New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 671420 link

Starred by 10 users
Status: Fixed
Owner:
mattm@chromium.org
Closed: Sep 2017
Cc:
davidben@chromium.org
xunji...@chromium.org
ssid@chromium.org
agl@chromium.org
dskiba@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug

Blocked on:
issue 394131
Blocking:
issue 59847
issue 706445
issue 524258
issue 620852
issue 704024



Sign in to add a comment

Represent certificates using CRYPTO_BUFFER.

Project Member Reported by davidben@chromium.org, Dec 6 2016 
I'll try to transcribe details later (probably want a public doc and Intent to Implement mail so folks know about the temporary preprocessor #ifdef when we get there). Filing this so we can cite it in bugs:

Certificates are currently represented in-memory as some combination of:

- X509* if owned by BoringSSL (SSL and SSL_SESSION).
- OSCertHandle elsewhere. This, on Android, is an X509* and an OS handle elsewhere.

The OS handles are decent memory-wise, but they don't get deduplicated with the session cache and can't be used in the sandbox.

OpenSSL's legacy X509* object is horrid. Instrumenting allocations from a few sample certificates suggest a freshly-parsed[*] X509* retains about 100 malloc'd objects totaling 4-5x the size of the original byte string. This is nuts. Parsing is also expensive, which has showed up on loading resources from cache.

Replace everything with BoringSSL's new CRYPTO_BUFFER type which should fix all of this.

[*] An X509* additionally has some lazily-computed cached objects hanging off of it. If we hit codepaths that instantiates those, it will be even worse.

Comment 1 by xunji...@chromium.org, Dec 6 2016

Blocking: 620852
Project Member

Comment 2 by bugdroid1@chromium.org, Dec 13 2016 

The following revision refers to this bug:
  https://boringssl.googlesource.com/boringssl.git/+/68e7124ddf3680302650b7c10cccdef039a72202

commit 68e7124ddf3680302650b7c10cccdef039a72202
Author: Adam Langley <agl@google.com>
Date: Mon Dec 12 19:06:16 2016

Hold certificates in an SSL_SESSION as CRYPTO_BUFFERSs as well.

This change adds a STACK_OF(CRYPTO_BUFFER) to an SSL_SESSION which
contains the raw form of the received certificates. The X509-based
members still exist, but their |enc| buffer will alias the
CRYPTO_BUFFERs.

(This is a second attempt at
https://boringssl-review.googlesource.com/#/c/12163/.)

BUG= chromium:671420 

Change-Id: I508a8a46cab89a5a3fcc0c1224185d63e3d59cb8
Reviewed-on: https://boringssl-review.googlesource.com/12705
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

[modify] https://crrev.com/68e7124ddf3680302650b7c10cccdef039a72202/include/openssl/ssl.h
[modify] https://crrev.com/68e7124ddf3680302650b7c10cccdef039a72202/ssl/handshake_client.c
[modify] https://crrev.com/68e7124ddf3680302650b7c10cccdef039a72202/ssl/handshake_server.c
[modify] https://crrev.com/68e7124ddf3680302650b7c10cccdef039a72202/ssl/internal.h
[modify] https://crrev.com/68e7124ddf3680302650b7c10cccdef039a72202/ssl/ssl_asn1.c
[modify] https://crrev.com/68e7124ddf3680302650b7c10cccdef039a72202/ssl/ssl_cert.c
[modify] https://crrev.com/68e7124ddf3680302650b7c10cccdef039a72202/ssl/ssl_session.c
[modify] https://crrev.com/68e7124ddf3680302650b7c10cccdef039a72202/ssl/tls13_both.c
Project Member

Comment 3 by bugdroid1@chromium.org, Dec 13 2016 

The following revision refers to this bug:
  https://boringssl.googlesource.com/boringssl.git/+/d519bf6be0b447fb80fbc539d4bff4479b5482a2

commit d519bf6be0b447fb80fbc539d4bff4479b5482a2
Author: Adam Langley <agl@google.com>
Date: Mon Dec 12 19:16:44 2016

Add |SSL_CTX_set0_buffer_pool|.

This currently only works for certificates parsed from the network, but
if making several connections that share certificates, some KB of memory
might be saved.

BUG= chromium:671420 

Change-Id: I1c7a71d84e1976138641f71830aafff87f795f9d
Reviewed-on: https://boringssl-review.googlesource.com/12706
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/include/openssl/ssl.h
[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/ssl/handshake_client.c
[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/ssl/handshake_server.c
[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/ssl/internal.h
[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/ssl/ssl_asn1.c
[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/ssl/ssl_cert.c
[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/ssl/ssl_lib.c
[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/ssl/test/bssl_shim.cc
[modify] https://crrev.com/d519bf6be0b447fb80fbc539d4bff4479b5482a2/ssl/tls13_both.c

Comment 4 by davidben@chromium.org, Jan 11 2017

Cc: davidben@chromium.org
Owner: agl@chromium.org
Status: Started (was: Untriaged)
I'll set this as assigned to Adam since he's been doing most of it and me explicitly CC'd, so it doesn't look like the bug isn't being worked on. Though we tend to do a lot of things on an ad-hoc "whoever beats the other to the next task" basis.
Project Member

Comment 5 by bugdroid1@chromium.org, Jan 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b8c51582342eecea141ffaf98e90561670f1d491

commit b8c51582342eecea141ffaf98e90561670f1d491
Author: davidben <davidben@chromium.org>
Date: Wed Jan 11 23:18:13 2017

Query the certificate size with CRYPTO_BUFFER in SSLClientSessionCache.

This removes the access to x509_chain in Chromium which crept in.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2626113002
Cr-Commit-Position: refs/heads/master@{#443050}

[modify] https://crrev.com/b8c51582342eecea141ffaf98e90561670f1d491/net/ssl/ssl_client_session_cache.cc

Comment 6 by ssid@chromium.org, Jan 23 2017

Cc: ssid@chromium.org
Project Member

Comment 7 by bugdroid1@chromium.org, Jan 27 2017 

The following revision refers to this bug:
  https://boringssl.googlesource.com/boringssl.git/+/3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd

commit 3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd
Author: Adam Langley <agl@google.com>
Date: Tue Jan 24 21:59:42 2017

Don't use |X509| objects in |CERT|, by default.

This change converts the |CERT| struct to holding certificates as binary
blobs, rather than in parsed form. The members for holding the parsed
form are still there, however, but are only used as a cache for the
event that someone asks us for a non-owning pointer to the parsed leaf
or chain.

Next steps:
  * Move more functions in to ssl_x509.c
  * Create an X509_OPS struct of function pointers that will hang off
    the |SSL_METHOD| to abstract out the current calls to crypto/x509
    operations.

BUG= chromium:671420 

Change-Id: Ifa05d88c49a987fd561b349705c9c48f106ec868
Reviewed-on: https://boringssl-review.googlesource.com/13280
Reviewed-by: Adam Langley <agl@google.com>

[modify] https://crrev.com/3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd/ssl/handshake_server.c
[modify] https://crrev.com/3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd/ssl/internal.h
[modify] https://crrev.com/3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd/ssl/ssl_cert.c
[modify] https://crrev.com/3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd/ssl/ssl_lib.c
[modify] https://crrev.com/3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd/ssl/ssl_rsa.c
[modify] https://crrev.com/3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd/ssl/ssl_x509.c
[modify] https://crrev.com/3a2b47ab5be5c75edacb8cdc246dc2dc8fb2c0cd/ssl/tls13_both.c
Project Member

Comment 8 by bugdroid1@chromium.org, Feb 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bf0fcf111ceab0a9143d75282ced0d4349670e61

commit bf0fcf111ceab0a9143d75282ced0d4349670e61
Author: davidben <davidben@chromium.org>
Date: Fri Feb 10 21:00:34 2017

Add a CRYPTO_BUFFER_POOL to SSLClientSocketImpl.

