New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 854635 link

Starred by 6 users

Issue metadata

Status: Verified
Owner:
Closed: Aug 22
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug
Proj-Servicification



Sign in to add a comment

When the OOP Network Service is enabled, CRLSets are ignored

Project Member Reported by rsleevi@chromium.org, Jun 20 2018

Issue description

When the out-of-process Network Service is enabled, CRLSets are not checked by the network stack.

CRLSets are delivered via Component Updater, using //chrome/browser/component_updater/crl_set_component_installer.h

When a new CRLSet is obtained, it calls net::SSLConfigService::SetCRLSetIfNewer() ( https://cs.chromium.org/chromium/src/chrome/browser/component_updater/crl_set_component_installer.cc?l=41&rcl=e6e3030d9a5f2114fb63e6d691acfbed366fcc87 )

This updates the static CRLSet, which is obtained from the SSLConfigService::GetCRLSet ( https://cs.chromium.org/chromium/src/net/ssl/ssl_config_service.h?l=59&rcl=e6e3030d9a5f2114fb63e6d691acfbed366fcc87 )

When the Network Service is out of process, this results in the browser process only configuring CRLSets in the browser processes' SSLConfigService, as it does not traverse the Mojo boundary. When the Network Service is 'in-process', this works by virtue of the global CRLSet.

As a result, revoked and compromised certificates end up being trusted by Chrome. This would be a security regression.
 

Comment 1 by mmenke@chromium.org, Jun 20 2018

Calling global settings in hidden code, away from the rest of network stack configuration seems like an anti-pattern.  While we're fixing this, could we hook this up in a more discoverable place?

I'm not sure how we handle the initial set on browser start, but we'll also need to handle NetworkService crashes/restarts. 
 SystemNetworkContextManager::OnNetworkServiceCreated is currently the main place for re-configuring the NetworkService after a crash.

Comment 2 by mmenke@chromium.org, Jun 20 2018

(Also used for initial configuration as well)
Thanks for the pointer as to how to handle crashes! That's super helpful to know.

No disagreement here that it is an anti-pattern, as is the lack of the integration tests that could have flagged this. This design goes back to when all certificate verification was done via a single static method (X509Certificate::Verify).

I'm making this explicitly part of the certificate verification configuration, as with the flags passed in Verify(), as they are not call-specific but context-specific (i.e. associated with a given CertVerifier, not a single call to ::Verify). This is what we'd talked about when discussing the SSLConfigService, and how it's really "two" configurations - SSL and cert verification. I'm making the latter an explicit API, which also resolves this issue.

Comment 4 by mmenke@chromium.org, Jun 20 2018

If we're switching to per-NetworkContext, rather than global state, hooking up is more complicated.  The logic would then need to be hooked up for the system, profile, and safebrowsing NetworkContexts, each of which have their own code.  Or, perhaps more sanely, CreateDefaultNetworkContext params would need to plug in a new pipe specifically for this data whenever a NetworkContext is created.  (New pipes are necessary because NetworkContexts are invalidated on NetworkService crash, and there's no way for a consumer to watch for this happening, other than by having its own pipe to each NetworkContext).
The goal is not to split it to per-NetworkContext - that is, from the observable API, it behaves global - but to no longer make it per-call parameters, and instead a rather explicit per-verifier configuration. This at least makes it clearer that it's a configuration parameter, and where/how it's set and updated.
If this is blocking canary, we should do the simplest thing that makes it work as is today (i.e. a global call on NetworkService mojom). Any improvements related to the new per-verifier configuration can be done later.

Doing this per NetworkService should be a quick fix.
I just saw that Ryan has a start at this in https://chromium-review.googlesource.com/c/chromium/src/+/1122709, thanks. If this is pretty much ready and it won't take long after it to add the CRLSet passing, then ignore my comment above.
https://chromium-review.googlesource.com/c/chromium/src/+/1132706 is the CL that adds CRLSets. I'm OOO until next week though.
Components: Internals>Services>Network
hey ryan, can you provide an update on this bug? We are getting very close to launch a canary experiment with network service and hope to have this resolved before then.
Project Member

Comment 12 by bugdroid1@chromium.org, Aug 15

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90

commit 84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90
Author: Ryan Sleevi <rsleevi@chromium.org>
Date: Wed Aug 15 18:17:49 2018

Introduce explicit configuration to CertVerifier

Presently, CertVerifier::Verify() takes a series of per-verification
flags that express the ways in which certificate verification may be
configured. However, these flags represent overall verifier-wide
configuration, in that they are tied to user preferences or enterprise
policies. These flags are plumbed through the layers by virtue of
SSLConfig, but generally do not change between verifications.

