New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
link

Issue 398925: Security: SPDY connection sharing logic errors allows for MITM

Reported by agl@chromium.org, Jul 30 2014 Project Member

Issue description

Antoine Delignat-Lavaud from INRIA reports:

1) That we are connection pooling requests to bad certificates (i.e. ones that the user clicked through an interstitial for). As I recall, we intended for bad certs not to be pooling candidates but we may have missed the check.

(As an attack: give the victim an invalid cert for a captive portal site (https://captiveportal.com) that they click through. Speak SPDY or HTTP/2 and have SANs for example.com on that cert and fake DNS in order to get https://bank.com requests pooled onto that connection)

2) That connection pooling bypasses pinning. I think we might have simply missed this in the past. I believe that we need to add another condition to the pooling rules that we never pool across pinning domains. I hope TransportSecurityState is to hand when we make these decisions. If so, we might want to add an "IsEqualPinning" function to it that takes two hostnames and compares whether they have equal pins. For preloaded pins this is easy. For dynamic pins we can compare the pinsets, although we would then be depending on the fact that we require HPKP pins to include the current, good cert. This was previously just a footgun-amelioration measure.
 

Comment 1 by rsleevi@chromium.org, Jul 30 2014

Labels: -Type-Bug-Security Type-Bug
Do they have more details?

I don't understand the first point - it seems like conflating session caching with con section pooling. The two are somewhat orthogonal in their risks. We have always used the connection pools (HTTP keepalive, SPDY sessions) if the user has clicked through, but we remember the tainted state.

I suspect 2 is true for SPDY, because of its whole check to see if the cert contains other names its valid for, but it shouldn't be for HTTP, because the host/port tuple is the identity key in the con section pools. Even on session resumption, we still perform a pin check and cert validation.

Comment 2 by rsleevi@chromium.org, Jul 30 2014

Labels: -Type-Bug Type-Bug-Security

Comment 3 by agl@chromium.org, Jul 30 2014

Summary: Security: SPDY connection pooling logic errors allows for MITM (was: Security: Connection pooling logic errors allows for MITM)
Antoine provided net-internals screenshots that I've attached here.

I don't think this is conflating the normal connection pools, although I might have the wrong name. I mean the the SPDY / HTTP/2 behaviour of merging requests to different domains into the same connection.
spdy4.png
61.8 KB View Download
spdy2.png
48.6 KB View Download
spdy1.png
57.8 KB View Download
spdy3.png
58.3 KB View Download

Comment 4 by willchan@chromium.org, Jul 30 2014

Summary: Security: SPDY connection sharing logic errors allows for MITM (was: Security: SPDY connection pooling logic errors allows for MITM)

Comment 5 by willchan@chromium.org, Jul 30 2014

Yeah, this is unfortunate =/

Comment 6 by rsleevi@chromium.org, Jul 30 2014

Labels: Cr-Internals-Network-SPDY Cr-Internals-Network-SSL

Comment 7 by rch@chromium.org, Jul 30 2014

I'll run with this. I think I understand the mitigation for #2 (checking the pins via TransportSecurityState). However, I don't understand know how to determine if, say, the SSLInfo for a SPDY connection indicates that the interstitial was clicked through? Can someone point me in the right direction there?

Comment 8 by rsleevi@chromium.org, Jul 30 2014

Cc: davidben@chromium.org
@rch: I don't think #2 will be as simple as you mention. There's a reasonable amount of logic/complexity associated with pin checking that we don't want do just duplicate. That's the second part of  Issue 391035  - filed for OpenSSL, but presumably applies here as well. I'm adding David, because I was just talking to him about this refactoring yesterday.

Regarding your point on 1, the SSLInfo doesn't track that. Well, other than you'll have an error status for the bits expressed in the CertStatus. The SSLConfig will tell you, by virtue of allowed_bad_certs. See https://code.google.com/p/chromium/codesearch#chromium/src/net/socket/ssl_client_socket_nss.cc&rcl=1406663800&l=3374 to understand what differentiates the two sockets.

Comment 9 by agl@chromium.org, Jul 30 2014

Cc: antoine....@gmail.com
(cc'ing the reporter.)

