My favorites | Sign in
Project Home Downloads Wiki Issues Code Search
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 116398: Security: SSL proxy seems to not care about the cert
1 person starred this issue and may be notified of changes. Back to list
 
Reported by kthan...@google.com, Mar 1, 2012
This template is ONLY for reporting security bugs. Please use a different
template for other types of bug reports.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS
Cert mismatch for SSL proxies appears to be ignored by Chrome.

VERSION
I think all version on all OSes but only tested Linux and Mac.

REPRODUCTION CASE

Point your proxy to https://spdypss-proxy.ext.google.com.  The cert is *.google.com which does not match yet the proxy works just fine.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]

Mar 3, 2012
#1 jsc...@chromium.org
It doesn't seem to be catching the cert mismatch. Does anyone on the CC list have a clue?
Labels: -Area-Undefined Area-Internals Internals-Network-SSL Internals-Network-Proxy Internals-Network-SPDY
Mar 5, 2012
#2 a...@chromium.org
(No comment was entered for this change.)
Status: Started
Owner: a...@chromium.org
Mar 5, 2012
#4 bugdro...@chromium.org
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=124970

------------------------------------------------------------------------
r124970 | agl@chromium.org | Mon Mar 05 10:26:51 PST 2012

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/net/http/http_proxy_client_socket_pool.cc?r1=124970&r2=124969&pathrev=124970

net: Disconnect proxy sockets that have a certificate error.

BUG=116398
TEST=Set a SPDY proxy with a certificate error. Ensure that requests always get ERR_PROXY_CERTIFICATE_INVALID, even with several reloads.


Review URL: http://codereview.chromium.org/9600022
------------------------------------------------------------------------
Mar 5, 2012
#5 a...@chromium.org
(No comment was entered for this change.)
Labels: Merge-Requested Mstone-17 Mstone-18
Mar 5, 2012
#6 jsc...@chromium.org
(No comment was entered for this change.)
Labels: SecSeverity-High SecImpacts-Stable SecImpacts-Beta
Mar 5, 2012
#7 infe...@chromium.org
Thanks Adam, we will take care of the merges.
Status: FixUnreleased
Labels: -Restrict-View-SecurityTeam -Pri-0 -Merge-Requested -Mstone-18 Restrict-View-SecurityNotify Pri-1 Merge-Approved
Mar 6, 2012
#8 a...@chromium.org
inferno: Karen provisionally approved for M18 if there were no problems in the canary today. This also affects M17.
Mar 6, 2012
#9 scarybea...@gmail.com
I think M18 is the best bet. We may have an emergency M17 release as part of Pwnium / Pwn2Own but if so we won't want to merge anything other than the urgent fixes.

M18 is only 2 weeks out anyway. Let's just merge to M18.
Labels: -Mstone-17 Mstone-18
Mar 6, 2012
#10 scarybea...@gmail.com
(No comment was entered for this change.)
Labels: -Merge-Approved Merge-Merged
Mar 6, 2012
#11 bugdro...@chromium.org
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=125285

------------------------------------------------------------------------
r125285 | cevans@chromium.org | Tue Mar 06 17:57:19 PST 2012

Changed paths:
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/net/http/http_proxy_client_socket_pool.cc?r1=125285&r2=125284&pathrev=125285

Merge 124970 - net: Disconnect proxy sockets that have a certificate error.

BUG=116398
TEST=Set a SPDY proxy with a certificate error. Ensure that requests always get ERR_PROXY_CERTIFICATE_INVALID, even with several reloads.


Review URL: http://codereview.chromium.org/9600022

TBR=agl@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9616050
------------------------------------------------------------------------
Labels: merge-merged-1025
Mar 13, 2012
#12 cdn@chromium.org
(No comment was entered for this change.)
Labels: OS-All
Mar 24, 2012
#13 scarybea...@gmail.com
(No comment was entered for this change.)
Labels: CVE-2011-3061
May 15, 2012
#14 cdn@chromium.org
Marking old security bugs Fixed..
Status: Fixed
Oct 13, 2012
#15 bugdro...@chromium.org
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Labels: Restrict-AddIssueComment-Commit
Mar 9, 2013
#16 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: -Type-Security -Area-Internals -Internals-Network-SSL -Internals-Network-Proxy -Internals-Network-SPDY -Mstone-18 -SecSeverity-High -SecImpacts-Stable -SecImpacts-Beta Security-Impact-Stable Security-Impact-Beta Cr-Internals-Network-SSL M-18 Cr-Internals Security-Severity-High Cr-Internals-Network-SPDY Type-Bug-Security Cr-Internals-Network-Proxy
Mar 13, 2013
#17 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: Restrict-View-EditIssue
Mar 13, 2013
#18 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Mar 21, 2013
#19 scarybea...@gmail.com
(No comment was entered for this change.)
Labels: -Restrict-View-SecurityNotify -Restrict-View-EditIssue
Mar 21, 2013
#20 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: -Security-Severity-High Security_Severity-High
Mar 21, 2013
#21 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: -Security-Impact-Stable Security_Impact-Stable
Mar 21, 2013
#22 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: -Security-Impact-Beta Security_Impact-Beta
Sign in to add a comment

Powered by Google Project Hosting