New issue
Advanced search Search tips

Issue 634443 link

Starred by 5 users

Issue metadata

Status: Fixed
Owner:
Closed: May 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocking:
issue 410574



Sign in to add a comment

[PKI library] Add error information

Project Member Reported by eroman@chromium.org, Aug 4 2016

Issue description

Add finer granularity error information than the boolean success/fail that we have right now.
 
Components: Internals>Network>Certificate

Comment 2 by eroman@chromium.org, Aug 30 2016

Status: Started (was: Assigned)
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 30 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/27e6c32af368dbf07477b9ad81cf87afb5789597

commit 27e6c32af368dbf07477b9ad81cf87afb5789597
Author: eroman <eroman@chromium.org>
Date: Tue Aug 30 04:53:20 2016

Add error information to VerifyCertificateChain().

* Errors are identified by strings
* Errors may contain parameters
* Chain verification may set multiple errors/warnings

This is an initial stab at the problem, and there are multiple TODOs to
follow-up on.

BUG= 634443 

Review-Url: https://codereview.chromium.org/2282183004
Cr-Commit-Position: refs/heads/master@{#415120}

[add] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/cert_errors.cc
[add] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/cert_errors.h
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/path_builder.cc
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/path_builder_unittest.cc
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/path_builder_verify_certificate_chain_unittest.cc
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/test_helpers.cc
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/test_helpers.h
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/verify_certificate_chain.cc
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/verify_certificate_chain.h
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/verify_certificate_chain_typed_unittest.h
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/cert/internal/verify_certificate_chain_unittest.cc
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/README
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/common.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/constrained-non-self-signed-root.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/constrained-root-basic-constraints-ca-false.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/constrained-root-lacks-basic-constraints.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/expired-constrained-root.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/expired-intermediate.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/expired-target.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/expired-unconstrained-root.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-basic-constraints-pathlen-0-self-issued.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-constrained-non-self-signed-root.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-constrained-root-basic-constraints-ca-false.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-constrained-root-lacks-basic-constraints.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-expired-target.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-expired-unconstrained-root.py
[rename] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-not-critical.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-non-critical-extension.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-key-rollover.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-and-intermediate.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-not-end-entity.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-signed-using-ecdsa.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-unconstrained-non-self-signed-root.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-basic-constraints-ca-false.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-lacks-basic-constraints.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-unconstrained-root.py
[rename] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/key-rollover-newchain.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/key-rollover-rolloverchain.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/non-self-signed-root.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-and-intermediate.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-not-end-entity.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/target-wrong-signature.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/unconstrained-non-self-signed-root.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/unconstrained-root-basic-constraints-ca-false.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/unconstrained-root-lacks-basic-constraints.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/violates-pathlen-1-constrained-root.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/data/verify_certificate_chain_unittest/violates-pathlen-1-unconstrained-root.pem
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/net.gypi
[modify] https://crrev.com/27e6c32af368dbf07477b9ad81cf87afb5789597/net/tools/cert_verify_tool/verify_using_path_builder.cc

Project Member

Comment 6 by bugdroid1@chromium.org, Sep 7 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f4b704e4294b678a474a3053cb7244288255c7fe

commit f4b704e4294b678a474a3053cb7244288255c7fe
Author: eroman <eroman@chromium.org>
Date: Wed Sep 07 17:58:39 2016

Add error information to VerifySignedData().

BUG= 634443 

Review-Url: https://codereview.chromium.org/2289363004
Cr-Commit-Position: refs/heads/master@{#416993}

[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/components/cast_certificate/cast_cert_validator.cc
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/components/cast_certificate/cast_crl.cc
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/cert/internal/signature_policy.cc
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/cert/internal/signature_policy.h
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/cert/internal/verify_certificate_chain.cc
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/cert/internal/verify_certificate_chain.h
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/cert/internal/verify_signed_data.cc
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/cert/internal/verify_signed_data.h
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/cert/internal/verify_signed_data_unittest.cc
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem
[modify] https://crrev.com/f4b704e4294b678a474a3053cb7244288255c7fe/net/data/verify_certificate_chain_unittest/target-wrong-signature.pem

Project Member

Comment 8 by bugdroid1@chromium.org, Sep 12 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52

commit 0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52
Author: eroman <eroman@chromium.org>
Date: Mon Sep 12 23:42:01 2016

Add a script to update the expected errors for
net/data/verify_certificate_chain_unittest/* test data.

It works by scraping stdout of a failed unit-test run, and modifying the
.pem ad .py files accordingly.

