Chromium Code Reviews Chromium Code Reviews
Issue 143183007:
Update policy signature verification to include policy domain. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/chromeos/settings/session_manager_operation.cc |
| diff --git a/chrome/browser/chromeos/settings/session_manager_operation.cc b/chrome/browser/chromeos/settings/session_manager_operation.cc |
| index d7f994c83f80f52730311eb322fb77ed8f20f761..74efda9fe47dafdd00e90f4d6dd98202462cc565 100644 |
| --- a/chrome/browser/chromeos/settings/session_manager_operation.cc |
| +++ b/chrome/browser/chromeos/settings/session_manager_operation.cc |
| @@ -182,8 +182,10 @@ void SessionManagerOperation::ValidateDeviceSettings( |
| policy::CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED); |
| validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType); |
| validator->ValidatePayload(); |
| + // We don't check the DMServer verification key below, because the signing |
| + // key is validated when it is installed. |
|
palmer
2014/02/14 21:52:48
What is the harm of checking it again?
Andrew T Wilson (Slow)
2014/02/17 17:28:40
None, really - I've also spoken with mnissler abou
|
| validator->ValidateSignature(owner_key_->public_key_as_string(), |
| - policy::GetPolicyVerificationKey(), |
| + std::string(), // No key validation check. |
| std::string(), |
| false); |
| validator->StartValidation( |
