New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 653825 link

Starred by 1 user
Status: Fixed
Owner:
eranm@chromium.org
Closed: Oct 2016
Cc:
rsleevi@chromium.org
robpercival@chromium.org
eranm@chromium.org
asymmetric@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Cleanup: Make CTVerifier take a list of SCTs

Project Member Reported by eranm@chromium.org, Oct 7 2016 
The CTVerifier instance currently takes, as an output parameter, CTVerifyResult.

However the only field accessed by the MultiLogCTVerifier is the scts.

Since the MultiLogCTVerifier cannot determine compliance with various policies (which are the other fields in CTVerifyResult), it should only take an output parameter of type SignedCertificateTimestampAndStatusList.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 10 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4

commit dcec963661499b7e6cb04cb2ecbec343b8ffc2a4
Author: eranm <eranm@chromium.org>
Date: Mon Oct 10 14:16:10 2016

Cleanup: More accurate output parameter type for CTVerifier

The CTVerifier interface took a CTVerifyResult* as an output parameter.
This change replaces the output parameter with
SignedCertificateTimestampAndStatusList*, which is the only output all
implementations of the CTVerifier interface could provide.

Other fields in the CTVerifyResult struct are filled in by other entities
and CTVerifier implementations have no ability to fill them in (or any
need to access them at all).
So it is cleaner, and more conservative, to only provide the SCT List
to be filled to the CTVerifier.

BUG= 653825 

Review-Url: https://codereview.chromium.org/2400183002
Cr-Commit-Position: refs/heads/master@{#424146}

[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/cert/ct_signed_certificate_timestamp_log_param.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/cert/ct_signed_certificate_timestamp_log_param.h
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/cert/ct_verifier.h
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/cert/multi_log_ct_verifier.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/cert/multi_log_ct_verifier.h
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/cert/multi_log_ct_verifier_unittest.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/quic/chromium/crypto/proof_verifier_chromium.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/quic/chromium/crypto/proof_verifier_chromium_test.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/socket/ssl_client_socket_unittest.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/socket/ssl_server_socket_unittest.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/spdy/spdy_test_util_common.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/test/ct_test_util.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/test/ct_test_util.h
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/net/url_request/url_request_unittest.cc
[modify] https://crrev.com/dcec963661499b7e6cb04cb2ecbec343b8ffc2a4/remoting/protocol/ssl_hmac_channel_authenticator.cc

Comment 2 by eranm@chromium.org, Oct 10 2016

Status: Fixed (was: Assigned)

Sign in to add a comment