New issue
Advanced search Search tips

Issue 837536 link

Starred by 2 users

Issue metadata

Status: Verified
Owner:
Closed: May 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: Fuchsia
Pri: 1
Type: Bug

Blocking:
issue 798851



Sign in to add a comment

CertVerifyProcBuiltin attempts to read BoringSSL certificate data from the wrong URL in tests

Project Member Reported by w...@chromium.org, Apr 27 2018

Issue description

Several *CertVerifyProcBuiltin tests fail with:

[280818:1431450607:0427/075936.190924:255359209:ERROR:system_trust_store.cc(168)] Can't load root certificates from /system/data/boringssl/cert.pem
[280818:1431450607:0427/075936.201836:255370122:ERROR:cert_verify_proc_builtin.cc(450)] No net_fetcher for performing AIA chasing.
[280818:1431450607:0427/075936.210367:255378654:ERROR:cert_verify_proc_builtin.cc(450)] No net_fetcher for performing AIA chasing.
...
[280818:1431450607:0427/075937.355246:256523531:ERROR:cert_verify_proc_builtin.cc(450)] No net_fetcher for performing AIA chasing.
../../net/cert/cert_verify_proc_unittest.cc:1254: Failure
Value of: error
Expected: net::OK
Actual: -202, net::ERR_CERT_AUTHORITY_INVALID
This test relies on a real certificate that expires on May 28, 2021. If failing on/after that date, please disable and file a bug against rsleevi.
Stack trace:
#00: testing::internal::UnitTestImpl::CurrentOsStackTraceExceptTop(int) at gtest.cc:?
#01: testing::internal::AssertHelper::operator=(testing::Message const&) const at gtest.cc:?
#02: net::CertVerifyProcInternalTest_TestKnownRoot_Test::TestBody() at cert_verify_proc_unittest.cc:?

 

Comment 1 by w...@chromium.org, Apr 27 2018

Blocking: 798851

Comment 2 by w...@chromium.org, Apr 27 2018

Cc: -kmarshall@chromium.org
Owner: kmarshall@chromium.org
Status: Started (was: Untriaged)
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 30 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d18578f3e006e7a6384211e74aaebc7bb59f8b0e

commit d18578f3e006e7a6384211e74aaebc7bb59f8b0e
Author: Kevin Marshall <kmarshall@chromium.org>
Date: Mon Apr 30 18:36:02 2018

Fuchsia: Use system root cert capability and cert store.

This change uses a special sandbox feature to gain access to the
system's root certificate store.

The previous code referenced the cert store under "/system", but that
directory is not attached to the namespaces of non-"shell" processes.

Bug:  837536 
Change-Id: I4a406525558e10dd0cac8e9b28345560899e07dc
Reviewed-on: https://chromium-review.googlesource.com/1032050
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Kevin Marshall <kmarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#554820}
[modify] https://crrev.com/d18578f3e006e7a6384211e74aaebc7bb59f8b0e/build/config/fuchsia/sandbox_policy
[modify] https://crrev.com/d18578f3e006e7a6384211e74aaebc7bb59f8b0e/build/config/fuchsia/testing_sandbox_policy
[modify] https://crrev.com/d18578f3e006e7a6384211e74aaebc7bb59f8b0e/net/cert/internal/system_trust_store.cc

Status: Verified (was: Started)

Sign in to add a comment