As part of making the verification configuration opaque to callers,
move the flags from being something passed in each verifier-call to
something that is implicitly handled on the CertVerifier, via the
CertVerifier::Config. All verifications started will share the same
configuration, while allowing callers to focus on the per-verification
parameters that are unique (such as the hostname or certificate).
This sets the stage for moving the CRLSet in as explicit CertVerifier
configuration, rather than passed-per-call, as well as to having the
socket pools more intelligently respond to these configuration changes.

TBR: zea@chromium.org, pmarko@chromium.org
Bug: 848277,  854635 
Cq-Include-Trybots: luci.chromium.try:linux_mojo;master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: I2098783f1c4100720438e2dea447a24789ebf8c9
Reviewed-on: https://chromium-review.googlesource.com/1122709
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Reviewed-by: Nicolas Zea <zea@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Reviewed-by: mark a. foltz <mfoltz@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Reviewed-by: Helen Li <xunjieli@chromium.org>
Cr-Commit-Position: refs/heads/master@{#583329}
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/android_webview/DEPS
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/android_webview/browser/net/aw_url_request_context_getter.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/android_webview/browser/net/aw_url_request_context_getter_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/chromeos/policy/policy_cert_verifier.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/chromeos/policy/policy_cert_verifier.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/io_thread.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/net/trial_comparison_cert_verifier.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/net/trial_comparison_cert_verifier.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/net/trial_comparison_cert_verifier_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/ssl/certificate_error_report.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/ssl/certificate_error_report.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/ssl/common_name_mismatch_handler.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/ssl/ssl_config_service_manager_pref.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/chrome/browser/ssl/ssl_config_service_manager_pref_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/components/captive_portal/captive_portal_detector.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/components/cast_channel/cast_socket.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/components/cronet/ios/Cronet.mm
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/content/browser/web_package/signed_exchange_handler_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/google_apis/gcm/tools/mcs_probe.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/BUILD.gn
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/base/load_flags_list.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/caching_cert_verifier.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/caching_cert_verifier.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verifier.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verifier.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verifier_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verify_proc.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verify_proc.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verify_proc_builtin.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verify_proc_mac.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verify_proc_nss.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verify_proc_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/cert_verify_proc_win.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/mock_cert_verifier.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/multi_threaded_cert_verifier.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/multi_threaded_cert_verifier.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/cert/multi_threaded_cert_verifier_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/data/ssl/certificates/README
[add] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/data/ssl/certificates/www.ahrn.com.pem
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/http/http_network_transaction.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/http/http_stream_factory_job.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/proxy_resolution/pac_file_fetcher_impl.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/proxy_resolution/pac_file_fetcher_impl_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/quic/crypto/proof_verifier_chromium_test.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/ssl/ssl_config.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/ssl/ssl_config.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/ssl/ssl_config_service.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/ssl/ssl_config_service.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/ssl/ssl_config_service_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/ssl/ssl_config_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/net/url_request/url_request_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/remoting/protocol/ssl_hmac_channel_authenticator.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/BUILD.gn
[add] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/cert_verifier_config_type_converter.cc
[add] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/cert_verifier_config_type_converter.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/ignore_errors_cert_verifier.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/ignore_errors_cert_verifier.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/network_context.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/ssl_config_service_mojo.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/ssl_config_service_mojo.h
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/ssl_config_service_mojo_unittest.cc
[modify] https://crrev.com/84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90/services/network/ssl_config_type_converter.cc

Project Member

Comment 13 by bugdroid1@chromium.org, Aug 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/59b29ea781de1d90d967842d22c1c8ee616c121e

commit 59b29ea781de1d90d967842d22c1c8ee616c121e
Author: Findit <findit-for-me@appspot.gserviceaccount.com>
Date: Thu Aug 16 00:35:12 2018

Revert "Introduce explicit configuration to CertVerifier"

This reverts commit 84083630b321a14f7f56ec3f9f4d2bfcaf3b7a90.

