components/policy/resources/policy_templates.json - Issue 2102783003: Add enterprise policy to exempt hosts from Certificate Transparency

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/policy/resources/policy_templates.json

Issue 2102783003: Add enterprise policy to exempt hosts from Certificate Transparency (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct

Patch Set: Feedback Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/policy/resources/policy_templates.json

diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json

index 59c2422057da7eb8c33a5291ea75cd44fdbbe4e0..abc493f601dd8eb4f7d7be7896ca045586c32880 100644

--- a/components/policy/resources/policy_templates.json

+++ b/components/policy/resources/policy_templates.json

@@ -137,7 +137,7 @@

# persistent IDs for all fields (but not for groups!) are needed. These are

# specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,

# because doing so would break the deployed wire format!

-# For your editing convenience: highest ID currently used: 334

+# For your editing convenience: highest ID currently used: 335

# Placeholders:

# The following placeholder strings are automatically substituted:

@@ -7922,6 +7922,34 @@

Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''',

{

+ 'name': 'CertificateTransparencyEnforcementDisabledForUrls',

+ 'type': 'list',

+ 'schema': {

+ 'type': 'array',

+ 'items': { 'type': 'string' },

+ },

+ 'supported_on': [

+ 'chrome.*:53-',

+ 'chrome_os:53-',

+ 'android:53-',

+ ],

+ 'features': {

+ 'dynamic_refresh': True,

+ 'per_profile': False,

+ },

+ 'example_value': ['example.com', '.example.com'],

+ 'id': 335,

+ 'caption': '''Disable Certificate Transparency enforcement for a list of URLs''',

+ 'tags': ['system-security'],

+ 'desc': '''Disables enforcing Certificate Transparency requirements to the listed URLs.

+ This policy allows certificates for the hostnames in the specified URLs to not be disclosed via Certificate Transparency. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used, but makes it harder to detect misissued certificates for those hosts.

+ A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format. However, because certificates are valid for a given hostname independent of the scheme, port, or path, only the hostname portion of the URL is considered. Wildcard hosts are not supported.

+ If this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed according to the Certificate Transparency policy.''',

+ },

+ {

'name': 'RC4Enabled',

'type': 'main',

'schema': {

« components/certificate_transparency/ct_policy_manager.cc ('K') | « components/components_tests.gyp ('k') | net/http/transport_security_state.h » ('j') | no next file with comments »