components/cronet/android/api/src/org/chromium/net/CronetEngine.java - Issue 2117763004: Revert of Enable public key pinning of local trust anchors

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/cronet/android/api/src/org/chromium/net/CronetEngine.java

Issue 2117763004: Revert of Enable public key pinning of local trust anchors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/cronet/android/api/src/org/chromium/net/CronetEngine.java

diff --git a/components/cronet/android/api/src/org/chromium/net/CronetEngine.java b/components/cronet/android/api/src/org/chromium/net/CronetEngine.java

index f3638a27e98cb234e00dafe8fd074d03cda62f84..bd2f22401d9ab8dbdfe910ae5d20fab1eb00a4ef 100644

--- a/components/cronet/android/api/src/org/chromium/net/CronetEngine.java

+++ b/components/cronet/android/api/src/org/chromium/net/CronetEngine.java

@@ -102,8 +102,7 @@

// See setters below for verbose descriptions.

private final Context mContext;

private final List<QuicHint> mQuicHints = new LinkedList<QuicHint>();

- private final List<Pkp> mPkps = new LinkedList<>();

- private boolean mPublicKeyPinningBypassForLocalTrustAnchorsEnabled;

+ private final List<Pkp> mPkps = new LinkedList<Pkp>();

private String mUserAgent;

private String mStoragePath;

private boolean mLegacyModeEnabled;

@@ -136,7 +135,6 @@

enableSDCH(false);

enableHttpCache(HTTP_CACHE_DISABLED, 0);

enableNetworkQualityEstimator(false);

- enablePublicKeyPinningBypassForLocalTrustAnchors(true);

}

/**

@@ -546,28 +544,6 @@

}

/**

- * Enables or disables public key pinning bypass for local trust anchors. Disabling the

- * bypass for local trust anchors is highly discouraged since it may prohibit the app

- * from communicating with the pinned hosts. E.g., a user may want to send all traffic

- * through an SSL enabled proxy by changing the device proxy settings and adding the

- * proxy certificate to the list of local trust anchor. Disabling the bypass will most

- * likly prevent the app from sending any traffic to the pinned hosts. For more

- * information see 'How does key pinning interact with local proxies and filters?' at

- * https://www.chromium.org/Home/chromium-security/security-faq

- *

- * @param value {@code true} to enable the bypass, {@code false} to disable.

- * @return the builder to facilitate chaining.

- */

- public Builder enablePublicKeyPinningBypassForLocalTrustAnchors(boolean value) {

- mPublicKeyPinningBypassForLocalTrustAnchorsEnabled = value;

- return this;

- }

- boolean publicKeyPinningBypassForLocalTrustAnchorsEnabled() {

- return mPublicKeyPinningBypassForLocalTrustAnchorsEnabled;

- }

- /**

* Checks whether a given string represents a valid host name for PKP and converts it

* to ASCII Compatible Encoding representation according to RFC 1122, RFC 1123 and

* RFC 3490. This method is more restrictive than required by RFC 7469. Thus, a host

« no previous file with comments | « no previous file | components/cronet/android/cronet_url_request_context_adapter.cc » ('j') | no next file with comments »