Disregard Alternative Service information in response if connection has certificate errors |
||||
Issue descriptionThis is a spinoff from https://crbug.com/615413#c25. The security concern here is that an on-path attacker (e.g. public WiFi network operator) can proxy traffic with a self-signed certificate to inject AltSvc headers (or ALTSVC HTTP/2 frames) that will persist on the client's device and allow the connection to be hijacked even afterwards when the device is on an uncompromised network.
,
Aug 14 2017
,
Aug 30 2017
,
Aug 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/230ac614ca52360e6d51f1820f6c25857e3d8a27 commit 230ac614ca52360e6d51f1820f6c25857e3d8a27 Author: Bence Béky <bnc@chromium.org> Date: Wed Aug 30 19:17:08 2017 Ignore AltSvc response headers on connections with certificate errors. BUG= 754395 Change-Id: If36c05cd1371e76b1cf8b2219dcde676e04d71cb Reviewed-on: https://chromium-review.googlesource.com/611033 Reviewed-by: David Benjamin <davidben@chromium.org> Commit-Queue: Bence Béky <bnc@chromium.org> Cr-Commit-Position: refs/heads/master@{#498563} [modify] https://crrev.com/230ac614ca52360e6d51f1820f6c25857e3d8a27/net/http/http_network_transaction.cc [modify] https://crrev.com/230ac614ca52360e6d51f1820f6c25857e3d8a27/net/http/http_network_transaction_unittest.cc [modify] https://crrev.com/230ac614ca52360e6d51f1820f6c25857e3d8a27/net/quic/chromium/quic_network_transaction_unittest.cc [modify] https://crrev.com/230ac614ca52360e6d51f1820f6c25857e3d8a27/net/socket/socket_test_util.cc [modify] https://crrev.com/230ac614ca52360e6d51f1820f6c25857e3d8a27/net/socket/socket_test_util.h
,
Aug 30 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by b...@chromium.org
, Aug 10 2017