New issue
Advanced search Search tips

Issue 852534 link

Starred by 2 users
Status: Assigned
Owner:
rsleevi@chromium.org
Cc:
davidben@chromium.org
eugene...@chromium.org
rsleevi@chromium.org
justincohen@chromium.org
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 3
Type: Bug



Sign in to add a comment

Investigate new SecTrustEvaluate* in Security.h, and fix cert verification failures on iOS12

Project Member Reported by justincohen@chromium.org, Jun 13 2018 
ios_web_unittests:
CRWWebControllerPageScrollStateTest.FLAKY_SetPageDisplayStateWithUserScalableDisabled
CRWCertVerificationControllerTest.SSLStatusForInvalidTrust
CRWCertVerificationControllerTest.AllowCertIgnoresIntermediateCerts
CRWCertVerificationControllerTest.PolicyForInvalidTrust
CRWWebControllerPageScrollStateTest.FLAKY_SetPageDisplayStateWithUserScalableEnabled
CRWCertVerificationControllerTest.PolicyForInvalidTrustAcceptedByUser
CRWCertVerificationControllerTest.PolicyForNullHost

net_unittests:
URLRequestJobFactoryTest.BasicProtocolHandler
CertVerifyProcIOSTest.StatusForEvaluatedTrust
TestRootCertsTest.OverrideTrust
CertVerifyProcIOSTest.StatusForNotEvaluatedTrust

poc to fix tests https://chromium-review.googlesource.com/c/chromium/src/+/1094700

need to still evaluate new APIs
Project Member

Comment 1 by bugdroid1@chromium.org, Jun 13 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a7918e30d20f596c4cb441cbc6b7bd9277f9a5e8

commit a7918e30d20f596c4cb441cbc6b7bd9277f9a5e8
Author: Justin Cohen <justincohen@google.com>
Date: Wed Jun 13 22:43:49 2018

Update CertVerifyProcIOS::GetCertFailureStatusFromTrust for iOS 12.0.

iOS 12.0 introduced "Unable to build chain to root certificate." error.
This error is mapped to CERT_STATUS_INVALID and CERT_STATUS_AUTHORITY_INVALID.

Bug:  843236 , 852534
Cq-Include-Trybots: luci.chromium.try:ios-simulator-full-configs;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: I90e4f9f97084c2ce06d4560b7e2d695f9b5454ae
Reviewed-on: https://chromium-review.googlesource.com/1094700
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#567028}
[modify] https://crrev.com/a7918e30d20f596c4cb441cbc6b7bd9277f9a5e8/net/cert/cert_verify_proc_ios.cc

Comment 2 by justincohen@chromium.org, Jul 16

Labels: -Pri-1 Pri-3

Comment 3 by justincohen@chromium.org, Nov 5

Cc: justincohen@chromium.org
Owner: rsleevi@chromium.org
rsleevi@ I poked around in the new API and I didn't see anything obvious, but it's likely I'm missing something obvious.

If you can point me to the new API to use, I'm happy to integrate it.  I see SecTrustEvaluateWithError is new, but it still uses a localized string.

Sign in to add a comment