| Index: net/base/cert_verify_proc.cc
|
| diff --git a/net/base/cert_verify_proc.cc b/net/base/cert_verify_proc.cc
|
| index 420a8a53b52e371b4fa65ab3135cd0ecb995f33f..b53dd2eb41bc14d8742078098d0cb7ed3e816fac 100644
|
| --- a/net/base/cert_verify_proc.cc
|
| +++ b/net/base/cert_verify_proc.cc
|
| @@ -82,12 +82,11 @@ int CertVerifyProc::Verify(X509Certificate* cert,
|
| // CRLSet has expired, then enable online revocation checks. If the online
|
| // check fails, EV status won't be shown.
|
| //
|
| - // A possible optimisation is to only enable online revocation checking in
|
| - // the event that the leaf certificate appears to include a EV policy ID.
|
| - // However, it's expected that having a current CRLSet will be very common.
|
| + // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully
|
| + // disable revocation checking.
|
| if ((flags & X509Certificate::VERIFY_EV_CERT) &&
|
| (!crl_set || crl_set->IsExpired())) {
|
| - flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
|
| + flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED_EV_ONLY;
|
| }
|
|
|
| int rv = VerifyInternal(cert, hostname, flags, crl_set, verify_result);
|
|
|
Chromium Code Reviews
Issue 10857020:
Do not perform online revocation checking when the user has explicitly disabled it, except for when… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src