Issue 9699058: When detecting client certs on OS X, ensure all certs match the server's CertificateRequest

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 9699058: When detecting client certs on OS X, ensure all certs match the server's CertificateRequest (Closed)

Created:
8 years, 9 months ago by Ryan Sleevi

Modified:
8 years, 9 months ago

Reviewers:
wtc

CC:
chromium-reviews, cbentzel+watch_chromium.org, darin-cc_chromium.org

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

When detecting client certs on OS X, ensure all certs match the server's CertificateRequest Previously, if an identity preference for a server existed, such as those created by Safari, then the client certificate would not be checked to ensure it matched the server's CertificateRequest. As a result, it was possible to send a potentially invalid client certificate - and this would be the default client certificate presented to users. BUG=118306 TEST=See bug R=wtc@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=126836

Patch Set 1 #

Total comments: 1

Patch Set 2 : Whitespace #

Created: 8 years, 9 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+1 line, -4 lines)			Patch
	M	net/base/x509_certificate_mac.cc	View	1	1 chunk	+1 line, -4 lines	0 comments	Download

Messages

Total messages: 4 (0 generated)

Expand Messages | Collapse Messages

wtc

LGTM. This is a good change! http://codereview.chromium.org/9699058/diff/1/net/base/x509_certificate_mac.cc File net/base/x509_certificate_mac.cc (right): http://codereview.chromium.org/9699058/diff/1/net/base/x509_certificate_mac.cc#newcode1497 net/base/x509_certificate_mac.cc:1497: !cert->IsIssuedBy(valid_issuers)) Nit: this ...

8 years, 9 months ago (2012-03-15 01:44:53 UTC) #2

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rsleevi@chromium.org/9699058/4001

8 years, 9 months ago (2012-03-15 01:48:08 UTC) #3

commit-bot: I haz the power

8 years, 9 months ago (2012-03-15 04:10:42 UTC) #4

Try job failure for 9699058-4001 (retry) on win_rel for step "browser_tests".
It's a second try, previously, step "browser_tests" failed.
http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=win_rel&nu...

Expand Messages | Collapse Messages