In anticipation of using it for net::X509Certificate in the future, the
pool lives somewhere in net/cert. Until the rest of the work to remove
switch to CRYPTO_BUFFERs done, this will not be as effective as it could
be.

But, as part of that transition, we have already started using
CRYPTO_BUFFERs in parts of the stack. This allows that portion to be
deduplicated. The (more expensive) portion which isn't deduplicated will
be fixed by removing it altogether.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2682413003
Cr-Commit-Position: refs/heads/master@{#449732}

[modify] https://crrev.com/bf0fcf111ceab0a9143d75282ced0d4349670e61/net/cert/x509_util_openssl.cc
[modify] https://crrev.com/bf0fcf111ceab0a9143d75282ced0d4349670e61/net/cert/x509_util_openssl.h
[modify] https://crrev.com/bf0fcf111ceab0a9143d75282ced0d4349670e61/net/socket/ssl_client_socket_impl.cc
Project Member

Comment 9 by bugdroid1@chromium.org, Feb 23 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ffe62df6448a031aa6449908076d057dd110d562

commit ffe62df6448a031aa6449908076d057dd110d562
Author: xunjieli <xunjieli@chromium.org>
Date: Thu Feb 23 18:22:41 2017

Add a multiplier in tracking certificate memory allocation size

net/ tracks the serialized sizes of a certificates, but the in-memory
representation is much less efficient than that.  crbug.com/671420  is
being worked on to resolve this. Until that is done, estimate the cost
of the in-memory representation with a 4x multiplier.

Note that this CL ignores deduplication/ref-countedness of X509* in
ssl_client_socket_impl.cc. This will overcount memory usage if sockets
share the same certs. Since we allow 6 sockets to the same host, port,
scheme triplet, we can have a fair amount of sharing of certs among
sockets. Therefore, these metrics ("cert_count", "cert_size" and
"undeduped_cert_size") should not be used to make decisions on changing
socket pool behavior.

BUG= 669108 , 671420 

Review-Url: https://codereview.chromium.org/2696403007
Cr-Commit-Position: refs/heads/master@{#452555}

[modify] https://crrev.com/ffe62df6448a031aa6449908076d057dd110d562/net/socket/client_socket_pool_base.cc
[modify] https://crrev.com/ffe62df6448a031aa6449908076d057dd110d562/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/ffe62df6448a031aa6449908076d057dd110d562/net/socket/ssl_client_socket_unittest.cc
[modify] https://crrev.com/ffe62df6448a031aa6449908076d057dd110d562/net/socket/stream_socket.cc
[modify] https://crrev.com/ffe62df6448a031aa6449908076d057dd110d562/net/socket/stream_socket.h
[modify] https://crrev.com/ffe62df6448a031aa6449908076d057dd110d562/net/spdy/spdy_session_pool.cc
[modify] https://crrev.com/ffe62df6448a031aa6449908076d057dd110d562/net/ssl/ssl_client_session_cache.cc
[modify] https://crrev.com/ffe62df6448a031aa6449908076d057dd110d562/net/ssl/ssl_client_session_cache_unittest.cc
Project Member

Comment 10 by bugdroid1@chromium.org, Feb 28 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/50fee4d87b534d63aa9769d1c593c368a320edcd

commit 50fee4d87b534d63aa9769d1c593c368a320edcd
Author: davidben <davidben@chromium.org>
Date: Tue Feb 28 02:12:55 2017

Restore SSL_SESSION/X509Certificate X509* sharing

This effectively reverts https://codereview.chromium.org/2300533002
and replaces it with a smarter X.509 representation. We haven't
gotten rid of X509* completely yet, but we're far enough along there
that we can improve this.

There are three flavors of X509* that Chromium potentially keeps
around in memory:

1. Vanilla X509*. This does not make the full DER form easily
   accessible, but does cache the DER form of the
   TBSCertificate.

2. X509* + DERCache. This is (1) with an extra copy of the
   full DER form accessible. The DER form is accessible (needed
   by lots of things) but we use a bunch more memory.

3. X509* + CRYPTO_BUFFER. This is a smarter version of (2). The
   full DER form is stored in a CRYPTO_BUFFER but rather than
   have it waste memory, we alias the cached TBSCertificate into
   it.

(3) was added early on in switching from X509 to CRYPTO_BUFFER.
When https://codereview.chromium.org/2300533002 was done, (3) did
not exist, so we had this split where X509s hanging off
SSL_SESSION did not need DERCache but net::X509Certificate did.
Sharing the X509* was a nice memory optimization in one direction
(fewer X509s in memory---X509s are really *really* inefficient,
which is one of the motivations in removing them), but at the
cost of stapling DERCache to more things.

Whenever the SSL_SESSION's reference outlives the
net::X509Certificate's reference, 2300533002 is a win. When both
are alive in memory, it is a loss.

Now, every SSL_SESSION-owned X509 is of type (3) anyway, so we can
be smarter. Undo the X509*-side regression and instead just don't
staple DERCache onto X509*s of type (3). They already have a free
DERCache on them. This achieves 2300533002's goals without the
X509* tradeoff.

BUG= 671420 , 642082 

Review-Url: https://codereview.chromium.org/2694903006
Cr-Commit-Position: refs/heads/master@{#453455}

[modify] https://crrev.com/50fee4d87b534d63aa9769d1c593c368a320edcd/net/cert/x509_util_openssl.cc
[modify] https://crrev.com/50fee4d87b534d63aa9769d1c593c368a320edcd/net/socket/ssl_client_socket_impl.cc
Project Member

Comment 12 by bugdroid1@chromium.org, Mar 9 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a35b40c351e773c864301ef0eb075a7eca1a2f2f

commit a35b40c351e773c864301ef0eb075a7eca1a2f2f
Author: davidben <davidben@chromium.org>
Date: Thu Mar 09 17:33:45 2017

Don't use crypto/x509 in SSLClientSocketImpl.

This knocks out one of the two major dependencies on crypto/x509 in
//net. With this, SSL_SESSIONs in the session cache no longer retain the
expensive X509* objects. This is especially exciting on non-Android
platforms where net::X509Certificate already did not use X509*. (On
Android, net::X509Certificate still needs to be rewritten and, in
particular, is retained in the certificate verification cache.)

BUG= 671420 

Review-Url: https://codereview.chromium.org/2728303005
Cr-Commit-Position: refs/heads/master@{#455782}

[modify] https://crrev.com/a35b40c351e773c864301ef0eb075a7eca1a2f2f/net/cert/x509_certificate_openssl.cc
[modify] https://crrev.com/a35b40c351e773c864301ef0eb075a7eca1a2f2f/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/a35b40c351e773c864301ef0eb075a7eca1a2f2f/net/socket/ssl_client_socket_impl.h
[modify] https://crrev.com/a35b40c351e773c864301ef0eb075a7eca1a2f2f/net/ssl/ssl_client_session_cache.cc

Comment 13 by davidben@chromium.org, Mar 9 2017

Cc: dskiba@chromium.org agl@chromium.org
Owner: mattm@chromium.org
Aaaand it's finally out of SSL and SSL_SESSION! dskiba and xunjieli, did we manage to make any dent?

I unfortunately filed this bug too broadly, so assigning it over to mattm now who is working on the net::X509Certificate half. (Or do you all already have a bug for that?)

