Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(483)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/policy/resources/policy_templates.json

Issue 2239963002: Add enterprise policy to allow locally issued SHA-1 certificates. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | components/ssl_config/ssl_config_prefs.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/policy/resources/policy_templates.json
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index 71a5c167f89aef4d1f5ae2cefe68defa2b90ab04..5f0021395a07453756764b57bd06087a437dd912 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -137,7 +137,7 @@
# persistent IDs for all fields (but not for groups!) are needed. These are
# specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
# because doing so would break the deployed wire format!
-# For your editing convenience: highest ID currently used: 339
+# For your editing convenience: highest ID currently used: 340
#
# Placeholders:
# The following placeholder strings are automatically substituted:
@@ -4617,6 +4617,25 @@
If this policy is not set, or it is set to false, then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use the existing online revocation checking settings.''',
},
{
+ 'name': 'EnableSha1ForLocalAnchors',
+ 'type': 'main',
+ 'schema': { 'type': 'boolean' },
+ 'supported_on': ['chrome.*:54-', 'chrome_os:54-', 'android:54-'],
+ 'features': {
+ 'dynamic_refresh': True,
+ 'per_profile': False,
+ },
+ 'example_value': False,
+ 'id': 340,
+ 'caption': '''Whether SHA-1 signed certificates issued by local trust anchors are allowed''',
+ 'tags': ['system-security'],
+ 'desc': '''When this setting is enabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will allow SHA-1 signed certificates as long as they successfully validate and chain to a locally-installed CA certificates.
Thiemo Nagel 2016/08/12 13:12:44 Style nit: I'd suggest to use present tense.
mattm 2016/08/12 20:48:14 Done.
+
+ Note that this policy depends on the operating system certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Further, this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed on or around January 1st 2019.
+
+ If this policy is not set, or it is set to false, then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will follow the publicly announced SHA-1 deprecation schedule.''',
Thiemo Nagel 2016/08/12 13:12:45 Same here, suggest to use present tense.
mattm 2016/08/12 20:48:14 Done.
+ },
+ {
'name': 'ForceEphemeralProfiles',
'type': 'main',
'schema': { 'type': 'boolean' },
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | components/ssl_config/ssl_config_prefs.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698