New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 634553 link

Starred by 3 users
Status: Fixed
Owner:
f...@chromium.org
(slow to respond to bugs. if it's i...
Closed: Aug 2016
Cc:
jww@chromium.org
est...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Stop revoking cert exceptions on resources loaded from memory cache

Project Member Reported by est...@chromium.org, Aug 5 2016 
Chrome's current policy is to remember certificate click-throughs for a week, but to forget the click-through as soon as it sees a good certificate for the site. SSLPolicy currently forgets certificate click-throughs when it sees a good certificate even from the memory cache. This could be weird; felt@ gave the following example in https://codereview.chromium.org/2214793002/#msg10:

Monday: cert is valid. subresource is cached.
Tuesday: cert expires. user sees and clicks through error.
Wednesday: user goes to a page that loads the cached subresource.

We all agree that it's a bit weird for the cert exception from Tuesday to be removed due to the subresource that was cached on Monday.

We can fix this by simply removing SSLPolicy::DidLoadResourceFromMemoryCache().

Comment 1 by f...@chromium.org, Aug 5 2016

Cc: -f...@chromium.org est...@chromium.org
Owner: f...@chromium.org
Status: Started (was: Assigned)
Project Member

Comment 2 by bugdroid1@chromium.org, Aug 10 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ee3b15d53bf6ca29c026da7153445b51cefceaa8

commit ee3b15d53bf6ca29c026da7153445b51cefceaa8
Author: felt <felt@chromium.org>
Date: Wed Aug 10 18:48:22 2016

Stop revoking cert exceptions on resources loaded from cache

SSLPolicy currently forgets certiciate exceptions when it sees a good
certificate from the cache. This is weird since the cached valid cert
might have been there for longer than the exception. See bug for more
detailed description.

BUG= 634553 
R=jww@chromium.org

Review-Url: https://codereview.chromium.org/2218253002
Cr-Commit-Position: refs/heads/master@{#411105}

[modify] https://crrev.com/ee3b15d53bf6ca29c026da7153445b51cefceaa8/content/browser/ssl/ssl_manager.cc
[modify] https://crrev.com/ee3b15d53bf6ca29c026da7153445b51cefceaa8/content/browser/ssl/ssl_manager.h
[modify] https://crrev.com/ee3b15d53bf6ca29c026da7153445b51cefceaa8/content/browser/ssl/ssl_policy.cc
[modify] https://crrev.com/ee3b15d53bf6ca29c026da7153445b51cefceaa8/content/browser/web_contents/web_contents_impl.cc

Comment 3 by f...@chromium.org, Aug 30 2016

Status: Fixed (was: Started)

Comment 4 by lafo...@chromium.org, Dec 9 2016

Components: -Security>UX
Labels: Team-Security-UX
Security>UX component is deprecated in favor of the Team-Security-UX label

Sign in to add a comment