Reason for revert:

Findit (https://goo.gl/kROfz5) identified CL at revision 583329 as the
culprit for failures in the build cycles as shown on:
https://findit-for-me.appspot.com/waterfall/culprit?key=ag9zfmZpbmRpdC1mb3ItbWVyRAsSDVdmU3VzcGVjdGVkQ0wiMWNocm9taXVtLzg0MDgzNjMwYjMyMWExNGY3ZjU2ZWMzZjlmNGQyYmZjYWYzYjdhOTAM

Sample Failed Build: https://ci.chromium.org/buildbot/chromium.memory/Linux%20MSan%20Tests/11204

Sample Failed Step: unit_tests

Original change's description:
> Introduce explicit configuration to CertVerifier
> 
> Presently, CertVerifier::Verify() takes a series of per-verification
> flags that express the ways in which certificate verification may be
> configured. However, these flags represent overall verifier-wide
> configuration, in that they are tied to user preferences or enterprise
> policies. These flags are plumbed through the layers by virtue of
> SSLConfig, but generally do not change between verifications.
> 
> As part of making the verification configuration opaque to callers,
> move the flags from being something passed in each verifier-call to
> something that is implicitly handled on the CertVerifier, via the
> CertVerifier::Config. All verifications started will share the same
> configuration, while allowing callers to focus on the per-verification
> parameters that are unique (such as the hostname or certificate).
> This sets the stage for moving the CRLSet in as explicit CertVerifier
> configuration, rather than passed-per-call, as well as to having the
> socket pools more intelligently respond to these configuration changes.
> 
> TBR: zea@chromium.org, pmarko@chromium.org
> Bug: 848277,  854635 
> Cq-Include-Trybots: luci.chromium.try:linux_mojo;master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
> Change-Id: I2098783f1c4100720438e2dea447a24789ebf8c9
> Reviewed-on: https://chromium-review.googlesource.com/1122709
> Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
> Reviewed-by: Nicolas Zea <zea@chromium.org>
> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
> Reviewed-by: Daniel Cheng <dcheng@chromium.org>
> Reviewed-by: Matt Menke <mmenke@chromium.org>
> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
> Reviewed-by: Richard Coles <torne@chromium.org>
> Reviewed-by: mark a. foltz <mfoltz@chromium.org>
> Reviewed-by: Eric Roman <eroman@chromium.org>
> Reviewed-by: Helen Li <xunjieli@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#583329}

Change-Id: I66ddbb6fa85d604bc1fa177f5657008a5e8f0fe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 848277,  854635 
Cq-Include-Trybots: luci.chromium.try:linux_mojo;master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Reviewed-on: https://chromium-review.googlesource.com/1176763
Cr-Commit-Position: refs/heads/master@{#583463}
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/android_webview/DEPS
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/android_webview/browser/net/aw_url_request_context_getter.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/android_webview/browser/net/aw_url_request_context_getter_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/chromeos/policy/policy_cert_verifier.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/chromeos/policy/policy_cert_verifier.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/io_thread.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/net/trial_comparison_cert_verifier.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/net/trial_comparison_cert_verifier.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/net/trial_comparison_cert_verifier_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/ssl/certificate_error_report.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/ssl/certificate_error_report.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/ssl/common_name_mismatch_handler.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/ssl/ssl_config_service_manager_pref.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/chrome/browser/ssl/ssl_config_service_manager_pref_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/components/captive_portal/captive_portal_detector.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/components/cast_channel/cast_socket.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/components/cronet/ios/Cronet.mm
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/content/browser/web_package/signed_exchange_handler_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/google_apis/gcm/tools/mcs_probe.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/BUILD.gn
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/base/load_flags_list.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/caching_cert_verifier.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/caching_cert_verifier.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verifier.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verifier.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verifier_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verify_proc.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verify_proc.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verify_proc_builtin.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verify_proc_mac.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verify_proc_nss.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verify_proc_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/cert_verify_proc_win.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/mock_cert_verifier.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/multi_threaded_cert_verifier.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/multi_threaded_cert_verifier.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/cert/multi_threaded_cert_verifier_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/data/ssl/certificates/README
[delete] https://crrev.com/2fcd0208b3f849c13d52a89ec357eb25793032cc/net/data/ssl/certificates/www.ahrn.com.pem
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/http/http_network_transaction.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/http/http_stream_factory_job.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/proxy_resolution/pac_file_fetcher_impl.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/proxy_resolution/pac_file_fetcher_impl_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/quic/crypto/proof_verifier_chromium_test.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/ssl/ssl_config.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/ssl/ssl_config.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/ssl/ssl_config_service.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/ssl/ssl_config_service.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/ssl/ssl_config_service_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/ssl/ssl_config_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/net/url_request/url_request_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/remoting/protocol/ssl_hmac_channel_authenticator.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/services/network/BUILD.gn
[delete] https://crrev.com/2fcd0208b3f849c13d52a89ec357eb25793032cc/services/network/cert_verifier_config_type_converter.cc
[delete] https://crrev.com/2fcd0208b3f849c13d52a89ec357eb25793032cc/services/network/cert_verifier_config_type_converter.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/services/network/ignore_errors_cert_verifier.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/services/network/ignore_errors_cert_verifier.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/services/network/network_context.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/services/network/ssl_config_service_mojo.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/services/network/ssl_config_service_mojo.h
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/services/network/ssl_config_service_mojo_unittest.cc
[modify] https://crrev.com/59b29ea781de1d90d967842d22c1c8ee616c121e/services/network/ssl_config_type_converter.cc