Comment 10 by willchan@chromium.org, Jul 30 2014

Cc: cbentzel@chromium.org

Comment 11 by kenrb@chromium.org, Jul 30 2014

Labels: M-36 Security_Impact-Stable

Comment 12 by rch@chromium.org, Jul 30 2014

Cc: assar@google.com

Comment 13 by bugdroid1@chromium.org, Jul 30 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d7a7076b1b15ad982e40c02052dc60331b216623

commit d7a7076b1b15ad982e40c02052dc60331b216623
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed Jul 30 21:25:27 2014

Disable SPDY and QUIC session pooling.

BUG= 398925 
R=agl@chromium.org

Review URL: https://codereview.chromium.org/417013005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@286598 0039d316-1c4b-4281-b951-d872f2087c98

Comment 16 by bugdroid1@chromium.org, Jul 30 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5bc3f5918d9c6a35b4749c8aa67b8eeb6159f47c

commit 5bc3f5918d9c6a35b4749c8aa67b8eeb6159f47c
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed Jul 30 22:24:12 2014

Merge 286598 "Disable SPDY and QUIC session pooling."

> Disable SPDY and QUIC session pooling.
> 
> BUG= 398925 
> R=agl@chromium.org
> 
> Review URL: https://codereview.chromium.org/417013005

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/426413002

git-svn-id: svn://svn.chromium.org/chrome/branches/1985/src@286615 0039d316-1c4b-4281-b951-d872f2087c98

Comment 17 by rch@chromium.org, Jul 30 2014

Labels: Merge-Requested

Comment 18 by bugdroid1@chromium.org, Jul 30 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c5a5de7086f92457ee880b9792046a8e5849a5d8

commit c5a5de7086f92457ee880b9792046a8e5849a5d8
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed Jul 30 22:53:22 2014

Revert 286615 "Merge 286598 "Disable SPDY and QUIC session pooli..."

> Merge 286598 "Disable SPDY and QUIC session pooling."
> 
> > Disable SPDY and QUIC session pooling.
> > 
> > BUG= 398925 
> > R=agl@chromium.org
> > 
> > Review URL: https://codereview.chromium.org/417013005
> 
> TBR=rch@chromium.org
> 
> Review URL: https://codereview.chromium.org/426413002

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/414123007

git-svn-id: svn://svn.chromium.org/chrome/branches/1985/src@286626 0039d316-1c4b-4281-b951-d872f2087c98

Comment 20 by bugdroid1@chromium.org, Jul 30 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19e8b4a43997e5725105ee5dec62c5dd3ed1a648

commit 19e8b4a43997e5725105ee5dec62c5dd3ed1a648
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed Jul 30 22:57:53 2014

Merge 286598 "Disable SPDY and QUIC session pooling."

> Disable SPDY and QUIC session pooling.
> 
> BUG= 398925 
> R=agl@chromium.org
> 
> Review URL: https://codereview.chromium.org/417013005

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/429323003

git-svn-id: svn://svn.chromium.org/chrome/branches/1985/src@286628 0039d316-1c4b-4281-b951-d872f2087c98

Comment 22 by bugdroid1@chromium.org, Jul 30 2014

Project Member
Labels: merge-merged-1985_122
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/43807b41850c6de9ee77a1a45f9c5f6fd42edafa

commit 43807b41850c6de9ee77a1a45f9c5f6fd42edafa
Author: matthewyuan@chromium.org <matthewyuan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed Jul 30 23:46:25 2014

Merge 286628 "Merge 286598 "Disable SPDY and QUIC session pooling.""

> Merge 286598 "Disable SPDY and QUIC session pooling."
> 
> > Disable SPDY and QUIC session pooling.
> > 
> > BUG= 398925 
> > R=agl@chromium.org
> > 
> > Review URL: https://codereview.chromium.org/417013005
> 
> TBR=rch@chromium.org
> 
> Review URL: https://codereview.chromium.org/429323003

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/428373002

git-svn-id: svn://svn.chromium.org/chrome/branches/1985_122/src@286638 0039d316-1c4b-4281-b951-d872f2087c98

Comment 23 by bugdroid1@chromium.org, Jul 30 2014

Project Member
Labels: merge-merged-1985_128
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bcb79371e8aca77dbd876549abcea23df1d376a3

commit bcb79371e8aca77dbd876549abcea23df1d376a3
Author: matthewyuan@chromium.org <matthewyuan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed Jul 30 23:47:34 2014

Merge 286628 "Merge 286598 "Disable SPDY and QUIC session pooling.""

