components/policy/resources/policy_templates.json - Issue 2239963002: Add enterprise policy to allow locally issued SHA-1 certificates.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/policy/resources/policy_templates.json

Issue 2239963002: Add enterprise policy to allow locally issued SHA-1 certificates. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/policy/resources/policy_templates.json

diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json

index 71a5c167f89aef4d1f5ae2cefe68defa2b90ab04..06c30b05359da6d6c14ecef963917642e825e0b6 100644

--- a/components/policy/resources/policy_templates.json

+++ b/components/policy/resources/policy_templates.json

@@ -137,7 +137,7 @@

# persistent IDs for all fields (but not for groups!) are needed. These are

# specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,

# because doing so would break the deployed wire format!

-# For your editing convenience: highest ID currently used: 339

+# For your editing convenience: highest ID currently used: 340

# Placeholders:

# The following placeholder strings are automatically substituted:

@@ -4617,6 +4617,25 @@

If this policy is not set, or it is set to false, then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use the existing online revocation checking settings.''',

{

+ 'name': 'EnableSha1ForLocalAnchors',

+ 'type': 'main',

+ 'schema': { 'type': 'boolean' },

+ 'supported_on': ['chrome.*:54-', 'chrome_os:54-', 'android:54-'],

+ 'features': {

+ 'dynamic_refresh': True,

+ 'per_profile': False,

+ },

+ 'example_value': False,

+ 'id': 340,

+ 'caption': '''Whether SHA-1 signed certificates issued by local trust anchors are allowed''',

+ 'tags': ['system-security'],

+ 'desc': '''When this setting is enabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> allows SHA-1 signed certificates as long as they successfully validate and chain to a locally-installed CA certificates.

+ Note that this policy depends on the operating system certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Further, this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed on or around January 1st 2019.

+ If this policy is not set, or it is set to false, then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> follows the publicly announced SHA-1 deprecation schedule.''',

+ },

+ {

'name': 'ForceEphemeralProfiles',

'type': 'main',

'schema': { 'type': 'boolean' },

« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | components/ssl_config/ssl_config_prefs.h » ('j') | no next file with comments »