Project Member

Comment 14 by bugdroid1@chromium.org, Aug 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/24fe268fd13ed59f189c7cd688e472adb7489fe9

commit 24fe268fd13ed59f189c7cd688e472adb7489fe9
Author: Ryan Sleevi <rsleevi@chromium.org>
Date: Thu Aug 16 21:33:46 2018

Introduce explicit configuration to CertVerifier

Presently, CertVerifier::Verify() takes a series of per-verification
flags that express the ways in which certificate verification may be
configured. However, these flags represent overall verifier-wide
configuration, in that they are tied to user preferences or enterprise
policies. These flags are plumbed through the layers by virtue of
SSLConfig, but generally do not change between verifications.

As part of making the verification configuration opaque to callers,
move the flags from being something passed in each verifier-call to
something that is implicitly handled on the CertVerifier, via the
CertVerifier::Config. All verifications started will share the same
configuration, while allowing callers to focus on the per-verification
parameters that are unique (such as the hostname or certificate).
This sets the stage for moving the CRLSet in as explicit CertVerifier
configuration, rather than passed-per-call, as well as to having the
socket pools more intelligently respond to these configuration changes.

Originally landed in https://chromium-review.googlesource.com/c/chromium/src/+/1122709

TBR: zea@chromium.org, kinuko@chromium.org, torne@chromium.org, mfoltz@chromium.org, sergeyu@chromium.org, xunjieli@chromium.org, pmarko@chromium.org
Bug: 848277,  854635 
Change-Id: Ie113be88c88d86a5abbff200aa623b97bca461a3
Cq-Include-Trybots: luci.chromium.try:linux_mojo;master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Reviewed-on: https://chromium-review.googlesource.com/1177801
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#583823}
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/android_webview/DEPS
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/android_webview/browser/net/aw_url_request_context_getter.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/android_webview/browser/net/aw_url_request_context_getter_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/chromeos/policy/policy_cert_verifier.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/chromeos/policy/policy_cert_verifier.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/io_thread.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/net/trial_comparison_cert_verifier.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/net/trial_comparison_cert_verifier.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/net/trial_comparison_cert_verifier_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/ssl/certificate_error_report.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/ssl/certificate_error_report.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/ssl/common_name_mismatch_handler.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/ssl/ssl_config_service_manager_pref.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/chrome/browser/ssl/ssl_config_service_manager_pref_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/components/captive_portal/captive_portal_detector.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/components/cast_channel/cast_socket.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/components/cronet/ios/Cronet.mm
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/content/browser/web_package/signed_exchange_handler_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/google_apis/gcm/tools/mcs_probe.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/BUILD.gn
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/base/load_flags_list.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/caching_cert_verifier.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/caching_cert_verifier.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verifier.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verifier.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verifier_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verify_proc.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verify_proc.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verify_proc_builtin.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verify_proc_mac.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verify_proc_nss.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verify_proc_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/cert_verify_proc_win.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/mock_cert_verifier.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/multi_threaded_cert_verifier.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/multi_threaded_cert_verifier.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/cert/multi_threaded_cert_verifier_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/data/ssl/certificates/README
[add] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/data/ssl/certificates/www.ahrn.com.pem
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/http/http_network_transaction.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/http/http_stream_factory_job.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/proxy_resolution/pac_file_fetcher_impl.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/proxy_resolution/pac_file_fetcher_impl_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/quic/crypto/proof_verifier_chromium_test.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/ssl/ssl_config.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/ssl/ssl_config.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/ssl/ssl_config_service.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/ssl/ssl_config_service.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/ssl/ssl_config_service_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/ssl/ssl_config_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/net/url_request/url_request_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/remoting/protocol/ssl_hmac_channel_authenticator.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/BUILD.gn
[add] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/cert_verifier_config_type_converter.cc
[add] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/cert_verifier_config_type_converter.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/ignore_errors_cert_verifier.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/ignore_errors_cert_verifier.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/network_context.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/ssl_config_service_mojo.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/ssl_config_service_mojo.h
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/ssl_config_service_mojo_unittest.cc
[modify] https://crrev.com/24fe268fd13ed59f189c7cd688e472adb7489fe9/services/network/ssl_config_type_converter.cc

Project Member

Comment 15 by bugdroid1@chromium.org, Aug 20

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b369d717da1996c2ead6fd86a1111e0d82260f32

commit b369d717da1996c2ead6fd86a1111e0d82260f32
Author: Ryan Sleevi <rsleevi@chromium.org>
Date: Mon Aug 20 16:43:22 2018

Move CRLSets to being part of CertVerifier::Config

This moves the handling for CRLSets out of the
CertVerifier::Verify() set of parameters and makes it an
explicit part of the CertVerifier::Config.

Notification for CRLSet changes are now plumbed through
the NetworkService to all of its NetworkContexts, rather
than being a singleton on the SSLConfigService.

In the process, this disables CRLSets for the
chrome.platformKeys.verifyTLSServerCertificate API, but
that is consistent with that API not observing other user
or system configuration settings, and is part of the
documented "subject to change at any time".

TBR: jamiewalch@chromium.org
Bug: 861849,  854635 
Cq-Include-Trybots: luci.chromium.try:linux_mojo;master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: I818be91106274c736e074fc81947c5cb51c57564
Reviewed-on: https://chromium-review.googlesource.com/1132706
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Derek Cheng <imcheng@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Reviewed-by: Joshua Pawlicki <waffles@chromium.org>
Reviewed-by: Helen Li <xunjieli@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#584474}
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/android_webview/browser/net/aw_url_request_context_getter_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/chromeos/policy/policy_cert_verifier.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/chromeos/policy/policy_cert_verifier.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/chromeos/policy/policy_cert_verifier_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/chromeos/policy/user_network_configuration_updater_factory_browsertest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/component_updater/crl_set_component_installer.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/component_updater/crl_set_component_installer.h
[add] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/component_updater/crl_set_component_installer_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/extensions/api/platform_keys/verify_trust_api.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/io_thread.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/net/system_network_context_manager.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/net/trial_comparison_cert_verifier.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/net/trial_comparison_cert_verifier.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/net/trial_comparison_cert_verifier_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/chrome/test/BUILD.gn
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/components/cast_channel/cast_socket.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/components/cronet/ios/Cronet.mm
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/content/browser/web_package/signed_exchange_handler.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/content/browser/web_package/signed_exchange_handler_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/google_apis/gcm/tools/mcs_probe.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/caching_cert_verifier.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/caching_cert_verifier.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/caching_cert_verifier_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/cert_verifier.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/cert_verifier.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/crl_set.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/mock_cert_verifier.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/mock_cert_verifier.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/multi_threaded_cert_verifier.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/multi_threaded_cert_verifier.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert/multi_threaded_cert_verifier_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/cert_net/nss_ocsp_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/data/ssl/certificates/crlset_by_root_subject_no_spki.raw
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/data/ssl/scripts/crlsetutil.py
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/data/ssl/scripts/generate-test-certs.sh
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/quic/crypto/proof_verifier_chromium.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/quic/crypto/proof_verifier_chromium_test.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/socket/ssl_client_socket_impl.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/ssl/ssl_config_service.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/ssl/ssl_config_service.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/net/url_request/url_request_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/remoting/protocol/ssl_hmac_channel_authenticator.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/BUILD.gn
[add] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/crl_set_distributor.cc
[add] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/crl_set_distributor.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/ignore_errors_cert_verifier.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/ignore_errors_cert_verifier.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/ignore_errors_cert_verifier_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/network_context.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/network_service.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/network_service.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/network_service_unittest.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/public/mojom/BUILD.gn
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/public/mojom/network_service.mojom
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/ssl_config_service_mojo.cc
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/ssl_config_service_mojo.h
[modify] https://crrev.com/b369d717da1996c2ead6fd86a1111e0d82260f32/services/network/ssl_config_service_mojo_unittest.cc

Labels: -M-69 M-70
Status: Verified (was: Started)

Sign in to add a comment