New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 642935 link

Starred by 1 user
Status: Fixed
Owner:
sperigo@chromium.org
Last visit > 30 days ago
Closed: Jun 2017
Cc:
mea...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug
Team-Security-UX



Sign in to add a comment

Add HPKP error page to chrome://interstitials

Project Member Reported by lgar...@chromium.org, Aug 31 2016 
https://pinning-test.badssl.com/ doesn't match anything we have on chrome://interstitials

Comment 1 by lgar...@chromium.org, Aug 31 2016

Components: Security>UX

Comment 2 by raymes@chromium.org, Sep 6 2016

Labels: Interstitials

Comment 3 by mea...@chromium.org, Sep 30 2016

Labels: Hotlist-GoodFirstBug

Comment 4 by lgar...@chromium.org, Nov 22 2016

Components: -Security>UX UI>Browser>Interstitials

Comment 5 by lgar...@chromium.org, Dec 7 2016

Labels: -Interstitials

Comment 6 by mea...@chromium.org, Jun 22 2017

Cc: mea...@chromium.org
Labels: OS-All
Owner: sperigo@chromium.org
sperigo: Another one! The idea is to add the custom interstitial at https://pinning-test.badssl.com/ to chrome://interstitials page. The code for chrome://interstitials is at https://cs.chromium.org/chromium/src/chrome/browser/ui/webui/interstitials/interstitial_ui.cc

Comment 7 by sperigo@chromium.org, Jun 23 2017 

Quick question about this! Is the interstitial at https://pinning-test.badssl.com/ not the same as the one at chrome://interstitials/ssl?overridable=0&strict_enforcement=0? What exactly are you hoping for me to add here?

Comment 8 by lgar...@chromium.org, Jun 23 2017 

The error code at chrome://interstitials/ssl?overridable=0&strict_enforcement=0 is NET:ERR_CERT_CONTAINS_ERRORS – it would be good to have one that triggers the NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN directly, in case they ever become different.

Comment 9 by sperigo@chromium.org, Jun 23 2017

Status: Started (was: Assigned)

Comment 10 by sperigo@chromium.org, Jun 27 2017

Status: Fixed (was: Started)
Here are screenshots of the chrome://interstitials page with the new "Pinned certificate error" and the corresponding interstitial that that link opens.
Screenshot from 2017-06-27 11:52:45.png
52.6 KB View Download
Screenshot from 2017-06-27 11:53:07.png
38.2 KB View Download

Comment 11 by lgar...@chromium.org, Jun 27 2017 

Hmm, it seems that the screenshot doesn't show ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN. Could you make sure you have the correct screenshot?

Comment 12 by sperigo@chromium.org, Jun 27 2017 

Sorry about that! Here are screenshots reflecting the correct, fixed behavior:
Screenshot from 2017-06-27 11:52:45.png
52.6 KB View Download
Screenshot from 2017-06-27 15:12:08.png
50.3 KB View Download
Project Member

Comment 13 by bugdroid1@chromium.org, Jun 28 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6022f5947cba1db0d2f7f236d7de307955adf12a

commit 6022f5947cba1db0d2f7f236d7de307955adf12a
Author: sperigo <sperigo@chromium.org>
Date: Wed Jun 28 00:15:49 2017

Add pinned cert interstitial to chrome://interstitials

BUG= 642935 

TEST=Spin up an instance of Chrome and navigate to chrome://interstitials. Click on "Pinned certificate error." A full page interstitial should appear. Check to make sure the header reads "Privacy error" and the error code is "NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN." See also interstitial_ui_browsertest.cc.

Review-Url: https://codereview.chromium.org/2957953002
Cr-Commit-Position: refs/heads/master@{#482810}

[modify] https://crrev.com/6022f5947cba1db0d2f7f236d7de307955adf12a/chrome/browser/ui/webui/interstitials/interstitial_ui.cc
[modify] https://crrev.com/6022f5947cba1db0d2f7f236d7de307955adf12a/chrome/browser/ui/webui/interstitials/interstitial_ui_browsertest.cc
[modify] https://crrev.com/6022f5947cba1db0d2f7f236d7de307955adf12a/components/security_interstitials/core/browser/resources/list_of_interstitials.html

Sign in to add a comment