Comment 15 by davidben@chromium.org, Mar 25 2017

Blocking: 59847
Project Member

Comment 16 by bugdroid1@chromium.org, Mar 28 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5ed988687799ba8050ecda6e69ee3b0702a9b2ae

commit 5ed988687799ba8050ecda6e69ee3b0702a9b2ae
Author: mattm <mattm@chromium.org>
Date: Tue Mar 28 00:45:08 2017

Check X509Certificate::CreateFromHandle result.

Previously CreateFromHandle could not fail, as it assumed creating an OSCertHandle would validate the contents. Any errors during X509Certificate::Initialize were silently ignored. A followup change will expose errors during X509Certificate::Initialize by failing to create an X509Certificate. Further followups will invalidate the assumption that creating an "OSCertHandle" completely parses and validates the certificate data.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2760723002
Cr-Commit-Position: refs/heads/master@{#459955}

[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/cert_verify_proc_android.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/cert_verify_proc_builtin.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/cert_verify_proc_ios.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/cert_verify_proc_mac.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/cert_verify_proc_nss.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/cert_verify_proc_openssl.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/cert_verify_proc_win.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/nss_cert_database.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/x509_certificate.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/cert/x509_certificate.h
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/ssl/client_cert_store_mac.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/ssl/client_cert_store_nss.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/ssl/client_cert_store_win.cc
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp
[modify] https://crrev.com/5ed988687799ba8050ecda6e69ee3b0702a9b2ae/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc

Comment 17 by davidben@chromium.org, Mar 29 2017

Blocking: 706445
Project Member

Comment 18 by bugdroid1@chromium.org, Mar 29 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1c59eda4e5a4c7427f355ed752e94f43561604a3

commit 1c59eda4e5a4c7427f355ed752e94f43561604a3
Author: mattm <mattm@chromium.org>
Date: Wed Mar 29 21:01:21 2017

Make X509Certificate creation fail if X509Certificate::Initialize fails.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2758803003
Cr-Commit-Position: refs/heads/master@{#460535}

[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_certificate.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_certificate.h
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_certificate_ios.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_certificate_mac.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_certificate_nss.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_certificate_openssl.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_certificate_unittest.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_certificate_win.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_util_nss.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/cert/x509_util_nss.h
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/socket/ssl_client_socket_unittest.cc
[modify] https://crrev.com/1c59eda4e5a4c7427f355ed752e94f43561604a3/net/test/embedded_test_server/embedded_test_server_unittest.cc
Project Member

Comment 19 by bugdroid1@chromium.org, Apr 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4cede8d39db10321b053c0d9776cf6b23f290310

commit 4cede8d39db10321b053c0d9776cf6b23f290310
Author: mattm <mattm@chromium.org>
Date: Tue Apr 11 02:55:01 2017

Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types.

(Other platforms will come in later CLs.)

BUG= 671420 

Review-Url: https://codereview.chromium.org/2746103003
Cr-Commit-Position: refs/heads/master@{#463507}

[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/chrome/browser/ui/certificate_viewer_mac.mm
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/BUILD.gn
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/cert_verify_proc_mac.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/internal/parse_name.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/internal/parse_name.h
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/internal/trust_store_mac.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/internal/trust_store_mac_unittest.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/test_root_certs_mac.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_certificate.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_certificate.h
[add] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_certificate_bytes.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_certificate_mac.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_certificate_unittest.cc
[add] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_util_ios.cc
[add] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_util_ios.h
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_util_mac.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/cert/x509_util_mac.h
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/ssl/client_cert_store_mac.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/ssl/ssl_platform_key_mac.cc
[modify] https://crrev.com/4cede8d39db10321b053c0d9776cf6b23f290310/net/ssl/ssl_platform_key_mac_unittest.cc

Comment 20 by mattm@chromium.org, Apr 12 2017

Blockedon: 394131

Comment 21 by davidben@chromium.org, Apr 12 2017

Blockedon: -boringssl:54
I believe this is no longer blocking on BoringSSL crypto/asn1 decouplings, so I'll go ahead and remove that edge. Issue #706445 still cares about it, but that has it's own edge to it.
Project Member

Comment 23 by bugdroid1@chromium.org, Apr 14 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9a1915060877f610870645a720d8d6eb177d0a0e

commit 9a1915060877f610870645a720d8d6eb177d0a0e
Author: nednguyen <nednguyen@google.com>
Date: Fri Apr 14 11:50:07 2017

Revert of Convert android to use X509CertificateBytes instead of X509CertificateOpenSSL. (patchset #9 id:160001 of https://codereview.chromium.org/2786173003/ )

Reason for revert:
Suspect causing ERR_SSL_SERVER_CERT_BAD_FORMAT error on perf tests.

Original issue's description:
> Convert android to use X509CertificateBytes instead of X509CertificateOpenSSL.
>
> BUG= 671420 
>
> Review-Url: https://codereview.chromium.org/2786173003
> Cr-Commit-Position: refs/heads/master@{#464262}
> Committed: https://chromium.googlesource.com/chromium/src/+/0704d236ee706ffb29fc22fd90f99537e7f15673

TBR=davidben@chromium.org,mattm@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG= 671420 

Review-Url: https://codereview.chromium.org/2817053003
Cr-Commit-Position: refs/heads/master@{#464715}

[modify] https://crrev.com/9a1915060877f610870645a720d8d6eb177d0a0e/net/BUILD.gn
[modify] https://crrev.com/9a1915060877f610870645a720d8d6eb177d0a0e/net/cert/ct_objects_extractor.cc
[modify] https://crrev.com/9a1915060877f610870645a720d8d6eb177d0a0e/net/socket/ssl_server_socket_impl.cc
[modify] https://crrev.com/9a1915060877f610870645a720d8d6eb177d0a0e/net/ssl/openssl_client_key_store.cc
[modify] https://crrev.com/9a1915060877f610870645a720d8d6eb177d0a0e/net/ssl/openssl_ssl_util.cc
Project Member

Comment 24 by bugdroid1@chromium.org, Apr 14 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/22447b66eb8bb0a9b174c963a1a387f7de1182b7

commit 22447b66eb8bb0a9b174c963a1a387f7de1182b7
Author: mattm <mattm@chromium.org>
Date: Fri Apr 14 19:15:02 2017

Mac: Fix crash in CreateSecCertificateArrayForX509Certificate.

One of the calls to CreateSecCertificateFromBytes wasn't checking the return value.

BUG= 671420 ,711077

Review-Url: https://codereview.chromium.org/2818573004
Cr-Commit-Position: refs/heads/master@{#464771}

[modify] https://crrev.com/22447b66eb8bb0a9b174c963a1a387f7de1182b7/net/cert/x509_util_mac.cc
Project Member

Comment 25 by bugdroid1@chromium.org, Apr 17 2017

Labels: merge-merged-3071
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1fb80a053c574f49d4d798337518d471afdc2711

commit 1fb80a053c574f49d4d798337518d471afdc2711
Author: Matt Mueller <mattm@chromium.org>
Date: Mon Apr 17 20:59:08 2017

Mac: Fix crash in CreateSecCertificateArrayForX509Certificate.

One of the calls to CreateSecCertificateFromBytes wasn't checking the return value.

BUG= 671420 ,711077

Review-Url: https://codereview.chromium.org/2818573004
Cr-Commit-Position: refs/heads/master@{#464771}
(cherry picked from commit 22447b66eb8bb0a9b174c963a1a387f7de1182b7)

Review-Url: https://codereview.chromium.org/2820183002 .
Cr-Commit-Position: refs/branch-heads/3071@{#24}
Cr-Branched-From: a106f0abbf69dad349d4aaf4bcc4f5d376dd2377-refs/heads/master@{#464641}

[modify] https://crrev.com/1fb80a053c574f49d4d798337518d471afdc2711/net/cert/x509_util_mac.cc
Project Member

Comment 27 by bugdroid1@chromium.org, May 3 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/67ed4ef8a3ce933aa10a02cd36dc4e91f3fe9019

commit 67ed4ef8a3ce933aa10a02cd36dc4e91f3fe9019
Author: davidben <davidben@chromium.org>
Date: Wed May 03 18:36:06 2017

Remove unused USE_OPENSSL_CERTS conditional.

