| Index: net/socket/ssl_client_socket_nss.cc
|
| diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
|
| index 3fafd73fceb84b22025b410fdf83c3c3058eab36..b21de5b7f2c1b2261f340d12fa2a290cbb93baf5 100644
|
| --- a/net/socket/ssl_client_socket_nss.cc
|
| +++ b/net/socket/ssl_client_socket_nss.cc
|
| @@ -1460,8 +1460,18 @@ int SSLClientSocketNSS::DoVerifyCert(int result) {
|
| }
|
|
|
| int flags = 0;
|
| - if (ssl_config_.rev_checking_enabled)
|
| - flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
|
| + if (ssl_config_.rev_checking_enabled) {
|
| + const std::string& hostname = host_and_port_.host();
|
| + // is_pinned is an approximation but is currently accurate. Even if more
|
| + // pinned sites are added, this errs on the site of caution.
|
| + bool is_pinned = hostname == "google.com" ||
|
| + (hostname.size() > 11 &&
|
| + hostname.rfind(".google.com") == hostname.size() - 11);
|
| + if (!is_pinned ||
|
| + !SSLConfigService::rev_checking_disabled_for_pinned_sites()) {
|
| + flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
|
| + }
|
| + }
|
| if (ssl_config_.verify_ev_cert)
|
| flags |= X509Certificate::VERIFY_EV_CERT;
|
| verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
|
|
|
Chromium Code Reviews
Issue 7113008:
Add revocation checking field trial. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src