Client SSL certificate not being selected
Reported by
alexr...@gmail.com,
Sep 29 2017
|
||||||||||||||||||
Issue description
Chrome Version : 61.0.3163.100
OS Version: 10.0
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari 5:
Firefox 4.x:
IE 7/8/9:OK
Edge OK
What steps will reproduce the problem?
1. Insert a smart card with a client SSL certificate.
2. Open a website that requires SSL mutual authentication such as https://online-dev.comsigntrust.com/demo/swipe.html
3. Chrome shows a list of available client certificates and it does not include some of them.
What is the expected result?
Show all compatible certificates.
What happens instead of that?
Some certificates are missing in that list.
Please provide any additional information below. Attach a screenshot if
possible.
UserAgentString: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Other browsers like Ms Edge and IE explorer do show this certificate when they present client certificates list to the user.
I've found out that the first version of chromium that has that issue is this one:
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/480693/
The one before - 480685 works OK.
I've attached two certificates both chain to the same root.
the "shown.cer" works fine, while not_shown.cer is the certificate which we try to find out why not works (as it does with older versions of chromium).
,
Sep 29 2017
Thanks for doing the bisect! For reference, 480686 is the change that switched windows to use_byte_certs: https://chromium.googlesource.com/chromium/src/+/2fe429a914dccf9bc3b8901c8a0d93f445f3a3b6 It looks like not_shown.cer has PrintableString values in the Subject that are invalid (containing @ and # characters). These strings should be encoded using a suitable type like UTF8String.
,
Sep 30 2017
Hi Since we have tens thousands of certificates created this way, and other browsers, viewers e.t.c are more forgivable in that case, is it possible to make this check less strict?
,
Oct 2 2017
Hi Chrome team, 1st – we do appreciate your assistance very much. Thank you again. 2nd – now we are in a severe problem – All the certificates we've issued last 4 years (although we fixed the problem yesterday, due to your assistance, for new certificates which are issued from yesterday) – are not valid and therefore not operational in Chrome. This creates enormous pressure on our company and customers threaten to sue us because the certificate isn’t working with Chrome despite our promises, not to speak about the inconvenience they are facing. The "bug", if you may call it a bug, is that RSA in their CA (Keon) allowed "_" character in the CN (the subject field) in a certain option (printable certificate). Google as from last week does not allow it as of Build #480693. So I don’t know if this is such severe problem for google and its users that such limitation cannot be postponed until we find a proper solution. We cannot immediately call all these customers and issue them new certificates – it's tones of work won't be finished in many months, it is not reasonable. We probably will have to develop a software solution that will securely renew the old certificate with a new one, but due to safety procedures required from us as a public certificate authority – it will require a lot of work and patience, which customers does not have at the moment.
,
Oct 2 2017
Hi again, We are still using Keon software from RSA, although down the road we've established a new CA and we are about replacing Keon, but still, last 4 years all certificates issued with Keon. RSA Keon CA encodes the subject by default as "PrintableString" though the actual characters may be taken from the UTF8 set. [please see attached file]. Maybe other Keon customers may encounter the same problem.
,
Oct 3 2017
Working on a hack to allow client certs with invalid PrintableStrings.
,
Oct 3 2017
,
Oct 9 2017
,
Oct 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6c8b07c6f55d90854a4785016a9c26a2b4607b1f commit 6c8b07c6f55d90854a4785016a9c26a2b4607b1f Author: Matt Mueller <mattm@chromium.org> Date: Mon Oct 09 21:02:25 2017 Allow UTF-8 in PrintableStrings inside client certificate DNs. Bug: 770323 Change-Id: I684c92fb407276a46bd83b7520e02fe6a113a828 Reviewed-on: https://chromium-review.googlesource.com/701930 Reviewed-by: Eric Roman <eroman@chromium.org> Commit-Queue: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/master@{#507484} [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/BUILD.gn [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/internal/parse_name.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/internal/parse_name.h [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/internal/parse_name_unittest.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_cert_types.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_cert_types.h [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_certificate.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_certificate.h [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_certificate_bytes.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_certificate_nss.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_certificate_unittest.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_util_mac.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_util_mac.h [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_util_nss.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_util_nss.h [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_util_win.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/cert/x509_util_win.h [add] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/data/parse_certificate_unittest/subject_printable_string_containing_utf8_client_cert.pem [add] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/data/parse_certificate_unittest/v3_certificate_template.pk8 [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/data/parse_certificate_unittest/v3_certificate_template.txt [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/ssl/client_cert_identity.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/ssl/client_cert_store_mac.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/ssl/client_cert_store_nss.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/ssl/client_cert_store_nss_unittest.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/ssl/client_cert_store_unittest-inl.h [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/ssl/client_cert_store_win.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/test/cert_test_util.h [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/test/cert_test_util_nss.cc [modify] https://crrev.com/6c8b07c6f55d90854a4785016a9c26a2b4607b1f/net/tools/update_ios_bundle_data.py
,
Oct 13 2017
Hi, could you test with Chrome Canary (63.0.3237.0 or newer) and let us know if it's working for you?