> Merge 286598 "Disable SPDY and QUIC session pooling."
> 
> > Disable SPDY and QUIC session pooling.
> > 
> > BUG= 398925 
> > R=agl@chromium.org
> > 
> > Review URL: https://codereview.chromium.org/417013005
> 
> TBR=rch@chromium.org
> 
> Review URL: https://codereview.chromium.org/429323003

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/435473002

git-svn-id: svn://svn.chromium.org/chrome/branches/1985_128/src@286639 0039d316-1c4b-4281-b951-d872f2087c98

Comment 26 by rch@chromium.org, Aug 1 2014

Labels: -M-36 M-37
I'd like to merge this to Beta (m37, right?) to make sure we've fixed this everywhere.

Comment 27 by rch@chromium.org, Aug 1 2014

Cc: amin...@google.com
+amineer for m37 merge approval

Comment 28 by amineer@chromium.org, Aug 1 2014

Labels: -Merge-Requested Merge-Approved
merge approved for m37 branch 2062

Comment 29 by bugdroid1@chromium.org, Aug 1 2014

Project Member
Labels: -Merge-Approved merge-merged-2062
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5c9f9e2ea265ee92d8d4bf870727c8ed952b7c0d

commit 5c9f9e2ea265ee92d8d4bf870727c8ed952b7c0d
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri Aug 01 20:03:58 2014

Merge 286598 "Disable SPDY and QUIC session pooling."

> Disable SPDY and QUIC session pooling.
> 
> BUG= 398925 
> R=agl@chromium.org
> 
> Review URL: https://codereview.chromium.org/417013005

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/433923005

git-svn-id: svn://svn.chromium.org/chrome/branches/2062/src@287077 0039d316-1c4b-4281-b951-d872f2087c98

Comment 31 by cbentzel@chromium.org, Aug 1 2014

Cc: sidv@chromium.org

Comment 32 by cbentzel@chromium.org, Aug 1 2014

Cc: mdw@chromium.org

Comment 33 by parisa@chromium.org, Aug 4 2014

Labels: reward-topanel

Comment 34 by cbentzel@chromium.org, Aug 4 2014

Cc: jgraettinger@chromium.org

Comment 35 by agl@chromium.org, Aug 6 2014

Cc: sgurun@google.com

Comment 36 by bugdroid1@chromium.org, Aug 8 2014

Project Member
------------------------------------------------------------------
r288435 | rch@chromium.org | 2014-08-08T21:22:45.384613Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_security_headers_unittest.cc?r1=288435&r2=288434&pathrev=288435
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_unittest.cc?r1=288435&r2=288434&pathrev=288435
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state.cc?r1=288435&r2=288434&pathrev=288435
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_nss.cc?r1=288435&r2=288434&pathrev=288435
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state.h?r1=288435&r2=288434&pathrev=288435
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/crypto/proof_verifier_chromium.cc?r1=288435&r2=288434&pathrev=288435

Centralize the logic for checking public key pins from ClientSocketNSS
and ProofVerifierChromium to TransportSecurityState::CheckPublicKeyPins.
This required adding an is_issued_by_known_root argument to this method.

In addition, CheckPublicKeyPins now only checks static pins if the
TransportSecurityState's enable_static_pins_ member is true. This defaults
to true only for official desktop builds. This also means that dynamic
pins are now checked on mobile and on non-official builds.

BUG= 398925 , 391033 

Review URL: https://codereview.chromium.org/433123003
-----------------------------------------------------------------

Comment 37 by bugdroid1@chromium.org, Aug 8 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8d60aa54abe0517d756c9d625ece75feabed613a

commit 8d60aa54abe0517d756c9d625ece75feabed613a
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri Aug 08 21:22:45 2014

Centralize the logic for checking public key pins from ClientSocketNSS
and ProofVerifierChromium to TransportSecurityState::CheckPublicKeyPins.
This required adding an is_issued_by_known_root argument to this method.

