New issue
Advanced search Search tips

Issue 620797 link

Starred by 2 users
Status: Duplicate
Owner:
marq@chromium.org
Closed: Oct 2016
Cc:
est...@chromium.org
eugene...@chromium.org
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 3
Type: Bug



Sign in to add a comment

iOS computes CERT_STATUS_NON_UNIQUE_NAME in a weird way

Project Member Reported by rsleevi@chromium.org, Jun 16 2016 
See https://cs.chromium.org/chromium/src/ios/web/net/request_tracker_impl.mm?rcl=0&l=272

  if (status_.cert_status & net::CERT_STATUS_COMMON_NAME_INVALID) {
    // CAs issue certificates for intranet hosts to everyone.  Therefore, we
    // mark intranet hosts as being non-unique.
    if (IsIntranetHost(url_.host())) {
      status_.cert_status |= net::CERT_STATUS_NON_UNIQUE_NAME;
    }
  }


It's unclear what this snippet of code is trying to do. It triggers only for certificates with mismatched names, which isn't what CERT_STATUS_NON_UNIQUE_NAME is coupled to. It then uses IsIntranetHost() vs other platforms' use of IsHostnameNonUnique() - meaning it only triggers on 'dotless' domains, rather than what other platforms do, which is on any IANA reserved name or IP.

Comment 1 by eugene...@chromium.org, Jun 16 2016

Cc: eugene...@chromium.org
Owner: marq@chromium.org
Status: Assigned (was: Untriaged)
RequestTracker was created for UIWebView and we plan to get rid of it. I think this code is not currently executed on iOS, but Mark would be a better person to provide a judgement.

Mark, should this be a dup of crbug.com/585700?

Comment 2 by eroman@chromium.org, Jun 21 2016

Components: -Internals>Network>SSL Internals>Network>Certificate

Comment 3 by marq@chromium.org, Oct 15 2016

Mergedinto: 585700
Status: Duplicate (was: Assigned)

Comment 4 by lgar...@chromium.org, Nov 22 2016

Components: -Security>UX
Labels: Team-Security-UX

Sign in to add a comment