No platform builds with USE_AURA and USE_OPENSSL_CERTS. This is a
remnant of some aborted attempts to switch all platforms to
USE_OPENSSL_CERTS.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2859793003
Cr-Commit-Position: refs/heads/master@{#469041}

[modify] https://crrev.com/67ed4ef8a3ce933aa10a02cd36dc4e91f3fe9019/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc
Project Member

Comment 28 by bugdroid1@chromium.org, May 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7c97df67012325269eaf4a3f627e442f47266bbb

commit 7c97df67012325269eaf4a3f627e442f47266bbb
Author: davidben <davidben@chromium.org>
Date: Thu May 04 00:20:23 2017

Switch NaCl to use_byte_certs.

The NaCl build (used by //remoting) doesn't actually process
certificates, so we can switch them easily. (They configure
SSLClientSocket to allow only a single certificate and run some other
authenticator over the channel.)

Sadly, this doesn't buy the binary size wins yet. It looks like this is
because they pull in WebRTC. But it means that once this and the Android
switch sticks, we can tidy up USE_OPENSSL_CERTS.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2861813002
Cr-Commit-Position: refs/heads/master@{#469213}

[modify] https://crrev.com/7c97df67012325269eaf4a3f627e442f47266bbb/net/BUILD.gn
Project Member

Comment 29 by bugdroid1@chromium.org, May 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1a07e633e4bcb14569d37908e64eae0198840007

commit 1a07e633e4bcb14569d37908e64eae0198840007
Author: mattm <mattm@chromium.org>
Date: Tue May 16 05:55:50 2017

Convert iOS to use X509CertificateBytes.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2864133002
Cr-Commit-Position: refs/heads/master@{#472024}

[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/chrome/browser/ui/certificate_viewer_mac.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/ios/web/net/crw_cert_verification_controller.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/ios/web/net/crw_cert_verification_controller_unittest.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/ios/web/net/crw_ssl_status_updater_unittest.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/ios/web/web_state/ui/crw_web_controller.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/ios/web/web_state/ui/crw_web_controller_unittest.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/ios/web/web_state/wk_web_view_security_util.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/ios/web/web_state/wk_web_view_security_util_unittest.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/BUILD.gn
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/base/net_string_util_icu_alternatives_ios.mm
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/cert_verify_proc_ios.cc
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/cert_verify_proc_ios_unittest.cc
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/cert_verify_proc_mac.cc
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_certificate.h
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_certificate_ios.cc
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_util_ios.cc
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_util_ios.h
[add] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_util_ios_and_mac.cc
[add] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_util_ios_and_mac.h
[add] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_util_ios_and_mac_unittest.cc
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_util_mac.cc
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/cert/x509_util_mac.h
[modify] https://crrev.com/1a07e633e4bcb14569d37908e64eae0198840007/net/ssl/client_cert_store_mac.cc
Project Member

Comment 30 by bugdroid1@chromium.org, May 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aef2f1c86c8ee6849816ad81443a04148d295784

commit aef2f1c86c8ee6849816ad81443a04148d295784
Author: mattm <mattm@chromium.org>
Date: Wed May 17 01:06:17 2017

Add tests for certificates that pass X509CertificateBytes parsing, but fail in CertVerifyProc. Fix iOS.

BUG=711077, 671420 

Review-Url: https://codereview.chromium.org/2889813002
Cr-Commit-Position: refs/heads/master@{#472277}

[modify] https://crrev.com/aef2f1c86c8ee6849816ad81443a04148d295784/net/cert/cert_verify_proc_ios.cc
[modify] https://crrev.com/aef2f1c86c8ee6849816ad81443a04148d295784/net/cert/cert_verify_proc_mac.cc
[modify] https://crrev.com/aef2f1c86c8ee6849816ad81443a04148d295784/net/cert/cert_verify_proc_unittest.cc
Project Member

Comment 31 by bugdroid1@chromium.org, May 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fe689d0fc9750a2e953422336a6fbbb55ab9c20c

commit fe689d0fc9750a2e953422336a6fbbb55ab9c20c
Author: mattm <mattm@chromium.org>
Date: Wed May 17 21:17:58 2017

Add missing include in net/base/net_string_util_icu_alternatives_ios.mm.

Fixes ios cronet build.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2887203002
Cr-Commit-Position: refs/heads/master@{#472572}

[modify] https://crrev.com/fe689d0fc9750a2e953422336a6fbbb55ab9c20c/net/base/net_string_util_icu_alternatives_ios.mm
Project Member

Comment 32 by bugdroid1@chromium.org, Jun 14 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/919485c7f33741de04be2a3ffddccbf50f349a20

commit 919485c7f33741de04be2a3ffddccbf50f349a20
Author: mattm <mattm@chromium.org>
Date: Wed Jun 14 03:39:58 2017

Move some functions from net/cert/x509_util_nss.cc into x509_certificate_nss.cc

These functions are only used by x509_certificate_nss.cc, and will be unnecessary when switching to x509_certificate_bytes.

BUG= 671420 

Review-Url: https://codereview.chromium.org/2940763002
Cr-Commit-Position: refs/heads/master@{#479273}

[modify] https://crrev.com/919485c7f33741de04be2a3ffddccbf50f349a20/net/cert/x509_certificate_nss.cc
[modify] https://crrev.com/919485c7f33741de04be2a3ffddccbf50f349a20/net/cert/x509_util_nss.cc
[modify] https://crrev.com/919485c7f33741de04be2a3ffddccbf50f349a20/net/cert/x509_util_nss.h

Comment 33 by mattm@chromium.org, Jun 21 2017 

(Pasting manually since bugdroid was awol)

commit 2fe429a914dccf9bc3b8901c8a0d93f445f3a3b6
Author: mattm <mattm@chromium.org>
Date:   Mon Jun 19 18:53:44 2017 -0700

Convert Windows to use X509CertificateBytes.
    
BUG= 671420 
  
Review-Url: https://codereview.chromium.org/2913253003
Cr-Commit-Position: refs/heads/master@{#480686}
Project Member

Comment 34 by bugdroid1@chromium.org, Jul 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4ddc452007c67c8280187415c5c4d3cdda061e51

commit 4ddc452007c67c8280187415c5c4d3cdda061e51
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Jul 21 19:26:53 2017

Remove PR_DetachThread from multi_threaded_cert_verifier.

PR_DetachThread is not necessary, because Chromium code
never calls PR_Cleanup (which requires threads be cleaned up
beforehand), and the thread-specific data itself will be
cleaned up by NSPR's pthreads hook. However, PR_DetachThread
can cause a crash if NSS hasn't been initialized at all
(e.g. with use_byte_certs=true in unittests), so it's not
just unnecessary, but actively harmful.

Bug:  671420 
Change-Id: I294ac988c53c7b5109b80eec2aef547cb46f650a
Reviewed-on: https://chromium-review.googlesource.com/558605
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#488734}
[modify] https://crrev.com/4ddc452007c67c8280187415c5c4d3cdda061e51/net/cert/multi_threaded_cert_verifier.cc
Project Member

Comment 35 by bugdroid1@chromium.org, Aug 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cd91d9874d4a131a221a540974f579d5d8806ce9

commit cd91d9874d4a131a221a540974f579d5d8806ce9
Author: Matt Mueller <mattm@chromium.org>
Date: Tue Aug 08 16:41:11 2017

Refactor X509CertificateBytes ParsePrincipal so that X509TypesTest can run.

