CertVerifyProcTest.RejectWeakKeys fails on Android N with CERT_AUTHORITY_INVALID |
|||||
Issue descriptione.g. from https://uberchromegw.corp.google.com/i/internal.client.clank/builders/test-n-phone/builds/260/steps/net_unittests/logs/stdio: C 289.108s Main [FAIL] CertVerifyProcTest.RejectWeakKeys: C 289.108s Main [ RUN ] CertVerifyProcTest.RejectWeakKeys C 289.108s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.108s Main Value of: error C 289.108s Main Actual: -202 C 289.108s Main Expected: OK C 289.108s Main Which is: 0 C 289.109s Main Google Test trace: C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:382: 1024-rsa-ee-by-1024-rsa-intermediate.pem C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.109s Main Value of: error C 289.109s Main Actual: -202 C 289.109s Main Expected: OK C 289.109s Main Which is: 0 C 289.109s Main Google Test trace: C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:382: 1024-rsa-ee-by-2048-rsa-intermediate.pem C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.109s Main Value of: error C 289.109s Main Actual: -202 C 289.109s Main Expected: OK C 289.109s Main Which is: 0 C 289.109s Main Google Test trace: C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:382: 1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.109s Main Value of: error C 289.109s Main Actual: -202 C 289.109s Main Expected: OK C 289.109s Main Which is: 0 C 289.109s Main Google Test trace: C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:382: 2048-rsa-ee-by-1024-rsa-intermediate.pem C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.109s Main Value of: error C 289.109s Main Actual: -202 C 289.109s Main Expected: OK C 289.109s Main Which is: 0 C 289.109s Main Google Test trace: C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:382: 2048-rsa-ee-by-2048-rsa-intermediate.pem C 289.109s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.109s Main Value of: error C 289.109s Main Actual: -202 C 289.109s Main Expected: OK C 289.110s Main Which is: 0 C 289.110s Main Google Test trace: C 289.110s Main ../../net/cert/cert_verify_proc_unittest.cc:382: 2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem C 289.110s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.110s Main Value of: error C 289.110s Main Actual: -202 C 289.110s Main Expected: OK C 289.110s Main Which is: 0 C 289.110s Main Google Test trace: C 289.110s Main ../../net/cert/cert_verify_proc_unittest.cc:382: prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem C 289.110s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.110s Main Value of: error C 289.110s Main Actual: -202 C 289.110s Main Expected: OK C 289.110s Main Which is: 0 C 289.110s Main Google Test trace: C 289.110s Main ../../net/cert/cert_verify_proc_unittest.cc:382: prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem C 289.110s Main ../../net/cert/cert_verify_proc_unittest.cc:413: Failure C 289.110s Main Value of: error C 289.110s Main Actual: -202 C 289.110s Main Expected: OK C 289.110s Main Which is: 0 C 289.110s Main Google Test trace: C 289.110s Main ../../net/cert/cert_verify_proc_unittest.cc:382: prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem C 289.110s Main [ FAILED ] CertVerifyProcTest.RejectWeakKeys (399 ms)
,
Apr 22 2016
Investigating it looks like we're getting a "Chain validation failed" from the Android Certificate Verification logic. It looks like at some point the N parser got stricter and is giving the error: java.security.cert.CertificateParsingException: no more data allowed for version 1 certificate
,
Apr 22 2016
Should be fixed on trunk once https://codereview.chromium.org/1906323004/ lands.
,
Apr 22 2016
excellent, thanks!
,
Apr 22 2016
Why is this Restrict-View-Google? The Android preview is available, is it not?
,
Apr 22 2016
internal bot + unreleased version. We try to keep test-n-phone on the weekly dogfood build.
,
Apr 22 2016
(we could conceivably have an upstream bot with publicly released preview builds, but it hasn't been a high priority)
,
Apr 22 2016
Can we open this bug at least? There's nothing confidential here other than the URL, and there's nothing magic in that.
,
Apr 22 2016
I guess so.
,
Apr 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/655e2234eb572003c5641f817b6c045faae9b24f commit 655e2234eb572003c5641f817b6c045faae9b24f Author: svaldez <svaldez@chromium.org> Date: Fri Apr 22 23:52:26 2016 Fixing generate-weak-test-chains.sh to generate correct certificates We add extensions to the leaf certificates generated by generate-weak-test-chains.sh in order to make them valid certificates for testing on Android. BUG= 605960 Review URL: https://codereview.chromium.org/1906323004 Cr-Commit-Position: refs/heads/master@{#389309} [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/chrome/common/net/x509_certificate_model_unittest.cc [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/1024-rsa-ee-by-1024-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/1024-rsa-ee-by-2048-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/1024-rsa-ee-by-768-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/1024-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/2048-rsa-ee-by-1024-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/2048-rsa-ee-by-2048-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/2048-rsa-ee-by-768-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/2048-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/2048-rsa-root.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/768-rsa-ee-by-1024-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/768-rsa-ee-by-2048-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/768-rsa-ee-by-768-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/768-rsa-ee-by-prime256v1-ecdsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/768-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-768-rsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/certificates/prime256v1-ecdsa-intermediate.pem [modify] https://crrev.com/655e2234eb572003c5641f817b6c045faae9b24f/net/data/ssl/scripts/generate-weak-test-chains.sh
,
Apr 25 2016
,
Apr 25 2016
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by jbudorick@chromium.org
, Apr 22 2016