BUG= 634443 
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2323223002
Cr-Commit-Position: refs/heads/master@{#418106}

[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/common.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-expired-target.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py
[modify] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py
[add] https://crrev.com/0719d9b41fdc1d25eba6e6f2177a3cbd5cc56b52/net/data/verify_certificate_chain_unittest/rebase-errors.py

Project Member

Comment 9 by bugdroid1@chromium.org, Sep 13 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/24da0854378c9640bf9c726a2f067c2e0ba49205

commit 24da0854378c9640bf9c726a2f067c2e0ba49205
Author: eroman <eroman@chromium.org>
Date: Tue Sep 13 00:23:50 2016

Add optional context for certificate errors.

This is done by representing certificate errors as a tree of nodes
rather than a flat sequence.

Errors sharing particular contextual parameters are grouped into the
same parent node.

BUG= 634443 
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2329593002
Cr-Commit-Position: refs/heads/master@{#418118}

[add] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/cert_error_id.cc
[add] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/cert_error_id.h
[add] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/cert_error_params.cc
[add] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/cert_error_params.h
[add] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/cert_error_scoper.cc
[add] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/cert_error_scoper.h
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/cert_errors.cc
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/cert_errors.h
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/signature_policy.cc
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/verify_certificate_chain.cc
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/verify_certificate_chain.h
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/cert/internal/verify_signed_data.cc
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/expired-intermediate.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/expired-target.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-expired-target.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/target-wrong-signature.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/data/verify_certificate_chain_unittest/violates-pathlen-1-constrained-root.pem
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/net.gypi
[modify] https://crrev.com/24da0854378c9640bf9c726a2f067c2e0ba49205/net/tools/cert_verify_tool/verify_using_path_builder.cc

Project Member

Comment 10 by bugdroid1@chromium.org, Sep 14 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4f645670f68480c6c78b09b67788942d632937d5

commit 4f645670f68480c6c78b09b67788942d632937d5
Author: eroman <eroman@chromium.org>
Date: Wed Sep 14 16:36:45 2016

Add CertErrors* parameter to the main Certificate parsing functions.

This just updates the interface and callers. Actually emitting errors
in the underlying implementation will be a different CL.

BUG= 634443 

Review-Url: https://codereview.chromium.org/2327973002
Cr-Commit-Position: refs/heads/master@{#418586}

[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/components/cast_certificate/cast_cert_validator.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/components/cast_certificate/cast_cert_validator_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/components/cast_certificate/cast_crl.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/components/cast_certificate/cast_crl_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/cert_issuer_source_aia.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/cert_issuer_source_aia_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/cert_issuer_source_static_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/parse_certificate.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/parse_certificate.h
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/parse_certificate_fuzzer.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/parse_certificate_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/parse_ocsp_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/parsed_certificate.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/parsed_certificate.h
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/path_builder_pkits_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/path_builder_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/test_helpers.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/trust_store_nss.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/x509_util.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/cert/x509_util_openssl.cc
[modify] https://crrev.com/4f645670f68480c6c78b09b67788942d632937d5/net/tools/cert_verify_tool/verify_using_path_builder.cc

Project Member

Comment 11 by bugdroid1@chromium.org, Sep 14 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4c511204009505c9bc9193785ea3c109a4e2a227

commit 4c511204009505c9bc9193785ea3c109a4e2a227
Author: eroman <eroman@chromium.org>
Date: Wed Sep 14 16:57:16 2016

Harden an API that takes base::StringPiece to give a compile error if
ever a naked const char* is passed in.

I hit this bug while doing a refactor, so ensuring it can't happen
again for this callsite seems prudent.

BUG= 634443 

Review-Url: https://codereview.chromium.org/2331323005
Cr-Commit-Position: refs/heads/master@{#418593}

[modify] https://crrev.com/4c511204009505c9bc9193785ea3c109a4e2a227/net/cert/internal/parsed_certificate.h

Project Member

Comment 13 by bugdroid1@chromium.org, Sep 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c25f07964b8d1692816343ac50ff1668c255ac4d

commit c25f07964b8d1692816343ac50ff1668c255ac4d
Author: eroman <eroman@chromium.org>
Date: Fri Sep 16 22:12:14 2016

Generalize rebase-errors.py so it works for other files.