,
Oct 14 2017
Hi, I took the test and it was recognized correctly. Will this update be incorporated into Google Chrome? I thank the attention.
,
Oct 16 2017
Hi, with version 64.0.3241.0 on canary it works OK. When will this update roll to stable?
,
Oct 16 2017
M63 should go to stable sometime around Dec 5th. I'll request a merge to M62 as well.
,
Oct 16 2017
This bug requires manual review: We are only 0 days from stable. Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 16 2017
M62 is going to Stable tomorrow. This is a huge last minute merge request. Can you please justify why this is needed, is this safe, why can't we wait until M63?
,
Oct 16 2017
This is a regression affecting client certs that used non-spec-compliant behaviour, only found post-stable, for which there's no reasonable workaround (particularly if the client identity is stored on smart cards, this requires reissuing the physical card). The primary users of client certs are going to be enterprises and government users. We've identified at least one CA that reports to have ~500K such certificates in deployment. On Windows, where we primarily see this, this shipped in M-61. This change reduces the spec compliance in a way that aligns with the previously buggy implementation, but reports are that it works (see Comment #11, Comment #12). Given the size of this, it may be acceptable to treat this as a K-I/Regression for 62 and merge for 63, but that's at least part of the known scope of impact.
,
Oct 16 2017
+blumberg@ for a heads up My inclination would be to wait and keep this one baking in M53 and in our back pocket, and keep an eye out for it flaring up.
,
Oct 16 2017
rsleevi@ / mattm@ - can you please comment how safe this merge is? Is it well tested and what are the chances of introducing new regressions? Since the impact for enterprises is expected to be large, i'm inclined to take it for our release tomorrow.
,
Oct 16 2017
The change touches code used by all users, but for most (anyone not using client certs), the change *should* be a no-op. If the change did have a problem I would guess that it would only be relevant to those affected by this issue. In theory at least. That said, the change has only gone through a few canary releases, but no dev/beta releases. Since the issue has already been in effect for all of M-61 I don't know if there is sufficient urgency to rush to patch it before 62 stable release. As awhalley suggested, we could also let this bake in 63 for a bit longer before deciding.
,
Oct 16 2017
Sounds good, and thanks for the update. We can consider for a future M62 respin if required.
,
Oct 17 2017
Hi Chrome Team I just read about M62 So please be aware that we suffer for the last month from this bug and if possible to consider integrate the fix in M62 - we would be very thankful. Best regards Zeev Shetach CEO
,
Oct 19 2017
Hi Zeev - the fix is in today's Dev channel release (https://www.chromium.org/getting-involved/dev-channel) if you'd like to help verify the fix.
,
Oct 19 2017
I've tested it with Version 63.0.3239.9 (Official Build) dev (64-bit) Seems to work OK The smart card is shown in the list and I am able to proceed.
,
Oct 19 2017
,
Oct 20 2017
Thanks seems like this has been verified and been in Dev since Tuesday. Mattm@/rsleevi@ - can you please confirm if everything looks good and ready for merge? I can go ahead and approve it if all looks good.
,
Oct 20 2017
,
Oct 20 2017
,
Oct 20 2017
I looked around and didn't find any crash or bugreports that look related.
