Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(775)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/x509_util_mac.cc

Issue 2368453002: Hack for AIA fetching on Mac Sierra: On >=10.12, always do FETCH_CRL_FROM_NET if adding a crl polic… (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/x509_util_mac.cc
diff --git a/net/cert/x509_util_mac.cc b/net/cert/x509_util_mac.cc
index 7971a733af07cbc3855ac9e1e649911f47a552bb..10dc4364e998f67202d7d5ddc2fd07f59906cc1b 100644
--- a/net/cert/x509_util_mac.cc
+++ b/net/cert/x509_util_mac.cc
@@ -5,6 +5,7 @@
#include "net/cert/x509_util_mac.h"
#include "base/logging.h"
+#include "base/mac/mac_util.h"
#include "third_party/apple_apsl/cssmapplePriv.h"
namespace net {
@@ -100,7 +101,9 @@ OSStatus CreateRevocationPolicies(bool enable_revocation_checking,
// online revocation checking. Note that, as of OS X 10.7.2, the system
// will set force this flag on according to system policies, so
// online revocation checks cannot be completely disabled.
- if (enable_revocation_checking)
+ // Starting with OS X 10.12, if a CRL policy is added without the
+ // FETCH_CRL_FROM_NET flag, AIA fetching is disabled.
+ if (enable_revocation_checking || base::mac::IsAtLeastOS10_12())
tp_crl_options.CrlFlags = CSSM_TP_ACTION_FETCH_CRL_FROM_NET;
SecPolicyRef crl_policy;
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698