BUG= 634443 

Review-Url: https://codereview.chromium.org/2346663002
Cr-Commit-Position: refs/heads/master@{#419295}

[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/cert/internal/path_builder_unittest.cc
[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/cert/internal/path_builder_verify_certificate_chain_unittest.cc
[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/cert/internal/test_helpers.cc
[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/cert/internal/test_helpers.h
[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/cert/internal/trust_store_collection_unittest.cc
[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/cert/internal/trust_store_nss_unittest.cc
[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/cert/internal/verify_certificate_chain_typed_unittest.h
[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/cert/internal/verify_certificate_chain_unittest.cc
[modify] https://crrev.com/c25f07964b8d1692816343ac50ff1668c255ac4d/net/data/verify_certificate_chain_unittest/rebase-errors.py

Project Member

Comment 14 by bugdroid1@chromium.org, Sep 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1bc2ed3679476ce691fd1fe66dfd3f1b9d00090d

commit 1bc2ed3679476ce691fd1fe66dfd3f1b9d00090d
Author: eroman <eroman@chromium.org>
Date: Fri Sep 16 22:26:01 2016

Remove the externs for VerifyCertificateChain()'s errors.

These are not ready to be exposed as API yet, as the structure and types
of errors is still being adjusted.

They aren't needed for testing either, since it is using text
comparisons.

BUG= 634443 

Review-Url: https://codereview.chromium.org/2342973003
Cr-Commit-Position: refs/heads/master@{#419300}

[modify] https://crrev.com/1bc2ed3679476ce691fd1fe66dfd3f1b9d00090d/net/cert/internal/verify_certificate_chain.cc
[modify] https://crrev.com/1bc2ed3679476ce691fd1fe66dfd3f1b9d00090d/net/cert/internal/verify_certificate_chain.h

Project Member

Comment 15 by bugdroid1@chromium.org, Sep 17 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cb1ac1c66d18819f7e76d9b8c00117939612e132

commit cb1ac1c66d18819f7e76d9b8c00117939612e132
Author: eroman <eroman@chromium.org>
Date: Sat Sep 17 00:28:49 2016

Add error details to ParseCertificate test data.

BUG= 634443 

Review-Url: https://codereview.chromium.org/2337373003
Cr-Commit-Position: refs/heads/master@{#419346}

[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/cert/internal/parse_certificate.cc
[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/cert/internal/parse_certificate_unittest.cc
[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/data/parse_certificate_unittest/cert_algorithm_not_sequence.pem
[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/data/parse_certificate_unittest/cert_data_after_signature.pem
[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/data/parse_certificate_unittest/cert_empty_sequence.pem
[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/data/parse_certificate_unittest/cert_missing_signature.pem
[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/data/parse_certificate_unittest/cert_not_sequence.pem
[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/data/parse_certificate_unittest/cert_signature_not_bit_string.pem
[modify] https://crrev.com/cb1ac1c66d18819f7e76d9b8c00117939612e132/net/data/verify_certificate_chain_unittest/rebase-errors.py

Project Member

Comment 17 by bugdroid1@chromium.org, Sep 19 2016

Project Member

Comment 20 by bugdroid1@chromium.org, Sep 23 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/07f7dafbfff3d483be66ddd85e1ed516f162e744

commit 07f7dafbfff3d483be66ddd85e1ed516f162e744
Author: eroman <eroman@chromium.org>
Date: Fri Sep 23 01:07:45 2016

Convert tests that parse a BasicConstraints value to instead
parse an entire Certificate.

(Part of a series of changes for simplifying the parsing tests to be in
terms of just certificates for consistent entry point and expectations)

BUG= 634443 

Review-Url: https://codereview.chromium.org/2359003003
Cr-Commit-Position: refs/heads/master@{#420524}

[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/cert/internal/parse_certificate_unittest.cc
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_ca_false.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_ca_no_path.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_ca_path_9.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_negative_path.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_not_ca.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_path_too_large.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_pathlen_255.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_pathlen_256.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_pathlen_not_ca.pem
[modify] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/basic_constraints_unconsumed_data.pem
[add] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py
[add] https://crrev.com/07f7dafbfff3d483be66ddd85e1ed516f162e744/net/data/parse_certificate_unittest/v3_certificate_template.txt

Project Member

Comment 21 by bugdroid1@chromium.org, Sep 23 2016

Project Member

Comment 22 by bugdroid1@chromium.org, Sep 23 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3

commit c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3
Author: eroman <eroman@chromium.org>
Date: Fri Sep 23 20:08:54 2016

Convert tests that parse an Extensions sequence to instead
parse an entire Certificate.

(Part of a series of changes for simplifying the parsing tests to be in
terms of just certificates for consistent entry point and expectations)

BUG= 634443 

Review-Url: https://codereview.chromium.org/2361233002
Cr-Commit-Position: refs/heads/master@{#420709}

[modify] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/cert/internal/parse_certificate_unittest.cc
[add] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/extended_key_usage.pem
[delete] https://crrev.com/77d78ea609d82f419d35911ad4d6cedef30ef00a/net/data/parse_certificate_unittest/extensions_basic_constraints.pem
[modify] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/extensions_data_after_sequence.pem
[modify] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/extensions_duplicate_key_usage.pem
[modify] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/extensions_empty_sequence.pem
[delete] https://crrev.com/77d78ea609d82f419d35911ad4d6cedef30ef00a/net/data/parse_certificate_unittest/extensions_extended_key_usage.pem
[delete] https://crrev.com/77d78ea609d82f419d35911ad4d6cedef30ef00a/net/data/parse_certificate_unittest/extensions_key_usage.pem
[modify] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/extensions_not_sequence.pem
[delete] https://crrev.com/77d78ea609d82f419d35911ad4d6cedef30ef00a/net/data/parse_certificate_unittest/extensions_policies.pem
[modify] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/extensions_real.pem
[delete] https://crrev.com/77d78ea609d82f419d35911ad4d6cedef30ef00a/net/data/parse_certificate_unittest/extensions_subject_alt_name.pem
[delete] https://crrev.com/77d78ea609d82f419d35911ad4d6cedef30ef00a/net/data/parse_certificate_unittest/extensions_unknown_critical.pem
[delete] https://crrev.com/77d78ea609d82f419d35911ad4d6cedef30ef00a/net/data/parse_certificate_unittest/extensions_unknown_non_critical.pem
[add] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/key_usage.pem
[add] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/policies.pem
[add] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/subject_alt_name.pem
[modify] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/data/parse_certificate_unittest/v3_certificate_template.txt
[modify] https://crrev.com/c7d0f8db7ae70e9b68545deaf3bb2145b7366bd3/net/net.gypi

Project Member

Comment 23 by bugdroid1@chromium.org, Mar 23 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/23885b6eeb422241f91094c808fdcc9ce5f80eb3

commit 23885b6eeb422241f91094c808fdcc9ce5f80eb3
Author: eroman <eroman@chromium.org>
Date: Thu Mar 23 23:30:18 2017

Improvements to the net/cert/internal error handling.

 * Don't short-circuit on the first error in VerifyCertificateChain().
   This way multiple errors can be accumulated and reported.

 * Remove the CertErrorScoper class, which was an overly complicated
   abstraction only being used to bucket errors per certificate. Instead
   do this directly by creating separate error stores.

BUG= 634443 

Review-Url: https://codereview.chromium.org/2759023002
Cr-Commit-Position: refs/heads/master@{#459278}

[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/BUILD.gn
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/cert_verify_proc_builtin.cc
[delete] https://crrev.com/6e421c60e822ffaba52747b847bd4a72df4f82d8/net/cert/internal/cert_error_scoper.cc
[delete] https://crrev.com/6e421c60e822ffaba52747b847bd4a72df4f82d8/net/cert/internal/cert_error_scoper.h
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/cert_errors.cc
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/cert_errors.h
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/path_builder.cc
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/path_builder.h
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/path_builder_unittest.cc
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/verify_certificate_chain.cc
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/verify_certificate_chain.h
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/verify_certificate_chain_pkits_unittest.cc
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/cert/internal/verify_certificate_chain_unittest.cc
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/parse_certificate_unittest/cert_algorithm_not_sequence.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/parse_certificate_unittest/cert_data_after_signature.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/parse_certificate_unittest/cert_empty_sequence.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/parse_certificate_unittest/cert_missing_signature.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/parse_certificate_unittest/cert_not_sequence.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/parse_certificate_unittest/cert_signature_not_bit_string.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/parse_certificate_unittest/tbs_v3_data_after_extensions.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/expired-intermediate.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/expired-target.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-expired-target.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/rebase-errors.py
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/target-wrong-signature.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/data/verify_certificate_chain_unittest/violates-pathlen-1-constrained-root.pem
[modify] https://crrev.com/23885b6eeb422241f91094c808fdcc9ce5f80eb3/net/tools/cert_verify_tool/verify_using_path_builder.cc

Status: Fixed (was: Started)
Project Member

Comment 25 by bugdroid1@chromium.org, Aug 2 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7b45a27c473f13756026dd4d066bb42529c694cb

commit 7b45a27c473f13756026dd4d066bb42529c694cb
Author: Eric Roman <eroman@chromium.org>
Date: Wed Aug 02 03:21:44 2017

Add more certificate parsing errors.

