[M] Change in dart/sdk[main]: [vm/io] leaf cert in badCertificateCallback
0 views
Skip to first unread message
Kevin Moore (Gerrit)
Jun 22, 2026, 6:36:38 PM (2 days ago) Jun 22
to Alexander Aprelev, Slava Egorov, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Slava Egorov
Kevin Moore voted and added 4 comments![]( "Open in Gerrit")
Votes added by Kevin Moore
| Auto-Submit | +1 |
| Commit-Queue | +1 |
4 comments
Commit Message
Line 7, Patchset 3:
fix(io): pass leaf certificate to badCertificateCallbackSlava Egorov . resolved
Kevin MooreThat's not how we format it
```
[vm/io] ...
```
Done
Line 15, Patchset 3:
leaf certificate) across platforms, and caches approval on SSLFilter to
prevent duplicate invocations per TLS handshake on multi-error chains.Slava Egorov . resolved
Kevin MooreYeah, I think this is suspicious drop caching, the other change looks okay.
Done
Line 18, Patchset 3:
Closes https://github.com/dart-lang/sdk/issues/39425Slava Egorov . resolved
Kevin MooreYou can also mark that it fixes b/521834029
Nope! see the other CL
File runtime/bin/security_context.cc
Line 82, Patchset 3:
filter->set_bad_certificate_approved(true);Slava Egorov . resolved
Kevin MooreThis is some suspicious stuff. What if the same filter is called two times with different certificate chains? I suggest removing `set_bad_certificate_approved` stuff.
Done
Related details
Attention is currently required from:
- Slava Egorov
Submit Requirements:
Code-Owners
Code-Review
Commit-Message-Has-TEST
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Alexander Aprelev (Gerrit)
Jun 22, 2026, 7:08:59 PM (2 days ago) Jun 22
to Kevin Moore, Alexander Aprelev, Slava Egorov, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Kevin Moore and Slava Egorov
Alexander Aprelev added 1 comment![]( "Open in Gerrit")
Commit Message
Slava Egorov . unresolved
Kevin MooreYou can also mark that it fixes b/521834029
Nope! see the other CL
Alexander Aprelev
Sorry about confusion, this is actually correct bug reference. The other one fixes different bug b/524667903.
Related details
Attention is currently required from:
- Kevin Moore
- Slava Egorov
Submit Requirements:
Code-Owners
Code-Review
Commit-Message-Has-TEST
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Kevin Moore (Gerrit)
Jun 22, 2026, 7:20:10 PM (2 days ago) Jun 22
to Alexander Aprelev, Slava Egorov, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Alexander Aprelev and Slava Egorov
Kevin Moore voted and added 1 comment![]( "Open in Gerrit")
Votes added by Kevin Moore
| Auto-Submit | +1 |
1 comment
Commit Message
Slava Egorov . resolved
Kevin MooreYou can also mark that it fixes b/521834029
Alexander AprelevNope! see the other CL
Sorry about confusion, this is actually correct bug reference. The other one fixes different bug b/524667903.
Attention is currently required from:
- Alexander Aprelev
- Slava Egorov
Submit Requirements:
Code-Owners
Code-Review
Commit-Message-Has-TEST
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Kevin Moore (Gerrit)
Jun 22, 2026, 7:22:23 PM (2 days ago) Jun 22
to Alexander Aprelev, Liam Appelbe, Slava Egorov, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Alexander Aprelev, Liam Appelbe and Slava Egorov
Kevin Moore voted Commit-Queue+1![]( "Open in Gerrit")
Attention is currently required from:
- Alexander Aprelev
- Liam Appelbe
- Slava Egorov
Submit Requirements:
Code-Owners
Code-Review
Commit-Message-Has-TEST
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Slava Egorov (Gerrit)
Jun 23, 2026, 3:50:44 AM (yesterday) Jun 23
to Kevin Moore, Alexander Aprelev, Liam Appelbe, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Alexander Aprelev, Kevin Moore and Liam Appelbe
Slava Egorov voted and added 1 comment![]( "Open in Gerrit")
Votes added by Slava Egorov
| Code-Review | +1 |
1 comment
Commit Message
Slava Egorov . unresolved
Kevin MooreYou can also mark that it fixes b/521834029
Alexander AprelevNope! see the other CL
Kevin MooreSorry about confusion, this is actually correct bug reference. The other one fixes different bug b/524667903.
Acknowledged
Slava Egorov
The issue link is wrong in the commit message. b/521834029 is the correct bug.
Related details
Attention is currently required from:
- Alexander Aprelev
- Kevin Moore
- Liam Appelbe
Submit Requirements:
Code-Owners
Code-Review
Commit-Message-Has-TEST
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Kevin Moore (Gerrit)
Jun 23, 2026, 2:48:13 PM (21 hours ago) Jun 23
to Slava Egorov, Alexander Aprelev, Liam Appelbe, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Alexander Aprelev and Liam Appelbe
Kevin Moore voted![]( "Open in Gerrit")
Attention is currently required from:
- Alexander Aprelev
- Liam Appelbe
Submit Requirements:
Code-Owners
Code-Review
Commit-Message-Has-TEST
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Kevin Moore (Gerrit)
Jun 23, 2026, 2:48:35 PM (21 hours ago) Jun 23
to Slava Egorov, Alexander Aprelev, Liam Appelbe, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Alexander Aprelev and Liam Appelbe
Kevin Moore voted and added 1 comment![]( "Open in Gerrit")
Votes added by Kevin Moore
| Commit-Queue | +2 |
1 comment
Commit Message
Slava Egorov . resolved
Kevin MooreYou can also mark that it fixes b/521834029
Alexander AprelevNope! see the other CL
Kevin MooreSorry about confusion, this is actually correct bug reference. The other one fixes different bug b/524667903.
Slava EgorovAcknowledged
The issue link is wrong in the commit message. b/521834029 is the correct bug.
Kevin Moore
Done
Kevin Moore (Gerrit)
Jun 23, 2026, 2:54:23 PM (21 hours ago) Jun 23
to Slava Egorov, Alexander Aprelev, Liam Appelbe, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Alexander Aprelev and Liam Appelbe
Kevin Moore voted![]( "Open in Gerrit")
| Auto-Submit | +1 |
| Commit-Queue | +2 |
Related details
Attention is currently required from:
- Alexander Aprelev
- Liam Appelbe
Submit Requirements:
Code-Owners
Code-Review
Commit-Message-Has-TEST
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Kevin Moore (Gerrit)
Jun 23, 2026, 3:11:51 PM (21 hours ago) Jun 23
to Slava Egorov, Alexander Aprelev, Liam Appelbe, dart-...@luci-project-accounts.iam.gserviceaccount.com, rev...@dartlang.org, vm-...@dartlang.org
Attention needed from Alexander Aprelev and Liam Appelbe
Kevin Moore voted Commit-Queue+2![]( "Open in Gerrit")
| Commit-Queue | +2 |
Related details
Attention is currently required from:
- Alexander Aprelev
- Liam Appelbe
Submit Requirements:
Code-Owners
Code-Review
Commit-Message-Has-TEST
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
dart-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)
Jun 23, 2026, 3:12:08 PM (21 hours ago) Jun 23
to Kevin Moore, Slava Egorov, Alexander Aprelev, Liam Appelbe, rev...@dartlang.org, vm-...@dartlang.org
dart-...@luci-project-accounts.iam.gserviceaccount.com submitted the change![]( "Open in Gerrit")
Unreviewed changes
6 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.
Change information
Commit message:
[vm/io] leaf cert in badCertificateCallback
When BoringSSL certificate verification fails, verification fails at
the intermediate CA or root CA level. Previously, SSLCertContext
passed X509_STORE_CTX_get_current_cert (on Linux/Windows) or the root CA
(on macOS/iOS) to Dart's badCertificateCallback.
This updates SSLCertContext to pass X509_STORE_CTX_get0_cert (the target
leaf certificate) across platforms.
Closes: b/521834029
Tested: ran new and existing tests.
Change-Id: I9542cd68cb2161ae5a6e5570a2899aac6da87763
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/515940
Reviewed-by: Slava Egorov <veg...@google.com>
Commit-Queue: Kevin Moore <kev...@google.com>
Auto-Submit: Kevin Moore <kev...@google.com>
Files:
- M runtime/bin/security_context.cc
- M runtime/bin/security_context_macos.cc
- M tests/standalone/io/https_bad_certificate_test.dart
- A tests/standalone/io/issue_39425_test.dart
Change size: M
Delta: 4 files changed, 181 insertions(+), 20 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Slava Egorov
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages