Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4517)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chromecast/browser/url_request_context_factory.cc

Issue 2621083004: Disable Certificate Transparency enforcement for Chromecast. (Closed)
Patch Set: Disable CT enforcement Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromecast/browser/url_request_context_factory.cc
diff --git a/chromecast/browser/url_request_context_factory.cc b/chromecast/browser/url_request_context_factory.cc
index c652065899625ec71293b5293bff8ee79384d50f..ef726e6dd507f6c9f0611c7b02387bd197f94422 100644
--- a/chromecast/browser/url_request_context_factory.cc
+++ b/chromecast/browser/url_request_context_factory.cc
@@ -21,7 +21,8 @@
#include "content/public/common/url_constants.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_policy_enforcer.h"
-#include "net/cert/multi_log_ct_verifier.h"
+#include "net/cert/ct_policy_status.h"
+#include "net/cert/do_nothing_ct_verifier.h"
#include "net/cert_net/nss_ocsp.h"
#include "net/cookies/cookie_store.h"
#include "net/dns/host_resolver.h"
@@ -47,6 +48,28 @@ namespace {
const char kCookieStoreFile[] = "Cookies";
+// A CTPolicyEnforcer that accepts all certificates.
+class IgnoresCTPolicyEnforcer : public net::CTPolicyEnforcer {
+ public:
+ IgnoresCTPolicyEnforcer() = default;
+ ~IgnoresCTPolicyEnforcer() override = default;
+
+ net::ct::CertPolicyCompliance DoesConformToCertPolicy(
+ net::X509Certificate* cert,
+ const net::SCTList& verified_scts,
+ const net::NetLogWithSource& net_log) override {
+ return net::ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;
+ }
+
+ net::ct::EVPolicyCompliance DoesConformToCTEVPolicy(
+ net::X509Certificate* cert,
+ const net::ct::EVCertsWhitelist* ev_whitelist,
+ const net::SCTList& verified_scts,
+ const net::NetLogWithSource& net_log) override {
+ return net::ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY;
+ }
+};
+
} // namespace
// Private classes to expose URLRequestContextGetter that call back to the
@@ -205,8 +228,9 @@ void URLRequestContextFactory::InitializeSystemContextDependencies() {
cert_verifier_ = net::CertVerifier::CreateDefault();
ssl_config_service_ = new net::SSLConfigServiceDefaults;
transport_security_state_.reset(new net::TransportSecurityState());
- cert_transparency_verifier_.reset(new net::MultiLogCTVerifier());
- ct_policy_enforcer_.reset(new net::CTPolicyEnforcer());
+ // Certificate transparency is current disabled for Chromecast.
+ cert_transparency_verifier_.reset(new net::DoNothingCTVerifier());
+ ct_policy_enforcer_.reset(new IgnoresCTPolicyEnforcer());
http_auth_handler_factory_ =
net::HttpAuthHandlerFactory::CreateDefault(host_resolver_.get());
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698