Add DevTools logging for Symantec distrust |
||||||||||
Issue descriptionChrome 62 should log about Symantec certificates that are slated to be distrusted, per https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
,
Sep 18 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8fca91f277deae13b08d01f7cd02799324bfd269 commit 8fca91f277deae13b08d01f7cd02799324bfd269 Author: Emily Stark <estark@google.com> Date: Mon Sep 18 21:37:50 2017 Add short link to Symantec message This updates the Symantec console message to use a short link instead of the full blog post link. Bug: 763984 Change-Id: I0ebc75d8a406f2a79fb7fc1b133903967dbc281a Reviewed-on: https://chromium-review.googlesource.com/670025 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/heads/master@{#502680} [modify] https://crrev.com/8fca91f277deae13b08d01f7cd02799324bfd269/content/browser/ssl/ssl_manager.cc
,
Sep 19 2017
Requesting merge to M62 for the commits in comment 1 and 2. I've verified on canary and the changes are covered by automated tests. (Background: this is the console message promised for M62 in https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html)
,
Sep 19 2017
This bug requires manual review: M62 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 19 2017
fwiw I support this merge.
,
Sep 19 2017
Approving merge to M62. Branch: 3202
,
Sep 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ab35a4d16285432fad2fc6149dd78419943d80f0 commit ab35a4d16285432fad2fc6149dd78419943d80f0 Author: Emily Stark <estark@google.com> Date: Wed Sep 20 01:00:18 2017 Log console message for legacy Symantec roots This CL implements the console message described in https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html for main resources. To do so, it: 1.) Relocates the existing list of Symantec roots (currently only used for CT policies) and exposes it as net::IsLegacySymantecCert. 2.) Stores public key hashes from the net::SSLInfo on navigation entries and checks them against IsLegacySymantecCert when a navigation commits. When a match is found, log a message to the DevTools console. Note that this message will not fire for resources served from the disk cache, because public_key_hashes are not written to the disk cache. Bug: 763984 Change-Id: I013a1226c63a0192569192839f30bfbb22afffaa Reviewed-on: https://chromium-review.googlesource.com/659318 Commit-Queue: Emily Stark <estark@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#502472}(cherry picked from commit d29cdae2baf037fe2fd3e761c69ef498c8100ae0) Reviewed-on: https://chromium-review.googlesource.com/674223 Reviewed-by: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/branch-heads/3202@{#340} Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/content/browser/ssl/ssl_manager.cc [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/content/browser/ssl/ssl_manager_unittest.cc [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/content/public/browser/ssl_status.cc [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/content/public/browser/ssl_status.h [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/BUILD.gn [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/base/hash_value.cc [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/base/hash_value.h [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/cert/known_roots_win.cc [add] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/cert/symantec_certs.cc [add] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/cert/symantec_certs.h [add] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/cert/symantec_certs_unittest.cc [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/cert/x509_certificate_known_roots_win.h [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/http/transport_security_state.cc [modify] https://crrev.com/ab35a4d16285432fad2fc6149dd78419943d80f0/net/http/transport_security_state_ct_policies.inc
,
Sep 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7e8ef0bce018c80736acae4df29acf14adb82ec8 commit 7e8ef0bce018c80736acae4df29acf14adb82ec8 Author: Emily Stark <estark@google.com> Date: Wed Sep 20 01:04:31 2017 Add short link to Symantec message This updates the Symantec console message to use a short link instead of the full blog post link. Bug: 763984 Change-Id: I0ebc75d8a406f2a79fb7fc1b133903967dbc281a Reviewed-on: https://chromium-review.googlesource.com/670025 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Emily Stark <estark@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#502680}(cherry picked from commit 8fca91f277deae13b08d01f7cd02799324bfd269) Reviewed-on: https://chromium-review.googlesource.com/674243 Reviewed-by: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/branch-heads/3202@{#341} Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} [modify] https://crrev.com/7e8ef0bce018c80736acae4df29acf14adb82ec8/content/browser/ssl/ssl_manager.cc
,
Sep 21 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/70614f61e8663c8ffbc76c92a46751e14c376b3f commit 70614f61e8663c8ffbc76c92a46751e14c376b3f Author: Emily Stark <estark@google.com> Date: Thu Sep 21 07:03:35 2017 Use different Symantec console message for Chrome Add a ContentBrowserClient method to customize the console message for upcoming Symantec distrust events. ChromeContentBrowserClient implements this method to customize the message for pre- and post-June 2016 issuance: the latter will be distrusted in Chrome 66. Bug: 763984 Change-Id: Idb8ca04347b91054faaf9fc4a913d019bc932a7c Reviewed-on: https://chromium-review.googlesource.com/674062 Commit-Queue: Emily Stark <estark@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/master@{#503376} [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/chrome/browser/chrome_content_browser_client.cc [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/chrome/browser/chrome_content_browser_client.h [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/chrome/browser/ssl/ssl_browser_tests.cc [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/content/browser/ssl/ssl_manager.cc [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/content/public/browser/content_browser_client.cc [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/content/public/browser/content_browser_client.h [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/net/data/ssl/certificates/README [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/net/data/ssl/certificates/post_june_2016.pem [modify] https://crrev.com/70614f61e8663c8ffbc76c92a46751e14c376b3f/net/data/ssl/certificates/pre_june_2016.pem
,
Sep 22 2017
abdulsyed: we need to request one more merge for this bug, in comment 9. I've verified the change on canary and it's covered by tests. Thanks!
,
Sep 22 2017
This bug requires manual review: M62 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 22 2017
Approving merge to M62.
,
Sep 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2 commit ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2 Author: Emily Stark <estark@google.com> Date: Fri Sep 22 21:30:35 2017 Use different Symantec console message for Chrome Add a ContentBrowserClient method to customize the console message for upcoming Symantec distrust events. ChromeContentBrowserClient implements this method to customize the message for pre- and post-June 2016 issuance: the latter will be distrusted in Chrome 66. Bug: 763984 Change-Id: Idb8ca04347b91054faaf9fc4a913d019bc932a7c Reviewed-on: https://chromium-review.googlesource.com/674062 Commit-Queue: Emily Stark <estark@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#503376}(cherry picked from commit 70614f61e8663c8ffbc76c92a46751e14c376b3f) Reviewed-on: https://chromium-review.googlesource.com/679634 Reviewed-by: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/branch-heads/3202@{#409} Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/chrome/browser/chrome_content_browser_client.cc [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/chrome/browser/chrome_content_browser_client.h [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/chrome/browser/ssl/ssl_browser_tests.cc [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/content/browser/ssl/ssl_manager.cc [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/content/public/browser/content_browser_client.cc [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/content/public/browser/content_browser_client.h [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/net/data/ssl/certificates/README [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/net/data/ssl/certificates/post_june_2016.pem [modify] https://crrev.com/ff4e3bc36a1ccfc0e73bae2f06a5ef37e0efd5b2/net/data/ssl/certificates/pre_june_2016.pem
,
Sep 22 2017
|
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by bugdroid1@chromium.org
, Sep 16 2017