In addition, CheckPublicKeyPins now only checks static pins if the
TransportSecurityState's enable_static_pins_ member is true. This defaults
to true only for official desktop builds. This also means that dynamic
pins are now checked on mobile and on non-official builds.

BUG= 398925 , 391033 

Review URL: https://codereview.chromium.org/433123003

Cr-Commit-Position: refs/heads/master@{#288435}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@288435 0039d316-1c4b-4281-b951-d872f2087c98

Comment 38 by ClusterFuzz, Aug 9 2014

Project Member
Labels: Nag
rch@: Uh oh! This issue is still open and hasn't been updated in the last 7 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz

Comment 39 by agl@chromium.org, Aug 10 2014

Opera folks: the reporter has all but disclosed this now: http://www.ietf.org/mail-archive/web/tls/current/msg13345.html

Comment 40 by haava...@opera.com, Aug 11 2014

Thanks. The blackhat paper has also been released (with the specifics about this attack removed) https://bh.ht.vc/vhost_confusion.pdf.  We have already released turning off sessions caching for SPDY and quick on android, and we aim to release for desktop tomorrow (12'th). 

Is the HSTS patch vital for this issue? As I see it, dynamic pinning is not widely used yet, and static pinning is turned off. Thus, it doesn't seem to have that big of an impact for us.

Comment 41 by agl@chromium.org, Aug 11 2014

haavardm: by session caching, I'm guessing that you mean connection sharing (i.e. the changes referenced above?)

The pinning change very likely doesn't matter for you.

Comment 42 by haava...@opera.com, Aug 11 2014

Sorry yes, that was a typo. I mean connection sharing.

Comment 43 by infe...@chromium.org, Aug 11 2014

Labels: CVE-2014-3166 Release-1-M36

Comment 44 by infe...@chromium.org, Aug 11 2014

Why is the bug not marked as Fixed ?

Comment 45 by agl@chromium.org, Aug 11 2014

Status: Fixed

Comment 46 by infe...@chromium.org, Aug 11 2014

Labels: Merge-Merged
Thanks!

Comment 47 by ClusterFuzz, Aug 11 2014

Project Member
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 48 by jsc...@chromium.org, Aug 13 2014

Labels: -Security_Severity-High Security_Severity-Medium
High severity would be an unmitigated, arbitrary origin bypass. Whereas this requires an active MitM plus the user clicking through a certificate warning. That's pretty significant mitigation, so this is medium-severity at worst.

Comment 49 by sgu...@chromium.org, Aug 13 2014

Cc: jarmour@chromium.org

Comment 50 by bugdroid1@chromium.org, Aug 14 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/17a3503b9f011d37a01dd7790806ade6f80da2b3

commit 17a3503b9f011d37a01dd7790806ade6f80da2b3
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu Aug 14 01:00:11 2014

Refactor pooling logic into a helper method
Disable pooling when there are cert errors.
Disable pooling when pinning does not match for the new host.

BUG= 398925 

Review URL: https://codereview.chromium.org/425803014

Cr-Commit-Position: refs/heads/master@{#289433}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289433 0039d316-1c4b-4281-b951-d872f2087c98

Comment 51 by bugdroid1@chromium.org, Aug 14 2014

Project Member
------------------------------------------------------------------
r289433 | rch@chromium.org | 2014-08-14T01:00:11.753589Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.h?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_unittest.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session_test.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory_test.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.h?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.h?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.h?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_session.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_http_stream_test.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.cc?r1=289433&r2=289432&pathrev=289433
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.h?r1=289433&r2=289432&pathrev=289433

Refactor pooling logic into a helper method
Disable pooling when there are cert errors.
Disable pooling when pinning does not match for the new host.

BUG= 398925 

Review URL: https://codereview.chromium.org/425803014
-----------------------------------------------------------------

Comment 52 by bugdroid1@chromium.org, Aug 15 2014

Project Member
------------------------------------------------------------------
r289937 | rch@chromium.org | 2014-08-15T18:09:27.173986Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.h?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.h?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_session.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_http_stream_test.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.h?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.h?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_unittest.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session_test.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory_test.cc?r1=289937&r2=289936&pathrev=289937
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.h?r1=289937&r2=289936&pathrev=289937

Revert 289433 "Refactor pooling logic into a helper method"

Reason for revert:
Causes crashes in canary.

> Refactor pooling logic into a helper method
> Disable pooling when there are cert errors.
> Disable pooling when pinning does not match for the new host.
> 
> BUG= 398925 
> 
> Review URL: https://codereview.chromium.org/425803014

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/476113003
-----------------------------------------------------------------

Comment 53 by bugdroid1@chromium.org, Aug 15 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/debe0fde0c897da880278fba6d4fbde05c927094

commit debe0fde0c897da880278fba6d4fbde05c927094
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri Aug 15 18:09:27 2014

Revert 289433 "Refactor pooling logic into a helper method"

Reason for revert:
Causes crashes in canary.

> Refactor pooling logic into a helper method
> Disable pooling when there are cert errors.
> Disable pooling when pinning does not match for the new host.
> 
> BUG= 398925 
> 
> Review URL: https://codereview.chromium.org/425803014

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/476113003

Cr-Commit-Position: refs/heads/master@{#289937}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289937 0039d316-1c4b-4281-b951-d872f2087c98

Comment 54 by bugdroid1@chromium.org, Aug 15 2014

Project Member
Labels: merge-merged-2124
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/31a0d4a5c7211de7311239f14e193ab669a8e9f5

commit 31a0d4a5c7211de7311239f14e193ab669a8e9f5
Author: matthewyuan@chromium.org <matthewyuan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri Aug 15 18:42:12 2014

Revert 289433 "Refactor pooling logic into a helper method"

> Refactor pooling logic into a helper method
> Disable pooling when there are cert errors.
> Disable pooling when pinning does not match for the new host.
> 
> BUG= 398925 
> 
> Review URL: https://codereview.chromium.org/425803014

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/479643002

git-svn-id: svn://svn.chromium.org/chrome/branches/2124/src@289952 0039d316-1c4b-4281-b951-d872f2087c98

Comment 55 by bugdroid1@chromium.org, Aug 15 2014

Project Member
------------------------------------------------------------------
r289952 | matthewyuan@chromium.org | 2014-08-15T18:42:12.503005Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/quic/quic_stream_factory.h?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/http/http_network_session.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/quic/quic_http_stream_test.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/spdy/spdy_test_utils.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/spdy/spdy_test_utils.h?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/spdy/spdy_session_pool.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/spdy/spdy_session_pool.h?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/spdy/spdy_session_unittest.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/spdy/spdy_session.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/quic/quic_client_session_test.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/quic/quic_client_session.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/quic/quic_stream_factory_test.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/spdy/spdy_session.h?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/quic/quic_stream_factory.cc?r1=289952&r2=289951&pathrev=289952
   M http://src.chromium.org/viewvc/chrome/branches/2124/src/net/quic/quic_client_session.h?r1=289952&r2=289951&pathrev=289952

Revert 289433 "Refactor pooling logic into a helper method"

> Refactor pooling logic into a helper method
> Disable pooling when there are cert errors.
> Disable pooling when pinning does not match for the new host.
> 
> BUG= 398925 
> 
> Review URL: https://codereview.chromium.org/425803014

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/479643002
-----------------------------------------------------------------

Comment 56 by bugdroid1@chromium.org, Aug 18 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dc33fbbe670b3ff49209b4093e58df07959fcda9

commit dc33fbbe670b3ff49209b4093e58df07959fcda9
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon Aug 18 19:15:58 2014

Refactor pooling logic into a helper method
Disable pooling when there are cert errors.
Disable pooling when pinning does not match for the new host.

BUG= 398925 

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=289433

Review URL: https://codereview.chromium.org/425803014

Cr-Commit-Position: refs/heads/master@{#290320}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290320 0039d316-1c4b-4281-b951-d872f2087c98

Comment 57 by bugdroid1@chromium.org, Aug 18 2014

Project Member
------------------------------------------------------------------
r290320 | rch@chromium.org | 2014-08-18T19:15:58.904272Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_session.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_http_stream_test.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.h?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.h?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_response_body_drainer_unittest.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_unittest.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session_test.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory_test.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.h?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.cc?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.h?r1=290320&r2=290319&pathrev=290320
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.h?r1=290320&r2=290319&pathrev=290320

Refactor pooling logic into a helper method
Disable pooling when there are cert errors.
Disable pooling when pinning does not match for the new host.

BUG= 398925 

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=289433

Review URL: https://codereview.chromium.org/425803014
-----------------------------------------------------------------

Comment 58 by bugdroid1@chromium.org, Aug 18 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/763fa4320dcef04e8bfaf65bdc32100b7ec9bd18

commit 763fa4320dcef04e8bfaf65bdc32100b7ec9bd18
Author: viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon Aug 18 22:40:49 2014

Revert 289433 "Refactor pooling logic into a helper method"

(Test-only?) leaks (see bug). The lsan suppressions file tells me to
revert, not suppress.

BUG= 404833 

> Refactor pooling logic into a helper method
> Disable pooling when there are cert errors.
> Disable pooling when pinning does not match for the new host.
> 
> BUG= 398925 
> 
> Review URL: https://codereview.chromium.org/425803014

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/483043002

Cr-Commit-Position: refs/heads/master@{#290384}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290384 0039d316-1c4b-4281-b951-d872f2087c98

Comment 59 by bugdroid1@chromium.org, Aug 18 2014

Project Member
------------------------------------------------------------------
r290384 | viettrungluu@chromium.org | 2014-08-18T22:40:49.926638Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.h?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_unittest.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session_test.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory_test.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.h?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.h?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.h?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_session.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_http_stream_test.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.h?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=290384&r2=290383&pathrev=290384
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.cc?r1=290384&r2=290383&pathrev=290384

Revert 289433 "Refactor pooling logic into a helper method"

(Test-only?) leaks (see bug). The lsan suppressions file tells me to
revert, not suppress.

BUG= 404833 

> Refactor pooling logic into a helper method
> Disable pooling when there are cert errors.
> Disable pooling when pinning does not match for the new host.
> 
> BUG= 398925 
> 
> Review URL: https://codereview.chromium.org/425803014

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/483043002
-----------------------------------------------------------------

Comment 60 by bugdroid1@chromium.org, Aug 18 2014

Project Member
------------------------------------------------------------------
r290385 | viettrungluu@chromium.org | 2014-08-18T22:45:03.604328Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.h?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_session.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_http_stream_test.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.h?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.h?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_unittest.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session_test.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory_test.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.h?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.cc?r1=290385&r2=290384&pathrev=290385
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.h?r1=290385&r2=290384&pathrev=290385

Revert 290384 "Revert 289433 "Refactor pooling logic into a help..."

Oops, reverted the original land, not the re-land.

> Revert 289433 "Refactor pooling logic into a helper method"
> 
> (Test-only?) leaks (see bug). The lsan suppressions file tells me to
> revert, not suppress.
> 
> BUG= 404833 
> 
> > Refactor pooling logic into a helper method
> > Disable pooling when there are cert errors.
> > Disable pooling when pinning does not match for the new host.
> > 
> > BUG= 398925 
> > 
> > Review URL: https://codereview.chromium.org/425803014
> 
> TBR=rch@chromium.org
> 
> Review URL: https://codereview.chromium.org/483043002

TBR=viettrungluu@chromium.org

Review URL: https://codereview.chromium.org/483963002
-----------------------------------------------------------------

Comment 61 by bugdroid1@chromium.org, Aug 18 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2b4c5746322f80829730033352f0aeb9d4a556e5

commit 2b4c5746322f80829730033352f0aeb9d4a556e5
Author: viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon Aug 18 22:45:03 2014

Revert 290384 "Revert 289433 "Refactor pooling logic into a help..."

Oops, reverted the original land, not the re-land.

> Revert 289433 "Refactor pooling logic into a helper method"
> 
> (Test-only?) leaks (see bug). The lsan suppressions file tells me to
> revert, not suppress.
> 
> BUG= 404833 
> 
> > Refactor pooling logic into a helper method
> > Disable pooling when there are cert errors.
> > Disable pooling when pinning does not match for the new host.
> > 
> > BUG= 398925 
> > 
> > Review URL: https://codereview.chromium.org/425803014
> 
> TBR=rch@chromium.org
> 
> Review URL: https://codereview.chromium.org/483043002

TBR=viettrungluu@chromium.org

Review URL: https://codereview.chromium.org/483963002

Cr-Commit-Position: refs/heads/master@{#290385}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290385 0039d316-1c4b-4281-b951-d872f2087c98

Comment 62 by bugdroid1@chromium.org, Aug 18 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/98ddfe8c2bf4422216654107daf9cd4940d07053

commit 98ddfe8c2bf4422216654107daf9cd4940d07053
Author: viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon Aug 18 22:47:00 2014

Revert 290320 "Refactor pooling logic into a helper method"

Leaks (see bug).

Actually reverting the re-land this time.

BUG= 404833 

> Refactor pooling logic into a helper method
> Disable pooling when there are cert errors.
> Disable pooling when pinning does not match for the new host.
> 
> BUG= 398925 
> 
> Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=289433
> 
> Review URL: https://codereview.chromium.org/425803014

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/485943004

Cr-Commit-Position: refs/heads/master@{#290386}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290386 0039d316-1c4b-4281-b951-d872f2087c98

Comment 63 by bugdroid1@chromium.org, Aug 18 2014

Project Member
------------------------------------------------------------------
r290386 | viettrungluu@chromium.org | 2014-08-18T22:47:00.254872Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_unittest.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session_test.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory_test.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.h?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.h?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.h?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_session.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_http_stream_test.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.h?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_response_body_drainer_unittest.cc?r1=290386&r2=290385&pathrev=290386
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.h?r1=290386&r2=290385&pathrev=290386

Revert 290320 "Refactor pooling logic into a helper method"

Leaks (see bug).

Actually reverting the re-land this time.

BUG= 404833 

> Refactor pooling logic into a helper method
> Disable pooling when there are cert errors.
> Disable pooling when pinning does not match for the new host.
> 
> BUG= 398925 
> 
> Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=289433
> 
> Review URL: https://codereview.chromium.org/425803014

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/485943004
-----------------------------------------------------------------

Comment 64 by bugdroid1@chromium.org, Aug 19 2014

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5db452206ce2503815abe55878179b2399cc906a

commit 5db452206ce2503815abe55878179b2399cc906a
Author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue Aug 19 05:22:15 2014

Refactor pooling logic into a helper method
Disable pooling when there are cert errors.
Disable pooling when pinning does not match for the new host.

BUG= 398925 

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=289433

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=290320

Review URL: https://codereview.chromium.org/425803014

Cr-Commit-Position: refs/heads/master@{#290497}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290497 0039d316-1c4b-4281-b951-d872f2087c98

Comment 65 by bugdroid1@chromium.org, Aug 19 2014

Project Member
------------------------------------------------------------------
r290497 | rch@chromium.org | 2014-08-19T05:22:15.314908Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/socket/ssl_client_socket_pool_unittest.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_pool.h?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_response_body_drainer_unittest.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session_unittest.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session_test.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory_test.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_session.h?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_client_session.h?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_stream_factory.h?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_network_session.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/quic_http_stream_test.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.cc?r1=290497&r2=290496&pathrev=290497
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/spdy/spdy_test_utils.h?r1=290497&r2=290496&pathrev=290497

Refactor pooling logic into a helper method
Disable pooling when there are cert errors.
Disable pooling when pinning does not match for the new host.

BUG= 398925 

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=289433

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=290320

Review URL: https://codereview.chromium.org/425803014
-----------------------------------------------------------------

Comment 66 by rch@chromium.org, Aug 20 2014

Labels: -M-37 M-38 Merge-Requested
Requesting a merge to m38 of the final CL in this issue.

Comment 67 by matthewyuan@chromium.org, Aug 21 2014

Which cl is this request for?

Comment 68 by rch@chromium.org, Aug 21 2014

The merge request is for: 
  https://codereview.chromium.org/425803014/
It re-enables connection pooling for QUIC and SPDY sessions. This decreases latency for users, and reduces server load.

