New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 738119 link

Starred by 2 users
Status: Archived
Owner:
steve...@chromium.org
Closed: Jul 2017
Cc:
cernekee@chromium.org
josa...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Chrome, LocalTranslator::TranslateOpenVPN() does not (re)set the shill property to an empty string if the |cert_kus| array has zero elements

Project Member Reported by chrismoon@google.com, Jun 29 2017 
Chrome, LocalTranslator::TranslateOpenVPN() does not (re)set the shill property to an empty string if the |cert_kus| array has zero elements

Chrome Version:  9592.35.0 beta-channel running 2.4.2.


What steps will reproduce the problem?
(1) Modify ONC value changing it from "RemoteCertKU":["e0"] to "RemoteCertKU":[]
(2) Refresh Policy
(3) Policy remains unmodified displaying a value of "RemoteCertKU":["e0"] 

What is the expected result? Policy updates and shows "RemoteCertKU":[]

Comment 1 by cernekee@chromium.org, Jun 29 2017 

> Policy remains unmodified displaying a value of "RemoteCertKU":["e0"] 

In chrome://policy I see "RemoteCertKU":[]

But in file:///var/log/net.log I still see "remote-cert-ku e0" in the openvpn parameter list.  I believe this is because the shill properties for the service were not updated.  Could not confirm by hand because I can't get a shell on a corp device.

Comment 2 by steve...@chromium.org, Jul 1 2017

Cc: cernekee@chromium.org
Components: UI>Shell>Networking
Labels: M-61
Status: Started (was: Untriaged)
Project Member

Comment 3 by bugdroid1@chromium.org, Jul 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/74fe242b94d0e1a024f644287cf8f462bcfd0705

commit 74fe242b94d0e1a024f644287cf8f462bcfd0705
Author: Steven Bennetts <stevenjb@chromium.org>
Date: Mon Jul 10 18:23:51 2017

ONC: Always set shill::kOpenVPNRemoteCertKUProperty

If no ONC values is provided for OpenVPN.RemoteCertKU we need to
set the Shill property to an empty string value.

Bug:  738119 
Change-Id: I3266e0c9f81fea42734e9da7d68df9e268487423
Reviewed-on: https://chromium-review.googlesource.com/558203
Commit-Queue: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Kevin Cernekee <cernekee@chromium.org>
Cr-Commit-Position: refs/heads/master@{#485318}
[modify] https://crrev.com/74fe242b94d0e1a024f644287cf8f462bcfd0705/chromeos/network/onc/onc_translator_onc_to_shill.cc
[modify] https://crrev.com/74fe242b94d0e1a024f644287cf8f462bcfd0705/chromeos/test/data/network/policy/shill_policy_autoconnect_on_unconfigured_vpn.json
[modify] https://crrev.com/74fe242b94d0e1a024f644287cf8f462bcfd0705/chromeos/test/data/network/policy/shill_policy_on_managed_vpn.json
[modify] https://crrev.com/74fe242b94d0e1a024f644287cf8f462bcfd0705/chromeos/test/data/network/shill_openvpn_clientcert.json

Comment 4 by steve...@chromium.org, Jul 10 2017

Status: Fixed (was: Started)
Do we want to merge this to 60?

Comment 5 by cernekee@chromium.org, Jul 10 2017 

Yes please

Comment 6 by steve...@chromium.org, Jul 10 2017

Labels: -M-61 M-60 Merge-Request-60

Comment 7 by steve...@chromium.org, Jul 10 2017

Cc: josa...@chromium.org
This is a small, low-risk, cros specific change.

Comment 8 by gkihumba@google.com, Jul 10 2017

Labels: -Merge-Request-60 Merge-Approved-60
Project Member

Comment 9 by bugdroid1@chromium.org, Jul 10 2017

Labels: -merge-approved-60 merge-merged-3112
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c48f2299f30c59da3f81c9108cdb03e6bbc95586

commit c48f2299f30c59da3f81c9108cdb03e6bbc95586
Author: Steven Bennetts <stevenjb@chromium.org>
Date: Mon Jul 10 21:09:59 2017

ONC: Always set shill::kOpenVPNRemoteCertKUProperty

If no ONC values is provided for OpenVPN.RemoteCertKU we need to
set the Shill property to an empty string value.

TBR=stevenjb@chromium.org

(cherry picked from commit 74fe242b94d0e1a024f644287cf8f462bcfd0705)

Bug:  738119 
Change-Id: I3266e0c9f81fea42734e9da7d68df9e268487423
Reviewed-on: https://chromium-review.googlesource.com/558203
Commit-Queue: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Kevin Cernekee <cernekee@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#485318}
Reviewed-on: https://chromium-review.googlesource.com/565884
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Cr-Commit-Position: refs/branch-heads/3112@{#566}
Cr-Branched-From: b6460e24cf59f429d69de255538d0fc7a425ccf9-refs/heads/master@{#474897}
[modify] https://crrev.com/c48f2299f30c59da3f81c9108cdb03e6bbc95586/chromeos/network/onc/onc_translator_onc_to_shill.cc
[modify] https://crrev.com/c48f2299f30c59da3f81c9108cdb03e6bbc95586/chromeos/test/data/network/policy/shill_policy_autoconnect_on_unconfigured_vpn.json
[modify] https://crrev.com/c48f2299f30c59da3f81c9108cdb03e6bbc95586/chromeos/test/data/network/policy/shill_policy_on_managed_vpn.json
[modify] https://crrev.com/c48f2299f30c59da3f81c9108cdb03e6bbc95586/chromeos/test/data/network/shill_openvpn_clientcert.json

Comment 10 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment