New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 603634 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Aug 2016
Cc:
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 1
Type: Bug



Sign in to add a comment

Do not use second cert validation on iOS

Project Member Reported by eugene...@chromium.org, Apr 14 2016

Issue description

With initial WKWebView release SecTrustRef was used for making load/no-load decision and NSS for getting the reason of cert failure.

Now on iOS CertVerifier uses SecTrust API for cert verification, so we do double work evaluating SecTrust twice.

Specifically for WebView cert verification we should reuse the code from this CL:
https://codereview.chromium.org/1871043003/patch/280001/290003
 

Comment 1 by pkl@chromium.org, May 25 2016

Cc: pkl@chromium.org
Labels: -Pri-2 Pri-1
Status: Started (was: Assigned)
Components: Mobile>WebView>Glue
Project Member

Comment 4 by bugdroid1@chromium.org, Aug 15 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2

commit bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2
Author: eugenebut <eugenebut@chromium.org>
Date: Mon Aug 15 23:34:55 2016

[ios] Removed CertVerifierBlockAdapter.

cert_verify_proc_ios.cc uses SecTrustRef to get the reason of cert
verification failure, so there is no reason to use CertVerifier for
web view cert verification.

Removing CertVerifier usage should have positive impact on battery
life (because second versification will not be performed) and simplify
the code (especially threading part).

BUG= 603634 
TEST=interstitials show correct reason of failure

Review-Url: https://codereview.chromium.org/2225483002
Cr-Commit-Position: refs/heads/master@{#412096}

[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/ios/web/BUILD.gn
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/ios/web/ios_web.gyp
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/ios/web/ios_web_unittests.gyp
[delete] https://crrev.com/8e74f22a19f675ffa5e2f64ba101c677b019133b/ios/web/net/cert_verifier_block_adapter.cc
[delete] https://crrev.com/8e74f22a19f675ffa5e2f64ba101c677b019133b/ios/web/net/cert_verifier_block_adapter.h
[delete] https://crrev.com/8e74f22a19f675ffa5e2f64ba101c677b019133b/ios/web/net/cert_verifier_block_adapter_unittest.cc
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/ios/web/net/crw_cert_verification_controller.h
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/ios/web/net/crw_cert_verification_controller.mm
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/ios/web/net/crw_cert_verification_controller_unittest.mm
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/ios/web/web_state/ui/crw_web_controller.mm
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/net/cert/cert_verify_proc_ios.cc
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/net/cert/cert_verify_proc_ios.h
[add] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/net/cert/cert_verify_proc_ios_unittest.cc
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/net/net.gypi
[modify] https://crrev.com/bbaae2f91795c442ef62bdfe42be1d5ea75f7cc2/tools/metrics/histograms/histograms.xml

Status: Fixed (was: Started)

Sign in to add a comment