| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
BUG=65540
TEST=net_unittests --gtest_filter=X509CertificateTest.VerifyReturn*
Review URL: http://codereview.chromium.org/6874039
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94832 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
| |
rather than caching raw X509Certificate pointers.
TEST=X509CertificateTest.Cache, X509CertificateTest.Intermediates
BUG=32623, 47648, 49377, 68448, 70216, 77374, 78038
Review URL: http://codereview.chromium.org/2944008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92977 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
| |
- uses the IP address parsing already done by the canonicalizer
- requires googleurl roll to r159 (http://codereview.chromium.org/7346008/)
BUG=62973
TEST=X509CertificateNameVerifyTest.VerifyHostname
Review URL: http://codereview.chromium.org/7204053
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92342 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Full IP support
Add suppport for partial wildcards in hostnames
BUG=62973
TEST=X509CertificateNameVerifyTest.VerifyHostname
(Reverted commit: http://src.chromium.org/viewvc/chrome?view=rev&revision=92006)
Review URL: http://codereview.chromium.org/7218011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92121 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- its making Windows net_unittests hang on startup e.g. http://build.chromium.org/p/chromium/builders/XP%20Tests%20%282%29/builds/5386/steps/net_unittests/logs/stdio
Full IP support
Add suppport for partial wildcards in hostnames
BUG=62973
TEST=X509CertificateNameVerifyTest.VerifyHostname
Review URL: http://codereview.chromium.org/7218011
TBR=joth@chromium.org
Review URL: http://codereview.chromium.org/7329046
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92009 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
| |
Full IP support
Add suppport for partial wildcards in hostnames
BUG=62973
TEST=X509CertificateNameVerifyTest.VerifyHostname
Review URL: http://codereview.chromium.org/7218011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92006 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
| |
This reverts commit r88333, effectively reapplying r88331. The original failure
turned out to be just a flake.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88335 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
| |
This reverts commit r88331.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88333 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=net_unittests
http://codereview.chromium.org/6993027/
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88331 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
| |
This is part of the CRL filter work.
BUG=none
TEST=none
http://codereview.chromium.org/7096014/
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87619 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=58437
TEST=go to <https://2029.globalsign.com> and verify the EV status
Unit Test (This test has been DISABLED because it fails
when "./netunittests" is run, though it passes individually.):
"net_unittests --gtest_filter=X509CertificateTest.GlobalSignR3EVTest"
Review URL: http://codereview.chromium.org/7037031
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86632 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
| |
When persisting an X509Certificate to a pickle, such as when storing to the HTTP cache, persist any intermediate certificates in addition to the end-entity certificate. This will allow the complete certificate chain to be displayed to the end user when viewing a cached entry, independent of whether a network request has been made to that site during the browsing session.
R=agl
BUG=7065
TEST=X509CertificateTest.Persist
Review URL: http://codereview.chromium.org/4645001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@82214 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/crypto is now an independent project that contains our
cryptographic primitives (except md5 and sha1).
This removes the base dependency from nss, openssl and sqlite.
BUG=76996
TEST=none
Review URL: http://codereview.chromium.org/6805019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81611 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tests ExtractSPKIFromDERCert & PublicKeyHashes are failing (you can see them here: http://goo.gl/Rc3OA )
Follow up to http://src.chromium.org/viewvc/chrome?view=rev&revision=81259
- implements GetDEREncoded for opensll
- adds public_key_hashes support in openssl X509Certificate::Verify
- small change to unit test to make it much easier to diagnose failures.
BUG=None
TEST=net_unittests --gtest_filter=X509Certificate*
Review URL: http://codereview.chromium.org/6826065
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81398 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is intended for use with future support for HSTS or CAA pinning of
certificate chains. Since we build certificate chains from a pool of
certificates, and certificates get reissued with updated expiries etc, only the
public keys in the chain will always match. Thus we match on SHA1 hashes of
SubjectPublicKeyInfos.
BUG=none
TEST=net_unittests
Review URL: http://codereview.chromium.org/6821010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81259 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
| |
(disabled in r80801)
I can't find anything wrong with it with Valgrind so I want to see
if the TSAN blowup was a fluke.
BUG=none
TEST=none
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80932 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
| |
It hung the TSAN bot, although I don't know why:
http://build.chromium.org/p/chromium.memory/builders/Windows%20Tests%20%28tsan%29/builds/3531/steps/memory%20test%3A%20net/logs/stdio
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80801 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have several places where a need to distinguish `real' root CAs from
user-added root CAs will be useful:
1) Monoscope wants to inspect correctly signed, but unknown certificates, but
doesn't want to deal with proxy MITM certificates.
2) HSTS is likely to add a method for pinning to a certificate, but we don't
want to break every proxy MITM with it.
This change adds several lists of known, `real' roots. These lists present an
ongoing maintainance issue. However, in the event that the lists are incomplete
in the future, we fail open. This is because roots not in these lists are
treated as user-added and user-added roots have more authority than `real'
roots.
