[go: nahoru, domu]
Google Git
Sign in
chromium / chromium / src / 8f7c0162fae57fc05eed170eb5f2d8a3a81801ce
commit8f7c0162fae57fc05eed170eb5f2d8a3a81801ce[log] [tgz]
authorRyan Sleevi <rsleevi@chromium.org>Thu Feb 25 20:30:30 2021
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Feb 25 20:30:30 2021
treec141996e77b60a7bade4ba7486c9b6aeb4e8a6b3
parent07483973bbb1757c7494fc21bc8beb63b4e582f9 [diff]
Better adhere to the Get rule with SecTrustGetCertificateAtIndex

The Get rule [1] says that, if unretained, objects returned from Get
functions may be released when the owning object changes.
Although historically SecTrustGetCertificateAtIndex has not caused
mutation to the SecTrust, it is allowed to. Defensively pass
SecCertificateRef around as CFTypeRef<SecCertificateRef>, so we
make fewer assumptions on SecTrust methods.

If SecTrustGetCertificateAtIndex causes a re-evaluation, this can
block the calling thread, and potentially result in a confusing
chain in which one or more of the certs were from the 'first'
validation and one or more are from the 'second' validation, but
this is otherwise unavoidable, because there's not a one-shot API
to get the entire chain.

[1] https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html

Bug: 1180744
Change-Id: I4d8e5ccfe135c7d1a4a5c619451817d7fef28ae1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2717659
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Rohit Rao <rohitrao@chromium.org>
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#857810}
11 files changed
tree: c141996e77b60a7bade4ba7486c9b6aeb4e8a6b3
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. codelabs/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. weblayer/
  53. .clang-format
  54. .clang-tidy
  55. .eslintrc.js
  56. .git-blame-ignore-revs
  57. .gitattributes
  58. .gitignore
  59. .gn
  60. .vpython
  61. .vpython3
  62. .yapfignore
  63. AUTHORS
  64. BUILD.gn
  65. CODE_OF_CONDUCT.md
  66. codereview.settings
  67. DEPS
  68. DIR_METADATA
  69. ENG_REVIEW_OWNERS
  70. LICENSE
  71. LICENSE.chromium_os
  72. OWNERS
  73. PRESUBMIT.py
  74. PRESUBMIT_test.py
  75. PRESUBMIT_test_mocks.py
  76. README.md
  77. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.