,
Oct 21 2017
Hello Chrome Team, As we are facing major problems and customers threat to sue us - can you please let us know what is the earliest date that M-63 can be released? Thank you in advance Zeev Shetach - CEO/Comsign
,
Oct 23 2017
Thanks for the fix. Approving merge to M62. Branch:3202.
,
Oct 23 2017
+Merge-Request for 63.
,
Oct 24 2017
Your change meets the bar and is auto-approved for M63. Please go ahead and merge the CL to branch 3239 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), gkihumba@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 24 2017
mattm@ can you confirm if this has been merged to M62? We are planning a respin for Wednesday, so would like to ensure we have this in M62 branch 3202 by today 3PM PDT.
,
Oct 24 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/aef770685d3ffa3f3e540ad22fb5058be315ef90 commit aef770685d3ffa3f3e540ad22fb5058be315ef90 Author: Matt Mueller <mattm@chromium.org> Date: Tue Oct 24 16:51:19 2017 Allow UTF-8 in PrintableStrings inside client certificate DNs. TBR=mattm@chromium.org (cherry picked from commit 6c8b07c6f55d90854a4785016a9c26a2b4607b1f) Bug: 770323 Change-Id: I684c92fb407276a46bd83b7520e02fe6a113a828 Reviewed-on: https://chromium-review.googlesource.com/701930 Reviewed-by: Eric Roman <eroman@chromium.org> Commit-Queue: Matt Mueller <mattm@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#507484} Reviewed-on: https://chromium-review.googlesource.com/735509 Reviewed-by: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/branch-heads/3202@{#733} Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/BUILD.gn [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/internal/parse_name.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/internal/parse_name.h [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/internal/parse_name_unittest.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_cert_types.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_cert_types.h [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_certificate.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_certificate.h [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_certificate_bytes.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_certificate_nss.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_certificate_unittest.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_util_mac.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_util_mac.h [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_util_nss.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_util_nss.h [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_util_win.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/cert/x509_util_win.h [add] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/data/parse_certificate_unittest/subject_printable_string_containing_utf8_client_cert.pem [add] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/data/parse_certificate_unittest/v3_certificate_template.pk8 [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/data/parse_certificate_unittest/v3_certificate_template.txt [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/ssl/client_cert_identity.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/ssl/client_cert_store_mac.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/ssl/client_cert_store_nss.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/ssl/client_cert_store_nss_unittest.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/ssl/client_cert_store_unittest-inl.h [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/ssl/client_cert_store_win.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/test/cert_test_util.h [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/test/cert_test_util_nss.cc [modify] https://crrev.com/aef770685d3ffa3f3e540ad22fb5058be315ef90/net/tools/update_ios_bundle_data.py
,
Oct 24 2017
Sorry for the delay. There were some merge conflicts so I couldn't just do the quick cherry-pick and I was travelling yesterday. I just merged it to 62.
,
Oct 24 2017
6c8b07c6f55d90854a4785016a9c26a2b4607b1f landed in 63.0.3237.0, merge to 63 is not needed.
,
Oct 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8da1d75de425543081176e54cd3bda5269ee2337 commit 8da1d75de425543081176e54cd3bda5269ee2337 Author: Matt Mueller <mattm@chromium.org> Date: Wed Oct 25 03:02:59 2017 Revert "Allow UTF-8 in PrintableStrings inside client certificate DNs." This reverts commit aef770685d3ffa3f3e540ad22fb5058be315ef90. Reason for revert: compile failure Original change's description: > Allow UTF-8 in PrintableStrings inside client certificate DNs. > > TBR=mattm@chromium.org > > (cherry picked from commit 6c8b07c6f55d90854a4785016a9c26a2b4607b1f) > > Bug: 770323 > Change-Id: I684c92fb407276a46bd83b7520e02fe6a113a828 > Reviewed-on: https://chromium-review.googlesource.com/701930 > Reviewed-by: Eric Roman <eroman@chromium.org> > Commit-Queue: Matt Mueller <mattm@chromium.org> > Cr-Original-Commit-Position: refs/heads/master@{#507484} > Reviewed-on: https://chromium-review.googlesource.com/735509 > Reviewed-by: Matt Mueller <mattm@chromium.org> > Cr-Commit-Position: refs/branch-heads/3202@{#733} > Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} TBR=eroman@chromium.org,mattm@chromium.org Change-Id: I3706456c392e4ced305f0b5f9b63fcdac50da9f3 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 770323 Reviewed-on: https://chromium-review.googlesource.com/736791 Reviewed-by: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/branch-heads/3202@{#742} Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/BUILD.gn [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/internal/parse_name.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/internal/parse_name.h [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/internal/parse_name_unittest.