Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(491)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/policy/resources/policy_templates.json

Issue 2087743002: Add Enterprise Policy for whitelisting hosts as exempt from CT (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@symantec_ct
Patch Set: Rebased Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/policy/resources/policy_templates.json
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index 59c2422057da7eb8c33a5291ea75cd44fdbbe4e0..866bcd2080d3e3a3c213e978d899b7291e2d557f 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -137,7 +137,7 @@
# persistent IDs for all fields (but not for groups!) are needed. These are
# specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
# because doing so would break the deployed wire format!
-# For your editing convenience: highest ID currently used: 334
+# For your editing convenience: highest ID currently used: 335
#
# Placeholders:
# The following placeholder strings are automatically substituted:
@@ -7922,6 +7922,34 @@
Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''',
},
{
+ 'name': 'CertificateTransparencyEnforcementDisabledForUrls',
+ 'type': 'list',
+ 'schema': {
+ 'type': 'array',
+ 'items': { 'type': 'string' },
+ },
+ 'supported_on': [
+ 'chrome.*:53-',
+ 'chrome_os:53-',
+ 'android:53-',
+ ],
+ 'features': {
+ 'dynamic_refresh': True,
+ 'per_profile': False,
+ },
+ 'example_value': ['example.com', '.example.com'],
+ 'id': 335,
+ 'caption': '''Disable Certificate Transparency enforcement for a list of URLs''',
+ 'tags': ['system-security'],
+ 'desc': '''Disables enforcing Certificate Transparency requirements to the listed URLs.
+
+ This policy allows certificates for the hostnames in the specified URLs to not be disclosed via Certificate Transparency. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used, but makes it harder to detect misissued certificates for those hosts.
+
+ A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format, but because certificates are valid for any port and path on the server, only the hostname will be considered.
+
+ If this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed.''',
+ },
+ {
'name': 'RC4Enabled',
'type': 'main',
'schema': {
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698