Add enterprise policy to allow locally issued SHA-1 certificates.

net/ssl/ssl_config.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SSL_SSL_CONFIG_H_
 #define NET_SSL_SSL_CONFIG_H_
 
 #include <stdint.h>
 
 #include "base/memory/ref_counted.h"
@@ skipping 64 matching lines @@
 
   // rev_checking_required_local_anchors is true if revocation checking is
   // required to succeed when certificates chain to local trust anchors (that
   // is, non-public CAs). If revocation information cannot be obtained, such
   // certificates will be treated as revoked ("hard-fail").
   // Note: This is distinct from rev_checking_enabled. If true, it is
   // equivalent to also setting rev_checking_enabled, but only when the
   // certificate chain chains to a local (non-public) trust anchor.
   bool rev_checking_required_local_anchors;
 
+  // sha1_local_anchors_enabled is true if SHA-1 signed certificates issued by a
+  // local (non-public) trust anchor should be allowed.
+  bool sha1_local_anchors_enabled;
+
   // The minimum and maximum protocol versions that are enabled.
   // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.)
   // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it
   // means no protocol versions are enabled.
   uint16_t version_min;
   uint16_t version_max;
 
   // version_fallback_min contains the minimum version that is acceptable to
   // fallback to. Versions before this may be tried to see whether they would
   // have succeeded and thus to give a better message to the user, but the
@@ skipping 92 matching lines @@
   // The list of application-level protocols to enable renegotiation for.
   NextProtoVector renego_allowed_for_protos;
 
   scoped_refptr<X509Certificate> client_cert;
   scoped_refptr<SSLPrivateKey> client_private_key;
 };
 
 }  // namespace net
 
 #endif  // NET_SSL_SSL_CONFIG_H_