New issue
Advanced search Search tips

Issue 622965 link

Starred by 3 users
Status: Fixed
Owner:
rch@chromium.org
Closed: Jun 2016
Cc:
rsleevi@chromium.org
eranm@chromium.org
asymmetric@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

QUIC client failing on every request due to CT Policy Enforcer

Reported by martense...@gmail.com, Jun 24 2016 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.4 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.4

Example URL:

Steps to reproduce the problem:
1. Use the current version of the quic_client to get the contents of https://www.google.com (or any other QUIC-enabled server).

What is the expected behavior?
It should establish the connection and fetch the requested document.

What went wrong?
Running ./quic_client --v=1 https://www.google.com --quic-version=34 results in the following output:

[0624/102213:VERBOSE1:quic_simple_client_bin.cc(200)] server host:  port: 0 body:  headers:  quiet: 0 quic-version: 34 version_mismatch_ok: 0 redirect_is_success: 1 initial_mtu: 0
[0624/102213:VERBOSE1:quic_simple_client_bin.cc(237)] Resolved www.google.com to 113.171.244.108:0

[0624/102213:FATAL:proof_verifier_chromium.cc(449)] Check failed: ct_policy_enforcer_.
0   quic_client                         0x000000010f590e2e _ZN4base5debug10StackTraceC2Ev + 30
1   quic_client                         0x000000010f590e95 _ZN4base5debug10StackTraceC1Ev + 21
2   quic_client                         0x000000010f5e8ad0 _ZN7logging10LogMessageD2Ev + 80
3   quic_client                         0x000000010f5e66e5 _ZN7logging10LogMessageD1Ev + 21
4   quic_client                         0x000000010faa3794 _ZN3net21ProofVerifierChromiumC2EPNS_12CertVerifierEPNS_16CTPolicyEnforcerEPNS_22TransportSecurityStateEPNS_10CTVerifierE + 580
5   quic_client                         0x000000010faa3995 _ZN3net21ProofVerifierChromiumC1EPNS_12CertVerifierEPNS_16CTPolicyEnforcerEPNS_22TransportSecurityStateEPNS_10CTVerifierE + 53
6   quic_client                         0x000000010f54c784 main + 9476
7   quic_client                         0x000000010f54a274 start + 52

Did this work before? Yes every revision before d6de830

Chrome version: <Copy from: 'about:version'>  Channel: n/a
OS Version: OS X 10.11.6
Flash Version: Shockwave Flash 22.0 r0

I think that crrev.com/d6de8300 added the check, building any revision before that works, and any revision after that causes the crash.

Comment 1 by mmenke@chromium.org, Jun 24 2016

Components: -Internals>Network Internals>Network>QUIC Internals>Network>CertTrans
Owner: rsleevi@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 2 by rsleevi@chromium.org, Jun 24 2016

Cc: rch@chromium.org
rch: Before I go making CLs, is this a supported client? Can we remove this code if it's not being exercised by the waterfall at all?

Comment 3 by martense...@gmail.com, Jun 25 2016 

It's a client used for testing the QUIC protocol, see https://www.chromium.org/quic/playing-with-quic.

Comment 4 by rsleevi@chromium.org, Jun 25 2016 

I'm asking if it's still currently supported, given that it has no waterfall tests. If it isn't, we should delete the code, rather than fix (it's a 4 line fix).

Comment 5 by rch@chromium.org, Jun 26 2016 

Yes, it is a supported client which we use in the instructions here: http://www.chromium.org/quic/playing-with-quic

I don't think I understand the failure, though. The quic_client uses the same proof verifier that Chrome uses. And the quic_client is used in a number of tests (net/tools/quic_end_to_end_test.cc). Obviously, we don't have coverage that triggers this error, though. :> Can you say more?

Comment 6 by rch@chromium.org, Jun 26 2016 

Oh, the failure is that not policy enforcer is being passed into the proof verifier. I see. Hm. Yeah, we don't have waterfall tests of the actual client_bin.cc. Guess it's time to fix that.

Comment 7 by rch@chromium.org, Jun 26 2016 

err, s/not/no/

Comment 8 Deleted

Comment 9 by rshibuya...@gmail.com, Jun 27 2016 

Hi,
I just started to play around QUIC. I have built quic_server/client as documented at http://www.chromium.org/quic/playing-with-quic and run the programs.
Then I got exactly same failure.

The root cause looks like that net::ProofVerifierChromium::ProofVerifierChromium() doesn't accept nullptr as CTPolicyEnforcer*.

In my case, the issue is resolved by the change as following:
$ git diff 
diff --git a/net/tools/quic/quic_simple_client_bin.cc b/net/tools/quic/quic_simple_client_bin.cc
index 04f95f4..d71ac90 100644
--- a/net/tools/quic/quic_simple_client_bin.cc
+++ b/net/tools/quic/quic_simple_client_bin.cc
@@ -252,9 +252,11 @@ int main(int argc, char* argv[]) {
   std::unique_ptr<TransportSecurityState> transport_security_state(
       new TransportSecurityState);
   std::unique_ptr<CTVerifier> ct_verifier(new MultiLogCTVerifier());
+  std::unique_ptr<net::CTPolicyEnforcer> ct_policy_enforcer(
+      new net::CTPolicyEnforcer());
   ProofVerifierChromium* proof_verifier = new ProofVerifierChromium(
-      cert_verifier.get(), nullptr, transport_security_state.get(),
-      ct_verifier.get());
+      cert_verifier.get(), ct_policy_enforcer.get(),
+      transport_security_state.get(), ct_verifier.get());
   net::QuicSimpleClient client(net::IPEndPoint(ip_addr, port), server_id,
                                versions, proof_verifier);
   client.set_initial_max_packet_length(

Comment 10 by rch@chromium.org, Jun 27 2016 

I'm landing a fix in https://codereview.chromium.org/2094413002/

Comment 11 by rsleevi@chromium.org, Jun 28 2016

Cc: -rch@chromium.org rsleevi@chromium.org
Labels: -OS-Mac M-53 OS-All
Owner: rch@chromium.org
Status: Fixed (was: Assigned)
RCH landed https://codereview.chromium.org/2094413002/ but I have no idea why Bugdroid didn't tell everyone.

Anyways, it should be fixed now?

Sign in to add a comment