Also exclude x509_cert_types_mac.cc and x509_cert_types_win.cc in
use_byte_certs builds.

Bug:  671420 
Change-Id: I87a6d35f8dd8d04f9c0c8f6bec41609d11dee58e
Reviewed-on: https://chromium-review.googlesource.com/604875
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#492656}
[modify] https://crrev.com/cd91d9874d4a131a221a540974f579d5d8806ce9/net/BUILD.gn
[modify] https://crrev.com/cd91d9874d4a131a221a540974f579d5d8806ce9/net/cert/x509_cert_types.cc
[modify] https://crrev.com/cd91d9874d4a131a221a540974f579d5d8806ce9/net/cert/x509_cert_types.h
[modify] https://crrev.com/cd91d9874d4a131a221a540974f579d5d8806ce9/net/cert/x509_cert_types_unittest.cc
[modify] https://crrev.com/cd91d9874d4a131a221a540974f579d5d8806ce9/net/cert/x509_certificate_bytes.cc
Project Member

Comment 36 by bugdroid1@chromium.org, Aug 9 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/10684c9211da4d4e5bf46f68953e4c15187df875

commit 10684c9211da4d4e5bf46f68953e4c15187df875
Author: Matt Mueller <mattm@chromium.org>
Date: Wed Aug 09 07:24:09 2017

Move X509Certificate::GetDefaultNickname to x509_util_nss.h

Adds a x509_util::GetCERTNameDisplayName method analogous to CertPrincipal::GetDisplayName.
GetCERTNameDisplayName does not use CERT_GetCommonName, so in rare cases the output may not match the Linux impl of CertPrincipal::GetDisplayName exactly, but is more consistent with the other platforms.
Once Linux and ChromeOS switch to use_byte_certs, x509_util::GetCERTNameDisplayName and CertPrincipal::GetDisplayName should return equivalent results.

Bug:  671420 
Change-Id: Icc01546bd056146bc818e6a1d1a0f8837c21ce00
Reviewed-on: https://chromium-review.googlesource.com/605011
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#492884}
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/BUILD.gn
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/cert/x509_certificate.h
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/cert/x509_certificate_nss.cc
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/cert/x509_certificate_unittest.cc
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/cert/x509_util_nss.cc
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/cert/x509_util_nss.h
[add] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/cert/x509_util_nss_unittest.cc
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/test/cert_test_util_nss.cc
[modify] https://crrev.com/10684c9211da4d4e5bf46f68953e4c15187df875/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
Project Member

Comment 37 by bugdroid1@chromium.org, Aug 9 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/07a029fbd6794c840d2c3b3331ec2a9f26ccd3b4

commit 07a029fbd6794c840d2c3b3331ec2a9f26ccd3b4
Author: Matt Mueller <mattm@chromium.org>
Date: Wed Aug 09 20:27:49 2017

Remove X509Certificate::CreateOSCertHandleFromBytesWithNickname. Nothing seems to need it.

Bug:  671420 
Change-Id: Ib471fec931482f92ec9931b3ab46c68588f9e356
Reviewed-on: https://chromium-review.googlesource.com/606772
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#493124}
[modify] https://crrev.com/07a029fbd6794c840d2c3b3331ec2a9f26ccd3b4/net/cert/internal/trust_store_nss_unittest.cc
[modify] https://crrev.com/07a029fbd6794c840d2c3b3331ec2a9f26ccd3b4/net/cert/x509_certificate.h
[modify] https://crrev.com/07a029fbd6794c840d2c3b3331ec2a9f26ccd3b4/net/cert/x509_certificate_nss.cc
Project Member

Comment 38 by bugdroid1@chromium.org, Aug 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cb0ab9f106f5eef7ed3c946c982d6458101aec04

commit cb0ab9f106f5eef7ed3c946c982d6458101aec04
Author: Matt Mueller <mattm@chromium.org>
Date: Thu Aug 10 05:40:11 2017

Extract NSS X509Certificate::CreateOSCertHandleFromBytes method to x509_util::CreateCERTCertificateFromBytes.

Bug:  671420 
Change-Id: I961d86a5e54000865dc7c3a277e1d678367b6d18
Reviewed-on: https://chromium-review.googlesource.com/606675
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#493291}
[modify] https://crrev.com/cb0ab9f106f5eef7ed3c946c982d6458101aec04/net/cert/internal/trust_store_nss_unittest.cc
[modify] https://crrev.com/cb0ab9f106f5eef7ed3c946c982d6458101aec04/net/cert/x509_certificate_nss.cc
[modify] https://crrev.com/cb0ab9f106f5eef7ed3c946c982d6458101aec04/net/cert/x509_util_nss.cc
[modify] https://crrev.com/cb0ab9f106f5eef7ed3c946c982d6458101aec04/net/cert/x509_util_nss.h
[modify] https://crrev.com/cb0ab9f106f5eef7ed3c946c982d6458101aec04/net/cert/x509_util_nss_unittest.cc
Project Member

Comment 39 by bugdroid1@chromium.org, Aug 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/db79e4213a255a26ee51400088c31a53f44a5332

commit db79e4213a255a26ee51400088c31a53f44a5332
Author: Matt Mueller <mattm@chromium.org>
Date: Thu Aug 10 19:32:09 2017

Make test_root_certs_nss use_byte_certs-friendly.

Also extracts X509Certificate::IsSameOSCert to x509_util::IsSameCertificate, and adds x509_util::CreateCERTCertificateFromX509Certificate and x509_util::DupCERTCertificate.

Bug:  671420 
Change-Id: I226434a332ca63e502b3676b4f6e52768bbd0913
Reviewed-on: https://chromium-review.googlesource.com/609460
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#493499}
[modify] https://crrev.com/db79e4213a255a26ee51400088c31a53f44a5332/net/cert/test_root_certs.h
[modify] https://crrev.com/db79e4213a255a26ee51400088c31a53f44a5332/net/cert/test_root_certs_nss.cc
[modify] https://crrev.com/db79e4213a255a26ee51400088c31a53f44a5332/net/cert/test_root_certs_unittest.cc
[modify] https://crrev.com/db79e4213a255a26ee51400088c31a53f44a5332/net/cert/x509_certificate_nss.cc
[modify] https://crrev.com/db79e4213a255a26ee51400088c31a53f44a5332/net/cert/x509_util_nss.cc
[modify] https://crrev.com/db79e4213a255a26ee51400088c31a53f44a5332/net/cert/x509_util_nss.h
[modify] https://crrev.com/db79e4213a255a26ee51400088c31a53f44a5332/net/cert/x509_util_nss_unittest.cc
Project Member

Comment 40 by bugdroid1@chromium.org, Aug 18 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/947a0b83058a0a48018f7a713bb390632d5f1d49

commit 947a0b83058a0a48018f7a713bb390632d5f1d49
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Aug 18 01:43:16 2017

Make ClientCertStoreNSS use_byte_certs-friendly.

Also introduces:
x509_util::CreateX509CertificateFromCERTCertificate

And extracts GetDEREncoded from x509_certificate_nss.cc.