Bug:  634443 
Change-Id: Ibb03ad7dcede776c4b97ba839107d4ec916b6235
Reviewed-on: https://chromium-review.googlesource.com/596516
Commit-Queue: Eric Roman <eroman@chromium.org>
Reviewed-by: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491248}
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/BUILD.gn
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/certificate_policies.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/certificate_policies.h
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/certificate_policies_unittest.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/name_constraints.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/name_constraints.h
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/name_constraints_unittest.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/parse_certificate.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/parsed_certificate.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/parsed_certificate_unittest.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/verify_certificate_chain.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/verify_name_match.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/verify_name_match.h
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/verify_name_match_normalizename_fuzzer.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/internal/verify_name_match_unittest.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/x509_certificate_bytes.cc
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/cert/x509_util.cc
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/bad_key_usage.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/bad_policy_qualifiers.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/bad_signature_algorithm_oid.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/bad_validity.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/basic_constraints_negative_path.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/basic_constraints_path_too_large.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/basic_constraints_pathlen_256.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/basic_constraints_unconsumed_data.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/extension_critical_0.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/extension_critical_3.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/extensions_data_after_sequence.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/extensions_duplicate_key_usage.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/extensions_empty_sequence.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/extensions_not_sequence.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/failed_signature_algorithm.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/issuer_bad_printable_string.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/name_constraints_bad_ip.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/policy_constraints_empty.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/policy_qualifiers_empty_sequence.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/rebase-errors.py
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/serial_37_bytes.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/serial_zero_padded_21_bytes.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/subject_blank_subjectaltname_not_critical.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/subject_not_ascii.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/subject_not_printable_string.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/subjectaltname_bad_ip.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/subjectaltname_dns_not_ascii.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/subjectaltname_general_names_empty_sequence.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/subjectaltname_trailing_data.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/tbs_explicit_v1.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/tbs_v1_extensions.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/tbs_v2_extensions.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/tbs_v4.pem
[modify] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/tbs_validity_relaxed.pem
[add] https://crrev.com/7b45a27c473f13756026dd4d066bb42529c694cb/net/data/parse_certificate_unittest/v1_explicit_version.pem

Project Member

Comment 26 by bugdroid1@chromium.org, Aug 2 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/10570781a35945d5f833f423ca3940bc81bd7c0d

commit 10570781a35945d5f833f423ca3940bc81bd7c0d
Author: Eric Roman <eroman@chromium.org>
Date: Wed Aug 02 20:03:28 2017

Add some extra certificate parsing errors for policy qualifiers.

Bug:  634443 
Change-Id: I415c4d968b29325307401bf1c8b23c24ba977d37
Reviewed-on: https://chromium-review.googlesource.com/597409
Reviewed-by: Matt Mueller <mattm@chromium.org>
Commit-Queue: Eric Roman <eroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491478}
[modify] https://crrev.com/10570781a35945d5f833f423ca3940bc81bd7c0d/net/cert/internal/certificate_policies.cc
[modify] https://crrev.com/10570781a35945d5f833f423ca3940bc81bd7c0d/net/cert/internal/parsed_certificate_unittest.cc
[modify] https://crrev.com/10570781a35945d5f833f423ca3940bc81bd7c0d/net/data/parse_certificate_unittest/bad_policy_qualifiers.pem

Project Member

Comment 27 by bugdroid1@chromium.org, Aug 3 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5d1934620f1e5ba5750a06e58ce971e8d0360c4c

commit 5d1934620f1e5ba5750a06e58ce971e8d0360c4c
Author: Eric Roman <eroman@chromium.org>
Date: Thu Aug 03 03:57:09 2017

Add more granular errors for invalid certificate serial numbers.

Bug:  634443 
Change-Id: If3c5536cf0dba79a14f092f9dafb701668f6c46a
Reviewed-on: https://chromium-review.googlesource.com/599327
Commit-Queue: Eric Roman <eroman@chromium.org>
Reviewed-by: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491640}
[modify] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/BUILD.gn
[modify] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/cert/internal/parse_certificate.cc
[modify] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/cert/internal/parse_certificate.h
[modify] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/cert/internal/parse_ocsp.cc
[modify] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/cert/internal/parsed_certificate_unittest.cc
[modify] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/data/parse_certificate_unittest/serial_37_bytes.pem
[modify] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/data/parse_certificate_unittest/serial_negative.pem
[add] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/data/parse_certificate_unittest/serial_not_minimal.pem
[add] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/data/parse_certificate_unittest/serial_not_number.pem
[add] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/data/parse_certificate_unittest/serial_zero.pem
[modify] https://crrev.com/5d1934620f1e5ba5750a06e58ce971e8d0360c4c/net/data/parse_certificate_unittest/serial_zero_padded_21_bytes.pem

Sign in to add a comment