyProcTest.IntermediateCARequireExplicitPolicy The following net unittest had to be disabled as it joins the club of CertVerifyProc tests failing on bots with incorrect time/date settings: - CertVerifyProcTest.InvalidKeyUsage BUG=169762 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=182280

Patch Set 1 : #

Total comments: 4

Patch Set 2 : Address remarks #

Patch Set 3 : Rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+153 lines, -63 lines) Patch
M build/android/pylib/gtest/filter/net_unittests_disabled View 2 chunks +1 line, -2 lines 0 comments Download
A net/android/cert_verify_result_android.h View 1 chunk +26 lines, -0 lines 0 comments Download
A net/android/cert_verify_result_android_list.h View 1 1 chunk +27 lines, -0 lines 0 comments Download
A + net/android/java/CertVerifyResultAndroid.template View 1 2 1 chunk +3 lines, -3 lines 0 comments Download
M net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java View 4 chunks +14 lines, -11 lines 0 comments Download
M net/android/java/src/org/chromium/net/X509Util.java View 1 3 chunks +41 lines, -18 lines 0 comments Download
M net/android/network_library.h View 1 chunk +4 lines, -13 lines 0 comments Download
M net/android/network_library.cc View 2 chunks +5 lines, -6 lines 0 comments Download
M net/base/cert_verify_proc_android.cc View 2 chunks +13 lines, -6 lines 0 comments Download
M net/base/cert_verify_proc_unittest.cc View 1 chunk +1 line, -1 line 0 comments Download
M net/net.gyp View 1 2 3 chunks +18 lines, -3 lines 0 comments Download

Messages

Total messages: 8 (0 generated)
ppi
Could you guys have a look?
7 years, 10 months ago (2013-02-12 17:56:05 UTC) #1
Ryan Sleevi
Could you look into why ExtraneousMD5RootCert succeeds? Based on the Android implementation, this surprises me, ...
7 years, 10 months ago (2013-02-12 18:14:54 UTC) #2
ppi
Only because the test does not >really< work on any platform now, see the comment: ...
7 years, 10 months ago (2013-02-12 18:25:57 UTC) #3
Ryan Sleevi
lgtm, mod nit https://codereview.chromium.org/12212135/diff/7001/net/android/cert_verify_result_android_list.h File net/android/cert_verify_result_android_list.h (right): https://codereview.chromium.org/12212135/diff/7001/net/android/cert_verify_result_android_list.h#newcode27 net/android/cert_verify_result_android_list.h:27: CERT_VERIFY_RESULT_ANDROID(UNABLE_TO_PARSE, 4) For the values here, ...
7 years, 10 months ago (2013-02-13 01:41:38 UTC) #4
Philippe
lgtm, thanks Przemek! https://codereview.chromium.org/12212135/diff/7001/net/android/java/src/org/chromium/net/X509Util.java File net/android/java/src/org/chromium/net/X509Util.java (right): https://codereview.chromium.org/12212135/diff/7001/net/android/java/src/org/chromium/net/X509Util.java#newcode155 net/android/java/src/org/chromium/net/X509Util.java:155: * Expired and not yet valid ...
7 years, 10 months ago (2013-02-13 10:00:43 UTC) #5
ppi
Thanks Ryan and Philippe! I have addressed your remarks in patch set 2 and I ...
7 years, 10 months ago (2013-02-13 12:34:55 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/ppi@chromium.org/12212135/4016
7 years, 10 months ago (2013-02-13 12:40:35 UTC) #7
commit-bot: I haz the power
7 years, 10 months ago (2013-02-13 19:13:52 UTC) #8
Message was sent while issue was closed. 
Change committed as 182280

Powered by Google App Engine
This is Rietveld 408576698