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_cert_types.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_cert_types.h [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_certificate.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_certificate.h [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_certificate_bytes.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_certificate_nss.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_certificate_unittest.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_util_mac.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_util_mac.h [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_util_nss.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_util_nss.h [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_util_win.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/cert/x509_util_win.h [delete] https://crrev.com/a77b0fd68ed2fde333e24351b18c0d910868ba35/net/data/parse_certificate_unittest/subject_printable_string_containing_utf8_client_cert.pem [delete] https://crrev.com/a77b0fd68ed2fde333e24351b18c0d910868ba35/net/data/parse_certificate_unittest/v3_certificate_template.pk8 [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/data/parse_certificate_unittest/v3_certificate_template.txt [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/ssl/client_cert_identity.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/ssl/client_cert_store_mac.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/ssl/client_cert_store_nss.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/ssl/client_cert_store_nss_unittest.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/ssl/client_cert_store_unittest-inl.h [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/ssl/client_cert_store_win.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/test/cert_test_util.h [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/test/cert_test_util_nss.cc [modify] https://crrev.com/8da1d75de425543081176e54cd3bda5269ee2337/net/tools/update_ios_bundle_data.py
,
Oct 25 2017
Reverted due to compile failure. I may not have time to look into this tomorrow, probably can try again thursday.
,
Oct 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/96f5894f4551049c2a14fd11cffbd5c383af1acc commit 96f5894f4551049c2a14fd11cffbd5c383af1acc Author: Matt Mueller <mattm@chromium.org> Date: Wed Oct 25 17:06:28 2017 Allow UTF-8 in PrintableStrings inside client certificate DNs. TBR=mattm@chromium.org (cherry picked from commit 6c8b07c6f55d90854a4785016a9c26a2b4607b1f) Bug: 770323 Change-Id: Ie2e1f93a8d7208bf2925a16c60cee7325038ad57 Reviewed-on: https://chromium-review.googlesource.com/701930 Reviewed-by: Eric Roman <eroman@chromium.org> Commit-Queue: Matt Mueller <mattm@chromium.org> Cr-Original-Original-Commit-Position: refs/heads/master@{#507484} Reviewed-on: https://chromium-review.googlesource.com/738453 Reviewed-by: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/branch-heads/3202@{#747} Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/BUILD.gn [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/internal/parse_name.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/internal/parse_name.h [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/internal/parse_name_unittest.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_cert_types.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_cert_types.h [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_certificate.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_certificate.h [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_certificate_bytes.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_certificate_nss.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_certificate_unittest.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_util_mac.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_util_mac.h [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_util_nss.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_util_nss.h [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_util_win.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/cert/x509_util_win.h [add] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/data/parse_certificate_unittest/subject_printable_string_containing_utf8_client_cert.pem [add] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/data/parse_certificate_unittest/v3_certificate_template.pk8 [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/data/parse_certificate_unittest/v3_certificate_template.txt [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/ssl/client_cert_identity.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/ssl/client_cert_store_mac.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/ssl/client_cert_store_nss.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/ssl/client_cert_store_nss_unittest.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/ssl/client_cert_store_unittest-inl.h [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/ssl/client_cert_store_win.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/test/cert_test_util.h [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/test/cert_test_util_nss.cc [modify] https://crrev.com/96f5894f4551049c2a14fd11cffbd5c383af1acc/net/tools/update_ios_bundle_data.py
,
Oct 30 2017
[Bulk Edit] URGENT - PTAL. M63 Stable promotion is coming soon and your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP. Thank you.
,
Oct 30 2017
Merge landed in 62.0.3202.75.
,
Oct 31 2017
zshetach@ - the latest Stable update has this fix: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html
,
Nov 30 2017
Is there a postmortem for this issue yet? |
||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||
Comment 1 by mef@chromium.org
, Sep 29 2017