UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12
Steps to reproduce the problem:
1.
2.
3.
What is the expected behavior?
What went wrong?
1.
Client may drop cached certificates during handshake, see method QuicCryptoClientConfig::CacheNewServerConfig() and method ClearProof().
If client sends CCRT tag in the first CHLO, drops cached certificates and sends subsequent CHLOs without CCRT tag, server must throw away cached certificates, too.
Otherwise server sends incorrect cert. chain (exploiting cached certificates) , and client closes connection with error QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER (Certificate data invalid).
Possible solution is to drop previously cached client's certificates if CCRT tag is not present in the last CHLO.
2.
I believe that parameters of CertCompressor::CompressChain() are incorrect.
See the attached patch.
Did this work before? N/A
Chrome version: master Channel: n/a
OS Version: OS X 10.12.2
Flash Version:
|
Deleted:
cached_certs.patch
1.2 KB
|
Comment 1 by rsesek@chromium.org
, May 17 2017