forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Introduce the ability to detect/block known interception certs
This introduces a new net::Error and two net::CertStatuses that can be used to signal a known interception certificate is either detected or blocked (mutually exclusive). The blocking is implemented via CRLSet, and can thus be provisioned both in-binary and out-of-band (where dynamic CRLSet updates are supported). ERR_CERT_KNOWN_INTERCEPTION_BLOCKED will be set when a known interception cert has been actively blocked. In addition, the CertStatuses CERT_STATUS_REVOKED and CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED are set. CERT_STATUS_KNOWN_INTERCEPTION_DETECTED will be set when a known interception cert is detected in the verified chain. It is a non-error status. In this revision, if a known interception root is blocked, HSTS does not cause the error to be fatal/non-overridable. This is because the error is generated client side, not server-side, and in the case of Known MITM, there's ambiguous signal of user intent. Normally, locally-installed anchors would not be blocked at all (thus not cause any HSTS errors), and this preserves that element of local-device policy taking priority over the remote server's preferences. Because it's implemented via CRLSets, blocking certificates only works on platforms that integrate CRLSets as part of path building/verification. However, notification is implemented on all platforms, as that runs after a certificate path has been constructed. Bug: 1014704 Change-Id: I7d20ae4366f04b02fc709a7d2c5e012bda4d0080 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1904545 Commit-Queue: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Richard Coles <torne@chromium.org> Reviewed-by: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/master@{#717407}
- Loading branch information
Showing
34 changed files
with
718 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.