Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1013)

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 1211423002: Ignore certificate transparency by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Consolidate conditionals Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 6186bc2daabf0f0281f3fa34a8fc39e6facec6c6..1f3dd5946282acc0ef21dc7b4992d15d6d6a4d49 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -3127,22 +3127,19 @@ void SSLClientSocketNSS::VerifyCT() {
// TODO(ekasper): wipe stapled_ocsp_response and sct_list_from_tls_extension
// from the state after verification is complete, to conserve memory.
- if (!policy_enforcer_) {
- server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
- } else {
- if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) {
- scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
- SSLConfigService::GetEVCertsWhitelist();
- if (!policy_enforcer_->DoesConformToCTEVPolicy(
- server_cert_verify_result_.verified_cert.get(),
- ev_whitelist.get(), ct_verify_result_, net_log_)) {
- // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766
- VLOG(1) << "EV certificate for "
- << server_cert_verify_result_.verified_cert->subject()
- .GetDisplayName()
- << " does not conform to CT policy, removing EV status.";
- server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
- }
+ if (policy_enforcer_ &&
+ (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) {
+ scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
+ SSLConfigService::GetEVCertsWhitelist();
+ if (!policy_enforcer_->DoesConformToCTEVPolicy(
+ server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(),
+ ct_verify_result_, net_log_)) {
+ // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766
+ VLOG(1) << "EV certificate for "
+ << server_cert_verify_result_.verified_cert->subject()
+ .GetDisplayName()
+ << " does not conform to CT policy, removing EV status.";
+ server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
}
}
}
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698