Captive portal certificate list isn't properly checking that name mismatch is the only error |
|||
Issue descriptionThe current code checks if cert_error == name-mismatch but that's not sufficient. The right way to do this is how www-mismatch handles it.
,
Feb 13 2017
,
Mar 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4f8acbd89df62b20df694810ec309c1bf1e0d6c9 commit 4f8acbd89df62b20df694810ec309c1bf1e0d6c9 Author: meacer <meacer@chromium.org> Date: Thu Mar 02 04:23:52 2017 Captive portal certificate list should be checked when name mismatch is the only error When there are errors in addition to a name-mismatch error, the captive portal certificate list feature should not display a captive portal error. This was supposed to be the case with the current implementation but it's buggy. The current check is done by checking cert_error in SSLErrorHandler which is not sufficient, because a cert_error of CERT_ERROR_COMMON_NAME_INVALID doesn't necessarily mean that it's the only error, it means that net::MapCertStatusToNetError determined CERT_ERROR_COMMON_NAME_INVALID to be the most important error. There are also existing test cases that were trying to test this behavior, but they were using authority-invalid errors to do so. This CL adds an extra test to check for name-mismatch and weak key errors. BUG= 691163 Review-Url: https://codereview.chromium.org/2690333006 Cr-Commit-Position: refs/heads/master@{#454177} [modify] https://crrev.com/4f8acbd89df62b20df694810ec309c1bf1e0d6c9/chrome/browser/ssl/ssl_browser_tests.cc [modify] https://crrev.com/4f8acbd89df62b20df694810ec309c1bf1e0d6c9/chrome/browser/ssl/ssl_error_handler.cc [modify] https://crrev.com/4f8acbd89df62b20df694810ec309c1bf1e0d6c9/chrome/browser/ssl/ssl_error_handler_unittest.cc
,
Mar 2 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by mea...@chromium.org
, Feb 11 2017