Bug:  671420 
Change-Id: I5b604ad380f466de35322bc81c20b5ce3932f541
Reviewed-on: https://chromium-review.googlesource.com/611311
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#495419}
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/cert/scoped_nss_types.h
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/cert/x509_certificate_nss.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/cert/x509_util_nss.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/cert/x509_util_nss.h
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/cert/x509_util_nss_unittest.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/ssl/client_cert_store_nss.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/ssl/client_cert_store_nss_unittest.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/ssl/ssl_platform_key_nss.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/ssl/ssl_platform_key_nss.h
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/ssl/ssl_platform_key_nss_unittest.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/test/cert_test_util.h
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/test/cert_test_util_nss.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/third_party/nss/ssl/cmpcert.cc
[modify] https://crrev.com/947a0b83058a0a48018f7a713bb390632d5f1d49/net/third_party/nss/ssl/cmpcert.h
Project Member

Comment 42 by bugdroid1@chromium.org, Aug 18 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/381b177ce7cb2df33e1f02c1939d97af7acc2640

commit 381b177ce7cb2df33e1f02c1939d97af7acc2640
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Aug 18 06:22:58 2017

Make x509_certificate_model_nss functions take CERTCertificate instead of OSCertHandle.

Renames x509_certificate_model.h to x509_certificate_model_nss.h.

Bug:  671420 
Change-Id: I6b6c3bdd5e0d9b21dbf9a0bbaa56597d14d794ab
Reviewed-on: https://chromium-review.googlesource.com/612409
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#495484}
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/browser/certificate_manager_model.cc
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/browser/ui/certificate_dialogs.cc
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/browser/ui/webui/certificate_viewer_webui.cc
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/common/net/BUILD.gn
[delete] https://crrev.com/ed629b3006a46ea050d9e3a2faab711dbb2525f1/chrome/common/net/x509_certificate_model.cc
[delete] https://crrev.com/ed629b3006a46ea050d9e3a2faab711dbb2525f1/chrome/common/net/x509_certificate_model.h
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/common/net/x509_certificate_model_nss.cc
[add] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/common/net/x509_certificate_model_nss.h
[rename] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/common/net/x509_certificate_model_nss_unittest.cc
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/test/BUILD.gn
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/cert/nss_cert_database.cc
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/cert/nss_cert_database.h
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/cert/x509_util_nss.cc
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/cert/x509_util_nss.h
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/cert/x509_util_nss_unittest.cc
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/test/cert_test_util.h
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/test/cert_test_util_nss.cc
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
[modify] https://crrev.com/381b177ce7cb2df33e1f02c1939d97af7acc2640/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
Project Member

Comment 43 by bugdroid1@chromium.org, Sep 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ebbb153dba06e3fc42423c4e31e294ce7545c3e1

commit ebbb153dba06e3fc42423c4e31e294ce7545c3e1
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Sep 01 01:42:45 2017

Convert NSSCertDatabase to operate on NSS types directly.

Adds temporary wrappers using X509Certificates, which will be removed as
 crbug.com/671420  progresses.

Bug:  671420 
Change-Id: I8e14202da69d6f2f0663233469ea635257c61905
Reviewed-on: https://chromium-review.googlesource.com/615605
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#499107}
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/chrome/browser/certificate_manager_model.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/chrome/browser/ssl/ssl_browser_tests.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/chrome/browser/ui/webui/certificates_handler.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_cert_database.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_cert_database.h
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_cert_database_chromeos.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_cert_database_chromeos.h
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_cert_database_chromeos_unittest.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_cert_database_unittest.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_profile_filter_chromeos.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_profile_filter_chromeos.h
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/nss_profile_filter_chromeos_unittest.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/x509_certificate_nss.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/x509_util_nss.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/x509_util_nss.h
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/cert/x509_util_nss_unittest.cc
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/third_party/mozilla_security_manager/nsNSSCertificateDB.h
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp
[modify] https://crrev.com/ebbb153dba06e3fc42423c4e31e294ce7545c3e1/net/third_party/mozilla_security_manager/nsPKCS12Blob.h
Project Member

Comment 44 by bugdroid1@chromium.org, Sep 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/18f895e57df70590d7eefa4d898d2f1260068a4d

commit 18f895e57df70590d7eefa4d898d2f1260068a4d
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Sep 01 04:58:49 2017

Make CertVerifyProcChromeOS use_byte_certs-friendly.

Also changes cert_verify_proc_chromeos_unittest to use NSS-native types
with NSSCertDatabase.

Bug:  671420 
Change-Id: I3ad47062f552120242214abb603b3b9d595d998f
Reviewed-on: https://chromium-review.googlesource.com/615742
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#499132}
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/chrome/browser/chromeos/net/cert_verify_proc_chromeos.cc
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/chrome/browser/chromeos/net/client_cert_filter_chromeos.cc
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/chrome/browser/chromeos/net/client_cert_filter_chromeos.h
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/chrome/browser/chromeos/net/client_cert_store_chromeos.cc
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/chrome/browser/chromeos/net/client_cert_store_chromeos.h
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/chrome/browser/chromeos/net/client_cert_store_chromeos_unittest.cc
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/net/ssl/client_cert_store_nss.cc
[modify] https://crrev.com/18f895e57df70590d7eefa4d898d2f1260068a4d/net/ssl/client_cert_store_nss.h
Project Member

Comment 45 by bugdroid1@chromium.org, Sep 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/917b4e16f05539f4e571decde447e0afb31f9c1b

commit 917b4e16f05539f4e571decde447e0afb31f9c1b
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Sep 01 19:15:35 2017

Convert Linux certificate UI code to use NSS types directly.

Bug:  671420 
Change-Id: I560ddb2b5675ffb8e33460f5f7a4cc1be256c01d
Reviewed-on: https://chromium-review.googlesource.com/621368
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#499251}
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/certificate_manager_model.cc
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/certificate_manager_model.h
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/ui/certificate_dialogs.cc
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/ui/certificate_dialogs.h
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/ui/crypto_module_password_dialog_nss.cc
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/ui/crypto_module_password_dialog_nss.h
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/ui/webui/certificate_viewer_webui.cc
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/ui/webui/certificate_viewer_webui.h
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/ui/webui/certificates_handler.cc
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/browser/ui/webui/certificates_handler.h
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/common/net/x509_certificate_model_nss.cc
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/common/net/x509_certificate_model_nss.h
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/common/net/x509_certificate_model_nss_unittest.cc
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/chrome/test/data/webui/certificate_viewer_ui_test-inl.h
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/net/cert/x509_util_nss.cc
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/net/cert/x509_util_nss.h
[modify] https://crrev.com/917b4e16f05539f4e571decde447e0afb31f9c1b/net/cert/x509_util_nss_unittest.cc
Project Member

Comment 46 by bugdroid1@chromium.org, Sep 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7f4732399a9026af311a1d5f87ab66ccc944ba56

commit 7f4732399a9026af311a1d5f87ab66ccc944ba56
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Sep 01 19:32:44 2017

Make chromeos certificate_helper functions use NSS types directly.

Bug:  671420 
Change-Id: I289163e10dd8690991ecfd41ee8901eb613ee820
Reviewed-on: https://chromium-review.googlesource.com/622241
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#499258}
[modify] https://crrev.com/7f4732399a9026af311a1d5f87ab66ccc944ba56/chromeos/network/certificate_helper.cc
[modify] https://crrev.com/7f4732399a9026af311a1d5f87ab66ccc944ba56/chromeos/network/certificate_helper.h
[modify] https://crrev.com/7f4732399a9026af311a1d5f87ab66ccc944ba56/chromeos/network/certificate_helper_unittest.cc
Project Member

Comment 47 by bugdroid1@chromium.org, Sep 1 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8da316bebba3950e649d4d09ba29fcd07eed13a9

commit 8da316bebba3950e649d4d09ba29fcd07eed13a9
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Sep 01 21:59:22 2017

Make chromeos ONC certificate code use NSS types directly.

