summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
authordavidben <davidben@chromium.org>2015-08-17 11:28:52 -0700
committerCommit bot <commit-bot@chromium.org>2015-08-17 18:29:20 +0000
commitc6435a7aa061b2c32d2a015cd7acb57f4e395888 (patch)
tree9b2ef73352ff6e91ae18424a96647b3d3e3682a7 /tools
parent3bbbdd2e7097ae5cc99c3f46f1b80c5b1d56200f (diff)
downloadchromium_src-c6435a7aa061b2c32d2a015cd7acb57f4e395888.zip
chromium_src-c6435a7aa061b2c32d2a015cd7acb57f4e395888.tar.gz
chromium_src-c6435a7aa061b2c32d2a015cd7acb57f4e395888.tar.bz2
Treat failure to parse certificates as SSL protocol errors.
Right now, failure to parse certificates map to ERR_SSL_PROTOCOL_ERROR (or ERR_FAILED in NSS because our error-mapping logic isn't very good for either case), however since we use two certificate libraries together, it's possible for BoringSSL to accept a certificate while the platform doesn't. (Especially so because BoringSSL is still using OpenSSL's legacy X.509 stack which is very shoddy. Also Windows will refuse to parse things like certificates which expire on 0001-01-01.) Today, this results in ERR_CERT_INVALID (IsCertificateError gives true) with a NULL X509Certificate, crashing everywhere. Instead, these errors should be treated the same as if BoringSSL internally rejected the certificate. Map them to a new error code (for ease of debugging), ERR_SSL_SERVER_CERT_BAD_FORMAT. IsCertificateError will return false for this error. We should now actually maintain the invariant that IsCertificateError implies there is a certificate available. The user-visible error page just inherits ERR_SSL_PROTOCOL_ERROR's strings, as there is no meaningful difference between "BoringSSL rejected the cert" and "BoringSSL rejected the cert but Windows didn't". Likewise, this error is unrecoverable, matching ERR_SSL_PROTOCOL_ERROR. This removes support for using SSLClientSocket in an environment where X509Certificates cannot be created. With remoting no longer using the internal plugin, this is no longer necessary. BUG=91341 Review URL: https://codereview.chromium.org/1286793002 Cr-Commit-Position: refs/heads/master@{#343720}
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions