From 9a7cfc42aa085113fa6f8f1b2051482da704c4c2 Mon Sep 17 00:00:00 2001 From: Jeremy Rose Date: Mon, 29 Mar 2021 15:35:12 -0700 Subject: [PATCH] fix: put RemoteCertVerifier upstream from the caching and coalescing layers (#28358) --- .../expose_setuseragent_on_networkcontext.patch | 2 +- ...w_remote_certificate_verification_logic.patch | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/patches/chromium/expose_setuseragent_on_networkcontext.patch b/patches/chromium/expose_setuseragent_on_networkcontext.patch index 061806427fd..892a1dc10f8 100644 --- a/patches/chromium/expose_setuseragent_on_networkcontext.patch +++ b/patches/chromium/expose_setuseragent_on_networkcontext.patch @@ -33,7 +33,7 @@ index 0ccfe130f00ec3b6c75cd8ee04d5a2777e1fd00c..653829457d58bf92057cc36aa8a28970 DISALLOW_COPY_AND_ASSIGN(StaticHttpUserAgentSettings); }; diff --git a/services/network/network_context.cc b/services/network/network_context.cc -index 67986e284434115debf6a638b62c9585ac207c1d..ef64b8ab03b39066e1332cb6859c0012dc86e551 100644 +index 1e220456a91ce81a994c611d9ef8efed88846bc0..d2dcb8d7f18e737a75659e103f760e43bb1d7ff3 100644 --- a/services/network/network_context.cc +++ b/services/network/network_context.cc @@ -1128,6 +1128,13 @@ void NetworkContext::SetNetworkConditions( diff --git a/patches/chromium/network_service_allow_remote_certificate_verification_logic.patch b/patches/chromium/network_service_allow_remote_certificate_verification_logic.patch index 6e02b00ee31..9b2395e9a26 100644 --- a/patches/chromium/network_service_allow_remote_certificate_verification_logic.patch +++ b/patches/chromium/network_service_allow_remote_certificate_verification_logic.patch @@ -7,7 +7,7 @@ This adds a callback from the network service that's used to implement session.setCertificateVerifyCallback. diff --git a/services/network/network_context.cc b/services/network/network_context.cc -index dc1d135df68e8f11619faffb57dfd38b41bc06d1..67986e284434115debf6a638b62c9585ac207c1d 100644 +index dc1d135df68e8f11619faffb57dfd38b41bc06d1..1e220456a91ce81a994c611d9ef8efed88846bc0 100644 --- a/services/network/network_context.cc +++ b/services/network/network_context.cc @@ -117,6 +117,11 @@ @@ -116,16 +116,16 @@ index dc1d135df68e8f11619faffb57dfd38b41bc06d1..67986e284434115debf6a638b62c9585 void NetworkContext::CreateURLLoaderFactory( mojo::PendingReceiver receiver, mojom::URLLoaderFactoryParamsPtr params) { -@@ -1917,6 +2002,9 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext( - std::move(cert_verifier)); - cert_verifier = base::WrapUnique(cert_verifier_with_trust_anchors_); - #endif // BUILDFLAG(IS_CHROMEOS_ASH) +@@ -1900,6 +1985,9 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext( + std::move(cert_verifier), std::move(ct_verifier)); + } + #endif // BUILDFLAG(IS_CT_SUPPORTED) + auto remote_cert_verifier = std::make_unique(std::move(cert_verifier)); + remote_cert_verifier_ = remote_cert_verifier.get(); -+ cert_verifier = std::make_unique(std::move(remote_cert_verifier)); - } ++ cert_verifier = std::move(remote_cert_verifier); - builder.SetCertVerifier(IgnoreErrorsCertVerifier::MaybeWrapCertVerifier( + // Whether the cert verifier is remote or in-process, we should wrap it in + // caching and coalescing layers to avoid extra verifications and IPCs. diff --git a/services/network/network_context.h b/services/network/network_context.h index 102548a7f132cd1f7d46421fc2ae941dbff7c29d..34281acc5a2dece3b84666b25f4af423a04bf8df 100644 --- a/services/network/network_context.h