In some sense, this is a problem because it might be a security issue that new
roots are given too much authority. On the other hand, we're not breaking
things when we're behind on updating the lists so the maintainance issue isn't
too pressing.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6793041
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80778 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
| |
Also removes several empty and unused gtest test fixtures.
R=willchan@chromium.org
Review URL: http://codereview.chromium.org/6676134
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@79411 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
| |
(followup on r78478)
BUG=none
TEST=X509CertificateTest.SerialNumbers
Review URL: http://codereview.chromium.org/6708027
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78869 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tests for NE(OK..) rather than EQ(ERR_CERT_INVALID...).
Don't test for CERT_STATUS_INVALID.
Reason: openssl uses CERT_STATUS_AUTHORITY_INVALID for this cert.
(in fact, it now uses the same errors conditions as UnoSoftCertParsing).
BUG=none
TEST=X509CertificateTest.InvalidKeyUsage passes with use_openssl=1
Review URL: http://codereview.chromium.org/6665024
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78531 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6670065
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78478 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
doesn't have the keyEncipherment bit should be reported
as CERT_STATUS_INVALID.
Map more NSS certificate errors.
R=rsleevi
BUG=70293
TEST=net_unittests --gtest_filter=X509CertificateTest.InvalidKeyUsage
Review URL: http://codereview.chromium.org/6626033
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77661 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
| |
(see error at:
http://build.chromium.org/p/chromium.memory/builders/Chromium%20Mac%20%28valgrind%29/builds/2279/steps/memory%20test%3A%20net/logs/stdiohttp://build.chromium.org/p/chromium.memory/builders/Chromium%20Mac%20%28valgrind%29/builds/2279/steps/memory%20test%3A%20net/logs/stdio)
BUG=none
TEST=mac-valgrind is green
Review URL: http://codereview.chromium.org/6625086
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77312 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=X509CertificateNameVerifyTest.VerifyHostname, and also compiles with use_openssl=1 flag.
Review URL: http://codereview.chromium.org/6627051
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77285 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to check if a name matches a cert without doing a full certificate verify.
Use the API provided as part of NSS. For other platforms, provide a default
implementation based on GetDNSNames.
BUG=none
TEST=X509CertificateTest.WebkitCertParsing
Review URL: http://codereview.chromium.org/6612013
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@76824 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
| |
BUG=67929
TEST=BUILD
Review URL: http://codereview.chromium.org/6312157
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@74115 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
| |
http://codereview.chromium.org/6002003/
R=hclam
BUG=none
TEST=net_unittests --gtest_filter=X509*
Review URL: http://codereview.chromium.org/6049010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73384 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Defines a SSLServerSocket interface. Implement this interface using NSS as
SSLServerSocketNSS.
This is the first version of the code. It disables several functions of NSS
like caching, session ticket, reneogotiation, etc. This is implemented to
suit the needs of Chromoting. Additional features of this socket will be added
when necessary.
BUG=None
TEST=None
Review URL: http://codereview.chromium.org/5746003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70041 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to run SSLServerSocketNSS on windows a self signed certificate is
needed.
BUG=None
TEST=net_unittests --gtest_filter=X509*
Review URL: http://codereview.chromium.org/6002003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69984 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to run a SSL server certificate and private key is needed. In the case
of Chromoting the first step is to use self signed cert. This change allows to
issue self signed cert. This is only implemented in NSS.
BUG=None
TEST=net_unittests
Review URL: http://codereview.chromium.org/5754001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69573 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tests on Windows, rather than requiring the machine to be pre-configured out-of-band.
Given the lack of a Microsoft-provided high-level API to supply application-level trusts to the verification routines, this implements a workaround that intercepts attempts to open the trusted system root store and injects the test certificates directly. This allows the unit tests to work without requiring that the Test CA be added to the machine's Trusted Certificates store.
While doing so, clean up the interface to adding/removing trusted test certificates, so as to support more than one trusted certificate if necessary.
BUG=8470
TEST=To follow
Review URL: http://codereview.chromium.org/4646001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69351 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
| |
This CL was created automatically by this clang rewriter: http://codereview.appspot.com/2776043/ . I manually fixed a few rough spots of the rewriter output (doh1-3) and fixed all presubmit errors.
BUG=28083
TEST=None
Review URL: http://codereview.chromium.org/4192012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64573 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
| |
Depends on http://codereview.chromium.org/3565006/show
TEST=Existing *X509* tests should pass.
Review URL: http://codereview.chromium.org/3529008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61955 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using X509Certificate::FORMAT_AUTO, parsing is attempted optimistically first by seeing if the data decodes as any of the supported binary formats. The NSS routine used to handle PKCS#7 data is actually a generic routine, capable of supporting multiple formats.
When a PEM encoded certificate is decoded using PKCS#7, as is the case with FORMAT_AUTO, NSS will, upon encountering a failure to parse as PKCS#7, attempt to PEM decode the data and parse as either a certificate or a PKCS#7 structure. The problem with NSS's implementation is that it only decodes a single certificate, rather than all of the certificates in the file, preventing a full PEM chain from being read in.
The solution is to no longer optimistically try to decode the data as binary prior to trying to decode as PEM, and instead unconditionally attempt decoding as PEM-wrapped data before falling back to binary. This allows our handling routines to properly parse all of the supported PEM types, before the underlying crypto library is exposed to the data.
BUG=37142
TEST=X509CertificateParseTest.CanParseFormat
Review URL: http://codereview.chromium.org/3148034
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60023 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the X.509 parsing tests rely on a certain number of principals being returned, and will crash otherwise. Change the checks to be ASSERT_, so that the test fails gracefully rather than bringing down net_unittests
BUG=none
TEST=X509CertificateTest.*
Review URL: http://codereview.chromium.org/3142016
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57004 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the CA does not send us intermediate certificates, we may not be able to
build a chain up to the relevant issuer. Instead, search the chain for
certificates with just the correct issuer.
R=wtc
BUG=50980
TEST=X509CertificateTest.IsIssuedBy
Review URL: http://codereview.chromium.org/3052035
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54780 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PEM-encoded PKCS#7 certificates that are marked with PEM pre-encapsulation boundary of BEGIN CERTIFICATE.
OS X ignores the caller-supplied format if it determines that the incoming data is PEM encoded, attempting to parse using an internal routine that determines the incoming format based on the PEM block header. On 10.5, this results in invalid certificate handles being returned, because the data is not actually a certificate, and this propagates into invalid X509Certificates. By sanity checking the returned handles using the same method as CreateOSCertHandleFromBytes, the problem can be caught and the data can be decoded by PEMTokenizer into a format that 10.5 will respect.
R=wtc
BUG=49887
TEST=X509CertificateParseTest.CanParseFormat no longer fails on OS X 10.5 for variations /5 and /11
Review URL: http://codereview.chromium.org/3019019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53467 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509CertificateParseTest is failing for PKCS#7 data from PEM encoded blocks. When it fails, it crashes net_unittests because of an out-of-bounds read.
Mark the test as FLAKY on OS X, and change the EXPECT to an ASSERT to suppres the crash
BUG=49887
TEST=X509CertificateParseTest.CanParseFormat on OS X 10.5 no longer crashes
Review URL: http://codereview.chromium.org/2868064
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53305 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning.
This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI.
R=wtc
BUG=37142
TEST=X509CertificateParseTest* and PEMTokenizerTest.*
Review URL: http://codereview.chromium.org/2819018
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning.
This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI.
R=wtc
BUG=37142
TEST=X509CertificateParseTest* and PEMTokenizerTest.*
Review URL: http://codereview.chromium.org/2819018
TBR=rsleevi@chromium.org
Review URL: http://codereview.chromium.org/2812064
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52801 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning.
This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI.
R=wtc
BUG=37142
TEST=X509CertificateParseTest* and PEMTokenizerTest.*
Review URL: http://codereview.chromium.org/2819018
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52799 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename Principal->CertPrincipal, Policy->CertPolicy, both of which are merely syntatic fluff.
Rename Fingerprint->SHA1Fingerprint, which is more important since those using the fingerprint, such as the unit tests, were truly hardcoded against SHA-1 fingerprints, and if the fingerprint ever changed, wouldn't cause errors until run time.
R=wtc
BUG=None
TEST=Compilers stay green
Review URL: http://codereview.chromium.org/2815048
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52789 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
| |
assume ownership
R=wtc
BUG=47463
TEST=none
Review URL: http://codereview.chromium.org/2867026
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50938 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
| |
certificate handles during the execution of the test.
R=wtc
BUG=none
TEST=X509CertificateTest.IntermediateCertificates
Review URL: http://codereview.chromium.org/2809024
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50781 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
| |
based on sprewell's patch
Review URL: http://codereview.chromium.org/2069009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47687 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when we are likely to be missing intermediate CA certificates.
Work around the SEC_ERROR_POLICY_VALIDATION_FAILED error from
CERT_PKIXVerifyCert by retrying CERT_PKIXVerifyCert with the
certificate policy in the certificate.
Map SEC_ERROR_POLICY_VALIDATION_FAILED to ERR_CERT_INVALID
if we can't work around the error.
Start the migration away from test_certificate_data.h to the
certificate files in the src/net/data/ssl/certificates
directory.
R=eroman
BUG=31497,30891,37549
TEST=A new unit test. To verify the fix for issue 31497
manually, must install the "DoD Root CA 2" certificate first
(see comment 9 of bug 31497).
Review URL: http://codereview.chromium.org/545103
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42118 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
| |
BUG=32553,30001
TEST=none
Review URL: http://codereview.chromium.org/661223
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40797 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
| |
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40743 0039d316-1c4b-4281-b951-d872f2087c98
|
|
|
|
|
|
|
|
|
| |
BUG=32553,30001
TEST=none
Review URL: http://codereview.chromium.org/661223
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40742 0039d316-1c4b-4281-b951-d872f2087c98
|