[ mac bug triage ]

Tentatively tagging Internals>Network>SSL, please fix if incorrect.

This is https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1694. The issue is this is an API fuzzer so it tries to hit contrived things that involve building unreasonably long chains and serializing them a lot. Not inherently a problem, but best not to spam everyone with false positives and slow fuzzers. :-)

I landed https://boringssl.googlesource.com/boringssl/+/6da9eaeef1dd501d69cd96b891f57c22492dcd88. That hasn't rolled into Chromium yet, but it looks like that's not aggressive enough, so I've uploaded https://boringssl-review.googlesource.com/16905.

The following revision refers to this bug:
  https://boringssl.googlesource.com/boringssl/+/b0bb83a583d2f68e30ffcacbff5141feabed7c54

commit b0bb83a583d2f68e30ffcacbff5141feabed7c54
Author: David Benjamin <davidben@google.com>
Date: Tue Jun 06 20:50:55 2017

Bound ssl_ctx_api more aggressively.

OpenSSL's d2i_X509 parser is amazingly slow. Only do about 10,000 of
them, not 1,000,000.

BUG= chromium:729419 

Change-Id: I7034c3dde7d5c5681986af2ab5e516e54553d3c6
Reviewed-on: https://boringssl-review.googlesource.com/16905
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

[modify] https://crrev.com/b0bb83a583d2f68e30ffcacbff5141feabed7c54/fuzz/ssl_ctx_api.cc

I believe this is fixed now. Kicked off a new task from Clusterfuzz to confirm.

+kcc, is it expected that clusterfuzz take so long to rule on whether the issue's been fixed?

CF seems to now believe this is not reproducible. I'm going to just close this now and assume the change fixed it.

Er, I meant to close this and forgot.