Comment 69 by rch@chromium.org, Aug 21 2014

matthewyuan: merge ping

Comment 70 by matthewyuan@chromium.org, Aug 25 2014

Labels: -Merge-Requested Merge-Approved
Approved for 38.

Comment 71 by bugdroid1@chromium.org, Aug 25 2014

Project Member
Labels: -Merge-Approved merge-merged-2125
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe

commit 9058507e9ca2c218cf07c53a8ce61bd70231edfe
Author: Ryan Hamilton <rch@chromium.org>
Date: Mon Aug 25 19:05:50 2014

Merge 290497 "Refactor pooling logic into a helper method"

> Refactor pooling logic into a helper method
> Disable pooling when there are  cert errors.
> Disable pooling when pinning does not match for the new host.
>
> BUG= 398925 
>
> Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=289433
>
> Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=290320
>
> Review URL: https://codereview.chromium.org/425803014
>
> Cr-Commit-Position: refs/heads/master@{#290497}
> git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290497 0039d316-1c4b-4281-b951-d872f2087c98
> (cherry picked from commit 5db452206ce2503815abe55878179b2399cc906a)

BUG= 398925 
TBR=matthewyuan

Review URL: https://codereview.chromium.org/498373002

Cr-Commit-Position: refs/branch-heads/2125@{#86}
Cr-Branched-From: b68026d94bda36dd106a3d91a098719f952a9477-refs/heads/master@{#290040}

[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/http/http_network_session.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/http/http_response_body_drainer_unittest.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/quic/quic_client_session.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/quic/quic_client_session.h
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/quic/quic_client_session_test.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/quic/quic_http_stream_test.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/quic/quic_stream_factory.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/quic/quic_stream_factory.h
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/quic/quic_stream_factory_test.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/socket/ssl_client_socket_pool_unittest.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/spdy/spdy_session.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/spdy/spdy_session.h
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/spdy/spdy_session_pool.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/spdy/spdy_session_pool.h
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/spdy/spdy_session_unittest.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/spdy/spdy_test_utils.cc
[modify] https://chromium.googlesource.com/chromium/src.git/+/9058507e9ca2c218cf07c53a8ce61bd70231edfe/net/spdy/spdy_test_utils.h

Comment 72 by wfh@chromium.org, Oct 9 2014

Labels: -reward-topanel reward-unpaid reward-1000
The reward panel were disappointed that this vulnerability was publicly disclosed while we were still in the process of patching the issue - see #39. This meant we had to take additional costly steps at the server-side to protect our users.

The Chromium project takes responsible disclosure seriously and normally this would have excluded this report from a reward, since our rules[1] clearly state "Bugs disclosed publicly or to a third-party for purposes other than fixing the bug will typically not qualify for a reward".

However, we do recognize the severity of this bug and appreciate INRIA's continued collaboration in discovering and reporting important bugs like this to us, so although this report isn't eligible for our usual reward amounts[1], we are pleased to reward $1000 for your efforts.  Thanks for helping us protect our users!

[1] https://www.google.com/about/appsecurity/chrome-rewards/index.html

Comment 73 by ClusterFuzz, Nov 18 2014

Project Member
Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.

Comment 74 by timwillis@google.com, Dec 9 2014

Contacted Antoine regarding payment.

Comment 75 by laforge@google.com, Mar 4 2015

Labels: -Cr-Internals-Network-SPDY Cr-Internals-Network-HTTP2
Migrate from Cr-Internals-Network-SPDY to Cr-Internals-Network-HTTP2

Comment 76 by timwillis@google.com, Mar 9 2015

Labels: -reward-unpaid reward-inprocess

Comment 77 by timwillis@google.com, Mar 17 2015

Labels: -reward-inprocess
Processing via our e-payment system can take up to six weeks, but the reward should be on its way to you. Thanks again for your help!

Comment 78 by sheriffbot@chromium.org, Oct 1 2016

Project Member
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 79 by sheriffbot@chromium.org, Oct 2 2016

Project Member
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 80 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Comment 81 by awhalley@chromium.org, Apr 25 2018

Labels: CVE_description-submitted

Sign in to add a comment