关于Chrome 17/18/19 EV SSL证书(绿色地址栏)乱码问题

  最近升级Chrome(谷歌浏览器)到目前最新稳定版本17.0.963.46 m,结果通过HTTPS访问使用了SSL EV证书(非英文)的网站时“绿色地址栏效果”出现了乱码! 目前国内各大银行虽然也有通过SSL EV证书的绿色地址栏提高网站安全性,很直观的向来访者展示网站身份,防止钓鱼网站;但是都爱走国际路线–基本上都是英文名称,这样却不方便国内网民去识别其身份,不过这次他们幸运的逃过了此劫…

反映问题

  通过Chrome的“工具” -> “报告问题” 提交问题后,也不知道提交到哪了(问题列表中也没看到http://code.google.com/p/chromium/issues/list)。

查找问题

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
string16 ToolbarModel::GetEVCertName() const {
DCHECK_EQ(GetSecurityLevel(), EV_SECURE);
scoped_refptr cert;
// Note: Navigation controller and active entry are guaranteed non-NULL or
// the security level would be NONE.
CertStore::GetInstance()->RetrieveCert(
GetNavigationController()->GetVisibleEntry()->GetSSL().cert_id, &cert);
return GetEVCertName(*cert);
}

// static
string16 ToolbarModel::GetEVCertName(const net::X509Certificate& cert) {
// EV are required to have an organization name and country.
if (cert.subject().organization_names.empty() ||
cert.subject().country_name.empty()) {
NOTREACHED();
return string16();
}

return l10n_util::GetStringFUTF16(
IDS_SECURE_CONNECTION_EV,
UTF8ToUTF16(cert.subject().organization_names[0]),
UTF8ToUTF16(cert.subject().country_name));
}

2012/02/15:

今天再去问题列表中查看,发现也有人提交了相同的问题(http://code.google.com/p/chromium/issues/detail?id=114168)。

这次确定问题大概是 http://codereview.chromium.org/9358080/diff/1/net/base/x509_certificate_win.cc 中的 GetAttributeValue函数使用了 CertRDNValueToStrA导致的!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
// Converts the value for |attribute| to an ASCII string, storing the result    
// in |value|. Returns false if the string cannot be converted.
bool GetAttributeValue(PCERT_RDN_ATTR attribute,
std::string* value) {
DWORD bytes_needed = CertRDNValueToStrA(attribute->dwValueType,
&attribute->Value, NULL, 0);
if (bytes_needed == 0)
return false;
if (bytes_needed == 1) {
// The value is actually an empty string (bytes_needed includes a single
// byte for a NULL value). Don't bother converting - just clear the
// string.
value->clear();
return true;
}
DWORD bytes_written = CertRDNValueToStrA(
attribute->dwValueType, &attribute->Value,
WriteInto(value, bytes_needed), bytes_needed);
if (bytes_written

问题出现在这次的修改:http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate_win.cc?r1=112005&r2=112650

相关补丁

  主要修复:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
// Converts the value for |attribute| to an UTF-8 string, storing the result
// in |value|. Returns false if the string cannot be converted.
bool GetAttributeValue(PCERT_RDN_ATTR attribute,
std::string* value) {
DWORD chars_needed = CertRDNValueToStrW(attribute->dwValueType,
&attribute->Value, NULL, 0);
if (chars_needed == 0)
return false;
if (chars_needed == 1) {
// The value is actually an empty string (chars_needed includes a single
// char for a NULL value). Don't bother converting - just clear the
// string.
value->clear();
return true;
}
std::wstring wide_name;
DWORD chars_written = CertRDNValueToStrW(
attribute->dwValueType, &attribute->Value,
WriteInto(&wide_name, chars_needed), chars_needed);
if (chars_written

http://codereview.chromium.org/9358080/