net/base/cert_verify_proc.cc - Issue 10857020: Do not perform online revocation checking when the user has explicitly disabled it, except for when… - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(349)

My Issues | Starred Open | Closed | All

Unified Diff: net/base/cert_verify_proc.cc

Issue 10857020: Do not perform online revocation checking when the user has explicitly disabled it, except for when… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Review feedback Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « chrome/browser/ui/cocoa/certificate_viewer_mac.mm ('k') | net/base/cert_verify_proc_mac.cc » ('j') | net/base/x509_certificate.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/base/cert_verify_proc.cc

diff --git a/net/base/cert_verify_proc.cc b/net/base/cert_verify_proc.cc

index 420a8a53b52e371b4fa65ab3135cd0ecb995f33f..b53dd2eb41bc14d8742078098d0cb7ed3e816fac 100644

--- a/net/base/cert_verify_proc.cc

+++ b/net/base/cert_verify_proc.cc

@@ -82,12 +82,11 @@ int CertVerifyProc::Verify(X509Certificate* cert,

// CRLSet has expired, then enable online revocation checks. If the online

// check fails, EV status won't be shown.

//

- // A possible optimisation is to only enable online revocation checking in

- // the event that the leaf certificate appears to include a EV policy ID.

- // However, it's expected that having a current CRLSet will be very common.

+ // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully

+ // disable revocation checking.

if ((flags & X509Certificate::VERIFY_EV_CERT) &&

(!crl_set || crl_set->IsExpired())) {

- flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;

+ flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED_EV_ONLY;

}

int rv = VerifyInternal(cert, hostname, flags, crl_set, verify_result);

« no previous file with comments | « chrome/browser/ui/cocoa/certificate_viewer_mac.mm ('k') | net/base/cert_verify_proc_mac.cc » ('j') | net/base/x509_certificate.h » ('J')

Powered by Google App Engine

This is Rietveld 408576698