Bug:  671420 
Change-Id: I7c21271715b467f352c059e6648841adf2713d21
Reviewed-on: https://chromium-review.googlesource.com/622078
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#499321}
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chrome/browser/chromeos/policy/policy_cert_verifier_browsertest.cc
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chrome/browser/chromeos/policy/user_network_configuration_updater.cc
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chrome/browser/chromeos/policy/user_network_configuration_updater.h
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chrome/browser/ui/webui/net_internals/net_internals_ui.cc
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chromeos/network/onc/onc_certificate_importer.h
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chromeos/network/onc/onc_certificate_importer_impl.cc
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chromeos/network/onc/onc_certificate_importer_impl.h
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chromeos/network/onc/onc_certificate_importer_impl_unittest.cc
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chromeos/network/onc/onc_utils.cc
[modify] https://crrev.com/8da316bebba3950e649d4d09ba29fcd07eed13a9/chromeos/network/onc/onc_utils.h
Project Member

Comment 48 by bugdroid1@chromium.org, Sep 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7

commit 0d0c142a92ce08a4a205aeaa8e218e30915b6ab7
Author: Matt Mueller <mattm@chromium.org>
Date: Thu Sep 07 18:08:38 2017

Make ChromeOS certificate code use NSS types directly.

Bug:  671420 ,  736159 
Change-Id: Ic480cf5dedc644294b4f11737f3f151243febce6
Reviewed-on: https://chromium-review.googlesource.com/621489
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500334}
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chrome/browser/certificate_manager_model.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chrome/browser/chromeos/options/cert_library.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chrome/browser/chromeos/options/cert_library.h
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chrome/browser/extensions/api/networking_private/networking_private_chromeos_apitest.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/cert_loader.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/cert_loader.h
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/cert_loader_unittest.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/auto_connect_handler_unittest.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/certificate_helper.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/certificate_helper.h
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/client_cert_resolver.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/client_cert_resolver.h
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/client_cert_resolver_unittest.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/network_cert_migrator.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/network_cert_migrator.h
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/network_cert_migrator_unittest.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/network_certificate_handler.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/network_certificate_handler.h
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/network_connection_handler_impl.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/network_connection_handler_impl.h
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/chromeos/network/network_connection_handler_impl_unittest.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/net/cert/x509_util_nss.cc
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/net/cert/x509_util_nss.h
[modify] https://crrev.com/0d0c142a92ce08a4a205aeaa8e218e30915b6ab7/net/cert/x509_util_nss_unittest.cc
Project Member

Comment 49 by bugdroid1@chromium.org, Sep 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9cc23fc96d98add479f10016e9948a5763577651

commit 9cc23fc96d98add479f10016e9948a5763577651
Author: Matt Mueller <mattm@chromium.org>
Date: Thu Sep 07 20:02:15 2017

Remove NSSCertDatabase X509Certificate compatibility wrappers.

Bug:  671420 
Change-Id: Ib7c4c8c45de67d9f8789ecf24035b1b8389c36ea
Reviewed-on: https://chromium-review.googlesource.com/621302
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500362}
[modify] https://crrev.com/9cc23fc96d98add479f10016e9948a5763577651/net/cert/nss_cert_database.cc
[modify] https://crrev.com/9cc23fc96d98add479f10016e9948a5763577651/net/cert/nss_cert_database.h
Project Member

Comment 50 by bugdroid1@chromium.org, Sep 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dfd7497a799fc69e102fd9cc5ee8f4baa96a4239

commit dfd7497a799fc69e102fd9cc5ee8f4baa96a4239
Author: Matt Mueller <mattm@chromium.org>
Date: Thu Sep 07 21:15:52 2017

use_byte_certs-friendliness cleanups for x509_util_nss_unittest.cc

Bug:  671420 
Change-Id: I44814e4c72a348b7f8719c2c3c7ed98d1d8dff2d
Reviewed-on: https://chromium-review.googlesource.com/648047
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500377}
[modify] https://crrev.com/dfd7497a799fc69e102fd9cc5ee8f4baa96a4239/net/cert/x509_util_nss_unittest.cc
Project Member

Comment 51 by bugdroid1@chromium.org, Sep 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1

commit d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1
Author: Matt Mueller <mattm@chromium.org>
Date: Thu Sep 07 23:37:32 2017

Remove x509_certificate_mac and x509_certificate_ios

Mac has been on use_byte_certs since M59 and iOS since M60. Should be
safe to remove the old code now.

Bug:  671420 
Change-Id: I2f98f930dbec9ba10306bc9abd537f66fb46742f
Reviewed-on: https://chromium-review.googlesource.com/655939
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500434}
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/BUILD.gn
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/cert/x509_cert_types.h
[delete] https://crrev.com/a2f6f55d34b143adbb4322710cf0d2fbe7a5f298/net/cert/x509_cert_types_mac.cc
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/cert/x509_cert_types_unittest.cc
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/cert/x509_certificate.h
[delete] https://crrev.com/a2f6f55d34b143adbb4322710cf0d2fbe7a5f298/net/cert/x509_certificate_ios.cc
[delete] https://crrev.com/a2f6f55d34b143adbb4322710cf0d2fbe7a5f298/net/cert/x509_certificate_mac.cc
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/cert/x509_certificate_unittest.cc
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/cert/x509_util_ios.cc
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/cert/x509_util_ios_and_mac.cc
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/cert/x509_util_ios_and_mac_unittest.cc
[modify] https://crrev.com/d93dd11ec47ea002a58cbf57c7e7f2abc0a2b3c1/net/cert/x509_util_mac.cc
Project Member

Comment 52 by bugdroid1@chromium.org, Sep 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/31f64a77ee2514266ca9062dea5b3c208169a490

commit 31f64a77ee2514266ca9062dea5b3c208169a490
Author: Matt Mueller <mattm@chromium.org>
Date: Thu Sep 07 23:55:55 2017

Add x509_util::DefaultParseCertificateOptions function.

(A reference to this function already snuck in inside a ifdef
 USE_BYTE_CERTS block in 947a0b83058a0a48018f7a713bb390632d5f1d49)

Bug:  671420 
Change-Id: Ibdcdcd2a40d140ef008414b69c3ea075610665ec
Reviewed-on: https://chromium-review.googlesource.com/648332
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500441}
[modify] https://crrev.com/31f64a77ee2514266ca9062dea5b3c208169a490/net/cert/x509_certificate_bytes.cc
[modify] https://crrev.com/31f64a77ee2514266ca9062dea5b3c208169a490/net/cert/x509_util.cc
[modify] https://crrev.com/31f64a77ee2514266ca9062dea5b3c208169a490/net/cert/x509_util.h
Project Member

Comment 53 by bugdroid1@chromium.org, Sep 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/48218d16dc459752e54ba7f6cb6813199285ba03

commit 48218d16dc459752e54ba7f6cb6813199285ba03
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Sep 08 01:25:33 2017

Convert Linux and ChromeOS to use X509CertificateBytes.

Bug:  671420 
Change-Id: I41ffc51eb0d639b702917e0b823f33cd80c8d9dc
Reviewed-on: https://chromium-review.googlesource.com/578568
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500472}
[modify] https://crrev.com/48218d16dc459752e54ba7f6cb6813199285ba03/net/BUILD.gn
Project Member

Comment 54 by bugdroid1@chromium.org, Sep 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ae23e2d50d88a10b79c52c54646c6c4bd22d525e

commit ae23e2d50d88a10b79c52c54646c6c4bd22d525e
Author: Matt Giuca <mgiuca@chromium.org>
Date: Fri Sep 08 04:22:32 2017

Revert "Convert Linux and ChromeOS to use X509CertificateBytes."

This reverts commit 48218d16dc459752e54ba7f6cb6813199285ba03.

Reason for revert: Suspect broke 3 tests on Linux. See bug.

