Google Git
Sign in
chromium / chromium / src.git / 38c55d3a45cde047705782e49eb298715171f142
commit38c55d3a45cde047705782e49eb298715171f142[log] [tgz]
authorDavid Benjamin <[email protected]>Mon Jan 10 18:59:10 2022
committerChromium LUCI CQ <[email protected]>Mon Jan 10 18:59:10 2022
tree34e58047520d02af94df534ff734208199137230
parentf0bfc2dec22a8edc3fb431f6b9fae3a68a5d972d [diff]
Remove CERT_ERROR_IN_RENEGOTIATION

Found a stray TODO. This was added in
https://codereview.chromium.org/118410, at a time when we surfaced
certificate errors out of SSLClientSocket::Read. However, we've since
forbidden server certificates from changing altogether, to mitigate
3SHAKE (https://mitls.org/pages/attacks/3SHAKE) and generally simplify
using TLS.

As of https://boringssl-review.googlesource.com/c/boringssl/+/14028/ and
https://boringssl-review.googlesource.com/c/boringssl/+/19665/,
BoringSSL enforces the certificates match internally, and it will not
even call the certificate verification callback on renegotiation. That
means is not possible to get a certificate verification error outside
the handshake.

Change-Id: I840aa41606fe9566fffe5538068dc1658152ed65
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3353746
Reviewed-by: Matt Mueller <[email protected]>
Reviewed-by: Richard Coles <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Cr-Commit-Position: refs/heads/main@{#957127}
3 files changed
tree: 34e58047520d02af94df534ff734208199137230
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. codelabs/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. weblayer/
  53. .clang-format
  54. .clang-tidy
  55. .eslintrc.js
  56. .git-blame-ignore-revs
  57. .gitattributes
  58. .gitignore
  59. .gn
  60. .mailmap
  61. .rustfmt.toml
  62. .vpython
  63. .vpython3
  64. .yapfignore
  65. AUTHORS
  66. BUILD.gn
  67. CODE_OF_CONDUCT.md
  68. codereview.settings
  69. DEPS
  70. DIR_METADATA
  71. ENG_REVIEW_OWNERS
  72. LICENSE
  73. LICENSE.chromium_os
  74. OWNERS
  75. PRESUBMIT.py
  76. PRESUBMIT_test.py
  77. PRESUBMIT_test_mocks.py
  78. README.md
  79. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.