Issue 887007 link

Starred by 3 users

Issue metadata

Status:	Fixed
Owner:	jam@chromium.org
Closed:	Nov 12
Components:	Internals>Services>Network
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	2
Type:	Bug
Proj-Servicification Proj-Servicification-Canary

Blocking:
issue 827532

network service should use CertVerifyProcChromeOS on chromeos

Project Member Reported by mattm@chromium.org, Sep 19

Issue description

When using network service it will currently create a CertVerifier using net::CertVerifier::CreateDefault() on all platforms.

On chromeos, it should use chromeos::CertVerifyProcChromeOS instead.
For "system" UrlRequestContexts it should use the default constructor, chromeos::CertVerifyProcChromeOS(), while for "profile" URLRequestContexts it should use chromeos::CertVerifyProcChromeOS(std::move(public_slot_for_profile)));

This is required to avoid certificates imported in one profile from affecting other profiles or system url requests.

(see
https://cs.chromium.org/chromium/src/chrome/browser/io_thread.cc?rcl=20136a68eadb1aaeda4252b590f0bcc047c04ebe&l=454
and
https://cs.chromium.org/chromium/src/chrome/browser/profiles/profile_io_data.cc?rcl=c6955546f2b24aca4e10f61f5ed1a123a7f22c6e&l=1057
for how it's done in the non-network service world).

Comment 1 by mattm@chromium.org, Sep 21

Also, while CertVerifyProcChromeOS has a unittest (chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc), I think there is no browser_test that would catch that it is not hooked up.

Comment 2 by dxie@google.com, Sep 21

Status: Available (was: Untriaged)

Comment 3 by rsleevi@chromium.org, Sep 25

Matt: Possible dupe of https://bugs.chromium.org/p/chromium/issues/detail?id=862043 ?

Comment 4 by mattm@chromium.org, Sep 25

They could be addressed at the same time, but using CertVerifyProcChromeOS and PolicyCertVerifier are independent. Wanted to ensure this part wasn't missed.

Comment 5 by rmcelrath@chromium.org, Oct 17

Owner: jam@chromium.org
Status: Assigned (was: Available)

Project Member

Comment 6 by bugdroid1@chromium.org, Oct 26

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa

commit c626ad1cb4b95c14dc084ae2827f3b8d143a28aa
Author: John Abd-El-Malek <jam@chromium.org>
Date: Fri Oct 26 20:47:17 2018

Support policy-pushed trust anchors on ChromeOS with network service.

Also use CertVerifyProcChromeOS.

Bug:  862043 ,  887007 
Change-Id: I42bc36d58065db35cc70a1a2c587affec25a955a
Reviewed-on: https://chromium-review.googlesource.com/c/1292830
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#603187}
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/DEPS
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chromeos/BUILD.gn
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chromeos/login/users/multi_profile_user_controller_unittest.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chromeos/policy/policy_cert_service.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chromeos/policy/policy_cert_service.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chromeos/policy/policy_cert_service_factory.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chromeos/policy/policy_cert_service_factory.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/chromeos/policy/user_network_configuration_updater_factory_browsertest.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/io_thread.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/net/profile_network_context_service.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/net/profile_network_context_service.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/profiles/profile_io_data.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/browser/ui/ash/session_controller_client_unittest.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/chrome/test/BUILD.gn
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/content/browser/network_service_client.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/content/browser/network_service_client.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/content/public/browser/content_browser_client.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/BUILD.gn
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/OWNERS
[rename] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/cert_verifier_with_trust_anchors.cc
[rename] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/cert_verifier_with_trust_anchors.h
[rename] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/cert_verifier_with_trust_anchors_unittest.cc
[rename] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/cert_verify_proc_chromeos.cc
[rename] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/cert_verify_proc_chromeos.h
[rename] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/cert_verify_proc_chromeos_unittest.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/network_context.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/network_context.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/public/mojom/network_context.mojom
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/public/mojom/network_service.mojom
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/test/test_network_context.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/test/test_network_service_client.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/test/test_network_service_client.h
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/services/network/url_loader_unittest.cc
[modify] https://crrev.com/c626ad1cb4b95c14dc084ae2827f3b8d143a28aa/testing/buildbot/filters/mojo.fyi.chromeos.network_browser_tests.filter

Project Member

Comment 7 by bugdroid1@chromium.org, Oct 26

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/be4a3ee09cf6395b33723c6b2d319b5328ac38f3

commit be4a3ee09cf6395b33723c6b2d319b5328ac38f3
Author: Findit <findit-for-me@appspot.gserviceaccount.com>
Date: Fri Oct 26 21:56:06 2018

Revert "Support policy-pushed trust anchors on ChromeOS with network service."

This reverts commit c626ad1cb4b95c14dc084ae2827f3b8d143a28aa.

Reason for revert:

Findit (https://goo.gl/kROfz5) identified CL at revision 603187 as the
culprit for failures in the build cycles as shown on:
https://findit-for-me.appspot.com/waterfall/culprit?key=ag9zfmZpbmRpdC1mb3ItbWVyRAsSDVdmU3VzcGVjdGVkQ0wiMWNocm9taXVtL2M2MjZhZDFjYjRiOTVjMTRkYzA4NGFlMjgyN2YzYjhkMTQzYTI4YWEM

Sample Failed Build: https://ci.chromium.org/buildbot/chromium.chromiumos/linux-chromeos-dbg/8527

Sample Failed Step: compile

Original change's description:
> Support policy-pushed trust anchors on ChromeOS with network service.
> 
> Also use CertVerifyProcChromeOS.
> 
> Bug:  862043 ,  887007 
> Change-Id: I42bc36d58065db35cc70a1a2c587affec25a955a
> Reviewed-on: https://chromium-review.googlesource.com/c/1292830
> Reviewed-by: Nasko Oskov <nasko@chromium.org>
> Reviewed-by: Pavol Marko <pmarko@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#603187}

Change-Id: I67243629f4caf63da6e1e943dd9321a4b0e9f7a7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  862043 ,  887007 
Reviewed-on: https://chromium-review.googlesource.com/c/1303175
Cr-Commit-Position: refs/heads/master@{#603202}
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/DEPS
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/BUILD.gn
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/login/users/multi_profile_user_controller_unittest.cc
[rename] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/net/cert_verify_proc_chromeos.cc
[rename] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/net/cert_verify_proc_chromeos.h
[rename] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/policy/policy_cert_service.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/policy/policy_cert_service.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/policy/policy_cert_service_factory.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/policy/policy_cert_service_factory.h
[rename] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/policy/policy_cert_verifier.cc
[rename] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/policy/policy_cert_verifier.h
[rename] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/policy/policy_cert_verifier_unittest.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/chromeos/policy/user_network_configuration_updater_factory_browsertest.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/io_thread.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/net/profile_network_context_service.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/net/profile_network_context_service.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/profiles/profile_io_data.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/browser/ui/ash/session_controller_client_unittest.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/chrome/test/BUILD.gn
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/content/browser/network_service_client.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/content/browser/network_service_client.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/content/public/browser/content_browser_client.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/BUILD.gn
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/OWNERS
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/network_context.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/network_context.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/public/mojom/network_context.mojom
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/public/mojom/network_service.mojom
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/test/test_network_context.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/test/test_network_service_client.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/test/test_network_service_client.h
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/services/network/url_loader_unittest.cc
[modify] https://crrev.com/be4a3ee09cf6395b33723c6b2d319b5328ac38f3/testing/buildbot/filters/mojo.fyi.chromeos.network_browser_tests.filter

Project Member

Comment 8 by bugdroid1@chromium.org, Oct 26

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/21bca7c96239e737e64a1455c7330cb448cad312

commit 21bca7c96239e737e64a1455c7330cb448cad312
Author: John Abd-El-Malek <jam@chromium.org>
Date: Fri Oct 26 22:13:33 2018

Support policy-pushed trust anchors on ChromeOS with network service.

Also use CertVerifyProcChromeOS.

TBR=nasko@chromium.org, pmarko@chromium.org

Bug:  862043 ,  887007 
Change-Id: I5250a59fc18073ef4997dcb881392e79d080ded2
Reviewed-on: https://chromium-review.googlesource.com/c/1292830
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#603187}
Reviewed-on: https://chromium-review.googlesource.com/c/1303052
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#603214}
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/DEPS
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chromeos/BUILD.gn
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chromeos/login/users/multi_profile_user_controller_unittest.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chromeos/policy/policy_cert_service.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chromeos/policy/policy_cert_service.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chromeos/policy/policy_cert_service_factory.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chromeos/policy/policy_cert_service_factory.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/chromeos/policy/user_network_configuration_updater_factory_browsertest.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/io_thread.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/net/profile_network_context_service.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/net/profile_network_context_service.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/profiles/profile_io_data.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/profiles/profile_io_data.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/browser/ui/ash/session_controller_client_unittest.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/chrome/test/BUILD.gn
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/content/browser/network_service_client.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/content/browser/network_service_client.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/content/public/browser/content_browser_client.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/BUILD.gn
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/OWNERS
[rename] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/cert_verifier_with_trust_anchors.cc
[rename] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/cert_verifier_with_trust_anchors.h
[rename] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/cert_verifier_with_trust_anchors_unittest.cc
[rename] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/cert_verify_proc_chromeos.cc
[rename] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/cert_verify_proc_chromeos.h
[rename] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/cert_verify_proc_chromeos_unittest.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/network_context.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/network_context.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/public/mojom/network_context.mojom
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/public/mojom/network_service.mojom
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/test/test_network_context.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/test/test_network_service_client.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/test/test_network_service_client.h
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/services/network/url_loader_unittest.cc
[modify] https://crrev.com/21bca7c96239e737e64a1455c7330cb448cad312/testing/buildbot/filters/mojo.fyi.chromeos.network_browser_tests.filter

Comment 9 by jam@chromium.org, Nov 12

Status: Fixed (was: Assigned)

►

Issue 887007 link

Issue metadata

network service should use CertVerifyProcChromeOS on chromeos

Issue description

Comment 1 by mattm@chromium.org, Sep 21

Comment 1 Deleted

Comment 2 by dxie@google.com, Sep 21

Comment 2 Deleted

Comment 3 by rsleevi@chromium.org, Sep 25

Comment 3 Deleted

Comment 4 by mattm@chromium.org, Sep 25

Comment 4 Deleted

Comment 5 by rmcelrath@chromium.org, Oct 17

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Oct 26

Comment 6 Deleted

Comment 7 by bugdroid1@chromium.org, Oct 26

Comment 7 Deleted

Comment 8 by bugdroid1@chromium.org, Oct 26

Comment 8 Deleted

Comment 9 by jam@chromium.org, Nov 12

Comment 9 Deleted

Sign in to add a comment