Original change's description:
> Convert Linux and ChromeOS to use X509CertificateBytes.
> 
> Bug:  671420 
> Change-Id: I41ffc51eb0d639b702917e0b823f33cd80c8d9dc
> Reviewed-on: https://chromium-review.googlesource.com/578568
> Reviewed-by: David Benjamin <davidben@chromium.org>
> Commit-Queue: Matt Mueller <mattm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#500472}

TBR=davidben@chromium.org,mattm@chromium.org

Change-Id: I869efd17584d4e0f24d06fb198a15e6f1ea6cdc4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  763230 
Reviewed-on: https://chromium-review.googlesource.com/656479
Reviewed-by: Matt Giuca <mgiuca@chromium.org>
Commit-Queue: Matt Giuca <mgiuca@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500505}
[modify] https://crrev.com/ae23e2d50d88a10b79c52c54646c6c4bd22d525e/net/BUILD.gn
Project Member

Comment 55 by bugdroid1@chromium.org, Sep 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/15004212f4cda388c8acf1be5c4b5e3b6715ec42

commit 15004212f4cda388c8acf1be5c4b5e3b6715ec42
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Sep 08 04:44:13 2017

Remove x509_certificate_openssl and use_openssl_certs build flag

Bug:  671420 , 706445
Change-Id: Ieca79e475c0d4ea025405275d2164451b3f124dd
Reviewed-on: https://chromium-review.googlesource.com/656519
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: Dirk Pranke <dpranke@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#500508}
[modify] https://crrev.com/15004212f4cda388c8acf1be5c4b5e3b6715ec42/build/build_config.h
[modify] https://crrev.com/15004212f4cda388c8acf1be5c4b5e3b6715ec42/build/config/BUILD.gn
[modify] https://crrev.com/15004212f4cda388c8acf1be5c4b5e3b6715ec42/build/config/crypto.gni
[modify] https://crrev.com/15004212f4cda388c8acf1be5c4b5e3b6715ec42/net/BUILD.gn
[rename] https://crrev.com/15004212f4cda388c8acf1be5c4b5e3b6715ec42/net/cert/cert_database_stub.cc
[modify] https://crrev.com/15004212f4cda388c8acf1be5c4b5e3b6715ec42/net/cert/x509_certificate.h
[delete] https://crrev.com/e976a3897d7a8abbbacce4c2622cc5ecf5a7b067/net/cert/x509_certificate_openssl.cc
[delete] https://crrev.com/e976a3897d7a8abbbacce4c2622cc5ecf5a7b067/net/cert/x509_util_openssl.cc
[delete] https://crrev.com/e976a3897d7a8abbbacce4c2622cc5ecf5a7b067/net/cert/x509_util_openssl.h
[modify] https://crrev.com/15004212f4cda388c8acf1be5c4b5e3b6715ec42/net/socket/ssl_server_socket_impl.cc

Comment 56 by nya@chromium.org, Sep 12 2017

Blocking: 704024
Project Member

Comment 57 by bugdroid1@chromium.org, Sep 12 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/72899ddfd8ceeb4e5c785174b962354f60aa5331

commit 72899ddfd8ceeb4e5c785174b962354f60aa5331
Author: Matt Mueller <mattm@chromium.org>
Date: Tue Sep 12 20:08:32 2017

Remove x509_certificate_win.

Windows has been on use_byte_certs since M61.

Bug:  671420 
Change-Id: I78c7f7f2a2e94ebd18d4d0c76909a9549231ec85
Reviewed-on: https://chromium-review.googlesource.com/661885
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#501374}
[modify] https://crrev.com/72899ddfd8ceeb4e5c785174b962354f60aa5331/net/BUILD.gn
[modify] https://crrev.com/72899ddfd8ceeb4e5c785174b962354f60aa5331/net/cert/x509_cert_types.h
[modify] https://crrev.com/72899ddfd8ceeb4e5c785174b962354f60aa5331/net/cert/x509_cert_types_unittest.cc
[delete] https://crrev.com/f7923136b3dc75f67fbffcc200d2720eff6355ff/net/cert/x509_cert_types_win.cc
[modify] https://crrev.com/72899ddfd8ceeb4e5c785174b962354f60aa5331/net/cert/x509_certificate.h
[delete] https://crrev.com/f7923136b3dc75f67fbffcc200d2720eff6355ff/net/cert/x509_certificate_win.cc
[modify] https://crrev.com/72899ddfd8ceeb4e5c785174b962354f60aa5331/net/cert/x509_util_win.cc
[modify] https://crrev.com/72899ddfd8ceeb4e5c785174b962354f60aa5331/net/cert/x509_util_win.h
[modify] https://crrev.com/72899ddfd8ceeb4e5c785174b962354f60aa5331/net/ssl/client_cert_store_win.cc
Project Member

Comment 58 by bugdroid1@chromium.org, Sep 12 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f7d09033fca39d4aae8a5c21de332b54b650876c

commit f7d09033fca39d4aae8a5c21de332b54b650876c
Author: Matt Mueller <mattm@chromium.org>
Date: Tue Sep 12 23:44:43 2017

Try #2: Convert Linux and ChromeOS to use X509CertificateBytes.

Now including a hack to handle certificate dates outside the range that
base::Time::FromUTCExploded can handle on 32-bit linux. (Previously those
dates would be imploded with NSPR, which always uses 64bit time values.)

Bug:  671420 
Change-Id: I3c633b6f2f434bbb356b83bbc99cf8c8b8a08ff8
Reviewed-on: https://chromium-review.googlesource.com/658326
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#501456}
[modify] https://crrev.com/f7d09033fca39d4aae8a5c21de332b54b650876c/net/BUILD.gn
[modify] https://crrev.com/f7d09033fca39d4aae8a5c21de332b54b650876c/net/cert/x509_certificate_bytes.cc
Project Member

Comment 59 by bugdroid1@chromium.org, Sep 15 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4cd1e85e769baf04e01496fa5047a37f455c47b9

commit 4cd1e85e769baf04e01496fa5047a37f455c47b9
Author: Matt Mueller <mattm@chromium.org>
Date: Fri Sep 15 00:09:52 2017

Remove X509CertificateCache.

(X509CertificateCache is not used with USE_BYTE_CERTS nor with
USE_NSS_CERTS alone, so it's safe to remove now.)

Bug:  671420 
Change-Id: I72a61ce86dfb5e46b632920e58793993a8743e1c
Reviewed-on: https://chromium-review.googlesource.com/668077
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#502105}
[modify] https://crrev.com/4cd1e85e769baf04e01496fa5047a37f455c47b9/net/cert/x509_certificate.cc
[modify] https://crrev.com/4cd1e85e769baf04e01496fa5047a37f455c47b9/net/cert/x509_certificate_unittest.cc

Comment 60 by mattm@chromium.org, Sep 28 2017

Labels: M-63
Status: Fixed (was: Started)
Enabled on all platforms, so I guess this can be marked fixed now. (Still need to do some clean ups (deleting x509_certificate_nss, removing use_byte_certs build flag, etc), filed  issue 769549  for that.)

Final tally:
Mac: 59.0.3069.0 (4cede8d39db10321b053c0d9776cf6b23f290310)
Android: 60.0.3088.0 (e05a6fdeff3d39f64b4af1d1468251602e9ccc6b)
NaCl: 60.0.3089.0 (7c97df67012325269eaf4a3f627e442f47266bbb)
iOS: 60.0.3102.0 (1a07e633e4bcb14569d37908e64eae0198840007)
Win: 61.0.3137.0 (2fe429a914dccf9bc3b8901c8a0d93f445f3a3b6)
Fuchsia: 61.0.3154.0 (4908557534d516a48589f36714d91ed835683f58)
Linux&ChromeOS: 63.0.3214.0 (f7d09033fca39d4aae8a5c21de332b54b650876c)

Sign in to add a comment