New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 731838 link

Starred by 2 users
Status: Verified
Owner:
rsleevi@chromium.org
Closed: Jul 2017
Cc:
f...@chromium.org
awhalley@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Remove the StartCom/WoSign whitelist

Project Member Reported by rsleevi@chromium.org, Jun 9 2017 
Presently, the CAs StartCom/WoSign have a whitelist of domains for which certificates are accepted. This was the result of the issues noted in October 2016, at https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

As part of that, it was noted this whitelist would not be indefinite. Further, it's noted that the CAs have continued to have operational issues - https://groups.google.com/d/msg/mozilla.dev.security.policy/42daAyURTKk/-iQTHgE8BAAJ

As Chrome 61 is expected to launch in September 2017, it will have been a year since announcing the plans to remove trust.
Project Member

Comment 1 by bugdroid1@chromium.org, Jun 12 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8c640b21a3e2c560e33a5a2f4b186b87fa40301b

commit 8c640b21a3e2c560e33a5a2f4b186b87fa40301b
Author: rsleevi <rsleevi@chromium.org>
Date: Mon Jun 12 21:17:32 2017

Remove the StartCom/WoSign whitelist

This fully removes trust in WoSign and StartCom, as announced at https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

BUG= 731838 

Review-Url: https://codereview.chromium.org/2927383002
Cr-Commit-Position: refs/heads/master@{#478768}

[modify] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/BUILD.gn
[modify] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/cert/cert_verify_proc.cc
[modify] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/cert/cert_verify_proc_blacklist.inc
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/cert/cert_verify_proc_whitelist.cc
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/cert/cert_verify_proc_whitelist.h
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/cert/cert_verify_proc_whitelist_unittest.cc
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/cert/cert_verify_proc_whitelist_unittest1.gperf
[modify] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/cert/ev_root_ca_metadata.cc
[rename] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/4b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708.pem
[rename] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/7d8ce822222b90c0b14342c7a8145d1f24351f4d1a1fe0edfd312ee73fb00149.pem
[rename] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02.pem
[modify] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/README.md
[rename] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/c766a9bef2d4071c863a31aa4920e813b2d198608cb7b7cfe21143b836df09ea.pem
[rename] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/c7ba6567de93a798ae1faa791e712d378fae1f93c4397fea441bb7cbe6fd5995.pem
[rename] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/d487a56f83b07482e85e963394c1ecc2c9e51d0903ee946b02c301581ed99e16.pem
[rename] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/d6f034bd94aa233f0297eca4245b283973e447aa590f310c77f48fdf83112254.pem
[rename] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/blacklist/e17890ee09a3fbf4f48b9c414a17d637b7a50647e9bc752322727fcc1742a911.pem
[modify] https://crrev.com/8c640b21a3e2c560e33a5a2f4b186b87fa40301b/net/data/ssl/certificates/README
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/data/ssl/certificates/wosign_after_oct_21.pem
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/data/ssl/certificates/wosign_before_oct_21.pem
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/data/ssl/wosign/BUILD.gn
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/data/ssl/wosign/README.md
[delete] https://crrev.com/74520997b5744e0c8a1684cc9cf0b18f9f60926c/net/data/ssl/wosign/wosign_domains.gperf

Comment 2 by rsleevi@chromium.org, Jul 14 2017

Status: Verified (was: Assigned)

Sign in to add a comment