New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 629249 link

Starred by 2 users
Status: Fixed
Owner:
eroman@chromium.org
Closed: Sep 2017
Cc:
svaldez@chromium.org
rsleevi@chromium.org
dadrian@google.com
davidcad...@gmail.com
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Unify OCSPVerifyResult with GetOCSPCertStatus

Project Member Reported by dadrian@google.com, Jul 18 2016 
In parse_ocsp.h, GetOCSPCertStatus() is largely unusable outside of cert/internal, since no other part of the code has access to der-encoded TBSCertificates for the issuer and the leaf.

In practice, this means some logic is duplicated between CheckOCSP() in cert_verify_proc.cc, and GetOCSPCertStatus() in parse_ocsp.h.

See also  https://crbug.com/620005
Project Member

Comment 1 by sheriffbot@chromium.org, Jul 19 2016

Labels: Hotlist-Google

Comment 2 by dadrian@google.com, Jul 27 2016

Cc: davidcad...@gmail.com

Comment 3 by eroman@chromium.org, Sep 19 2017

Owner: eroman@chromium.org
Status: Started (was: Untriaged)
Project Member

Comment 4 by bugdroid1@chromium.org, Sep 20 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8673b818ef73ebd85f0637d2710fd38259533edf

commit 8673b818ef73ebd85f0637d2710fd38259533edf
Author: Eric Roman <eroman@chromium.org>
Date: Wed Sep 20 18:57:31 2017

Combine two OCSP checking implementations into one.

Merges CheckOCSP (cert_verify_proc.cc) and GetOCSPCertStatus
(ocsp.cc) into CheckOCSPNoSignatureCheck (ocsp.cc).

The consequence of this merge for cert_verify_proc.cc are:

 * More complete matching of certificate ID - previously only
   checked the serial number, whereas now it checks the issuer name
   and SPKI hash too.

 * Less tolerant of parsing failures. Previously would keep searching
   for match if any OCSPSingleResponse or OCSPCertID failed parsing, now
   short-circuits.

Bug:  629249 , 649000 
Change-Id: I27bbadfc09193529ba029eb16a929d483dee9065
Reviewed-on: https://chromium-review.googlesource.com/673544
Commit-Queue: Eric Roman <eroman@chromium.org>
Reviewed-by: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#503219}
[modify] https://crrev.com/8673b818ef73ebd85f0637d2710fd38259533edf/net/cert/cert_verify_proc.cc
[modify] https://crrev.com/8673b818ef73ebd85f0637d2710fd38259533edf/net/cert/internal/ocsp.cc
[modify] https://crrev.com/8673b818ef73ebd85f0637d2710fd38259533edf/net/cert/internal/ocsp.h
[modify] https://crrev.com/8673b818ef73ebd85f0637d2710fd38259533edf/net/cert/internal/ocsp_unittest.cc
[modify] https://crrev.com/8673b818ef73ebd85f0637d2710fd38259533edf/net/url_request/url_request_unittest.cc

Comment 5 by eroman@chromium.org, Sep 20 2017

Status: Fixed (was: Started)

Sign in to add a comment