Regression:SSL warning page is displayed for ‘https://pinning-test.badssl.com'
Reported by
dmascare...@etouch.net,
May 25 2016
|
|||||
Issue descriptionChrome Version:51.0.2704.63 (Official Build)2989ec7055a268f05554172b2207a34c0c842b8d-refs/branch-heads/2704@{#656} 32/64-bit. OS: Mac (10.10.5, 10.11.4), Windows(7,8,10) ,Linux (ubuntu 14.04 LTS) What steps will reproduce the problem? 1. Launch chrome and navigate to https://pinning-test.badssl.com/ 2. Observe. Actual: SSL warning page is displayed Expected: SSL warning page should not be displayed This is regression issue, broke in ‘M 51’ and below is narrow bisect: https://chromium.googlesource.com/chromium/src/+log/51.0.2680.0..51.0.2681.0?pretty=fuller&n=10000 Suspecting: r381601 ? Good build: 51.0.2680.0 Bad build: 51.0.2681.0 Note: Above issue is not reproducible on chromium build.
,
May 25 2016
,
May 25 2016
I don't think this has anything to do with site isolation or Nasko's commit, so moving Nasko to cc and tweaking labels. I suspect a server-side change caused this? The interstitial shows for me on M50, and I'm pretty sure it's supposed to. Lucas, is pinning-test.badssl.com supposed to be a pinning violation?
,
May 25 2016
Indeed my change in the range is only removing dead code. It should have no impact on actual functionality.
,
May 25 2016
Yes, https://pinning-test.badssl.com/ is supposed to be a pinning violation. (It has the same purpose as pinningtest.appspot.comm, except that we actually own the site.) `Actual_ssl.png` is the expected behaviour.
,
May 25 2016
Regarding local Chromium builds, please note that normal builds do not enforce HPKP.
,
Dec 9 2016
Security>UX component is deprecated in favor of the Team-Security-UX label |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by vakh@chromium.org
, May 25 2016