New issue
Advanced search Search tips

Issue 672972 link

Starred by 1 user
Status: Fixed
Owner:
davidben@chromium.org
Closed: Dec 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

GetClientCertInfo maps P-521 to P-384.

Project Member Reported by davidben@chromium.org, Dec 9 2016 
I do not believe this actually affects anything other than TLS 1.3, where we don't even have RSA client certs working. Nonetheless, this should get fixed and since M56 is still early along (this code is new as of M56), may as well get it merged I think.

Comment 1 by davidben@chromium.org, Dec 9 2016

Status: Started (was: Assigned)
Project Member

Comment 2 by bugdroid1@chromium.org, Dec 13 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b

commit b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b
Author: davidben <davidben@chromium.org>
Date: Mon Dec 12 23:56:40 2016

Fix P-521 client cert mapping and test all curves.

I messed up the mapping. As penance, add tests for everything and make
the Android tests less of a mess.

The failure mode here is P-521 client certificates won't quite work
right in TLS 1.3. I believe TLS 1.2 and below would not have been
affected.

BUG= 672972 

Review-Url: https://codereview.chromium.org/2567523003
Cr-Commit-Position: refs/heads/master@{#437963}

[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/chrome/test/data/extensions/api_test/platform_keys/basic.js
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/chrome/test/data/extensions/api_test/platform_keys/client_1.der
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/chrome/test/data/extensions/api_test/platform_keys/client_1_spki.der
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/chrome/test/data/extensions/api_test/platform_keys/client_2.der
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/chrome/test/data/extensions/api_test/platform_keys/create_net_cert_data.sh
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/chrome/test/data/extensions/api_test/platform_keys/signature_nohash_pkcs
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/chrome/test/data/extensions/api_test/platform_keys/signature_sha1_pkcs
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/README
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_1.key
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_1.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_1.pk8
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_1_ca.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_2.key
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_2.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_2.pk8
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_2_ca.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_3.key
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_3.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_3.pk8
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_3_ca.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_4.key
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_4.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_4.pk8
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_4_ca.pem
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_5.key
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_5.pem
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_5.pk8
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_5_ca.pem
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_6.key
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_6.pem
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_6.pk8
[add] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_6_ca.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/certificates/client_root_ca.pem
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/data/ssl/scripts/generate-client-certificates.sh
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/net.gypi
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/ssl/ssl_platform_key_android_unittest.cc
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/ssl/ssl_platform_key_util.cc
[modify] https://crrev.com/b9b243bd7562a54a6cc4f80f1b23ebc9b8c37d9b/net/ssl/ssl_platform_key_util_unittest.cc

Comment 3 by davidben@chromium.org, Dec 13 2016

Labels: -M-56 M-57
Status: Fixed (was: Started)
Since this only affects the draft TLS 1.3 code where we don't even have RSA client auth working, let's just leave this for 57.

Sign in to add a comment