Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(150)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/policy/resources/policy_templates.json

Issue 2719273002: Disable commonName matching for certificates (Closed)
Patch Set: Update keychains Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | components/ssl_config/ssl_config_prefs.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 { 1 {
2 # policy_templates.json - Metafile for policy templates 2 # policy_templates.json - Metafile for policy templates
3 # 3 #
4 # The content of this file is evaluated as a Python expression. 4 # The content of this file is evaluated as a Python expression.
5 # 5 #
6 # This file is used as input to generate the following policy templates: 6 # This file is used as input to generate the following policy templates:
7 # ADM, ADMX+ADML, MCX/plist and html documentation. 7 # ADM, ADMX+ADML, MCX/plist and html documentation.
8 # 8 #
9 # Policy templates are user interface definitions or documents about the 9 # Policy templates are user interface definitions or documents about the
10 # policies that can be used to configure Chrome. Each policy is a name-value 10 # policies that can be used to configure Chrome. Each policy is a name-value
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 # templates and documentation. The policy definition list that Chrome sees 132 # templates and documentation. The policy definition list that Chrome sees
133 # will include policies marked with 'future'. If a WIP policy isn't meant to 133 # will include policies marked with 'future'. If a WIP policy isn't meant to
134 # be seen by the policy providers either, the 'supported_on' key should be set 134 # be seen by the policy providers either, the 'supported_on' key should be set
135 # to an empty list. 135 # to an empty list.
136 # 136 #
137 # IDs: 137 # IDs:
138 # Since a Protocol Buffer definition is generated from this file, unique and 138 # Since a Protocol Buffer definition is generated from this file, unique and
139 # persistent IDs for all fields (but not for groups!) are needed. These are 139 # persistent IDs for all fields (but not for groups!) are needed. These are
140 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, 140 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
141 # because doing so would break the deployed wire format! 141 # because doing so would break the deployed wire format!
142 # For your editing convenience: highest ID currently used: 365 142 # For your editing convenience: highest ID currently used: 366
143 # And don't forget to also update the EnterprisePolicies enum of 143 # And don't forget to also update the EnterprisePolicies enum of
144 # histograms.xml (run tools/metrics/histograms/update_policies.py). 144 # histograms.xml (run tools/metrics/histograms/update_policies.py).
145 # 145 #
146 # Placeholders: 146 # Placeholders:
147 # The following placeholder strings are automatically substituted: 147 # The following placeholder strings are automatically substituted:
148 # $1 -> Google Chrome / Chromium 148 # $1 -> Google Chrome / Chromium
149 # $2 -> Google Chrome OS / Chromium OS 149 # $2 -> Google Chrome OS / Chromium OS
150 # $3 -> Google Chrome Frame / Chromium Frame 150 # $3 -> Google Chrome Frame / Chromium Frame
151 # $6 is reserved for doc_writer 151 # $6 is reserved for doc_writer
152 # 152 #
(...skipping 4690 matching lines...) Expand 10 before | Expand all | Expand 10 after
4843 'id': 340, 4843 'id': 340,
4844 'caption': '''Whether SHA-1 signed certificates issued by local trust anch ors are allowed''', 4844 'caption': '''Whether SHA-1 signed certificates issued by local trust anch ors are allowed''',
4845 'tags': ['system-security'], 4845 'tags': ['system-security'],
4846 'desc': '''When this setting is enabled, <ph name="PRODUCT_NAME">$1<ex>Goo gle Chrome</ex></ph> allows SHA-1 signed certificates as long as they successful ly validate and chain to a locally-installed CA certificates. 4846 'desc': '''When this setting is enabled, <ph name="PRODUCT_NAME">$1<ex>Goo gle Chrome</ex></ph> allows SHA-1 signed certificates as long as they successful ly validate and chain to a locally-installed CA certificates.
4847 4847
4848 Note that this policy depends on the operating system certificate verifica tion stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Further, this polic y is intended as a temporary workaround to give enterprises more time to move aw ay from SHA-1. This policy will be removed on or around January 1st 2019. 4848 Note that this policy depends on the operating system certificate verifica tion stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Further, this polic y is intended as a temporary workaround to give enterprises more time to move aw ay from SHA-1. This policy will be removed on or around January 1st 2019.
4849 4849
4850 If this policy is not set, or it is set to false, then <ph name="PRODUCT_N AME">$1<ex>Google Chrome</ex></ph> follows the publicly announced SHA-1 deprecat ion schedule.''', 4850 If this policy is not set, or it is set to false, then <ph name="PRODUCT_N AME">$1<ex>Google Chrome</ex></ph> follows the publicly announced SHA-1 deprecat ion schedule.''',
4851 }, 4851 },
4852 { 4852 {
4853 'name': 'EnableCommonNameFallbackForLocalAnchors',
4854 'type': 'main',
4855 'schema': { 'type': 'boolean' },
4856 'supported_on': ['chrome.*:58-65', 'chrome_os:58-65', 'android:54-65'],
mattm 2017/03/02 01:56:47 should android be 58-65 also?
4857 'features': {
4858 'dynamic_refresh': True,
4859 'per_profile': False,
4860 },
4861 'example_value': False,
4862 'id': 366,
4863 'caption': '''Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension''',
4864 'tags': ['system-security'],
4865 'desc': '''When this setting is enabled, <ph name="PRODUCT_NAME">$1<ex>Goo gle Chrome</ex></ph> will use the commonName of a server certificate to match a hostname if the certificate is missing a subjectAlternativeName extension, as lo ng as it successfully validates and chains to a locally-installed CA certificate s.
4866
4867 Note that this is not recommended, as this may allow bypassing the nameCon straints extension that restricts the hostnames that a given certificate can be authorized for.
4868
4869 If this policy is not set, server certificates that lack a subjectAlternat iveName extension containing either a DNS name or IP address will not be trusted .''',
4870 },
4871 {
4853 'name': 'ForceEphemeralProfiles', 4872 'name': 'ForceEphemeralProfiles',
4854 'type': 'main', 4873 'type': 'main',
4855 'schema': { 'type': 'boolean' }, 4874 'schema': { 'type': 'boolean' },
4856 'supported_on': ['chrome.*:32-'], 4875 'supported_on': ['chrome.*:32-'],
4857 'features': { 4876 'features': {
4858 'dynamic_refresh': False, 4877 'dynamic_refresh': False,
4859 'per_profile': True, 4878 'per_profile': True,
4860 }, 4879 },
4861 'example_value': True, 4880 'example_value': True,
4862 'id': 245, 4881 'id': 245,
(...skipping 4861 matching lines...) Expand 10 before | Expand all | Expand 10 after
9724 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', 9743 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''',
9725 'text': 'Default Settings (users can override)', 9744 'text': 'Default Settings (users can override)',
9726 }, 9745 },
9727 'doc_complex_policies_on_windows': { 9746 'doc_complex_policies_on_windows': {
9728 'desc': '''Text pointing the user to a help article for complex policies o n Windows''', 9747 'desc': '''Text pointing the user to a help article for complex policies o n Windows''',
9729 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '', 9748 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '',
9730 }, 9749 },
9731 }, 9750 },
9732 'placeholders': [], 9751 'placeholders': [],
9733 } 9752 }
OLDNEW
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | components/ssl_config/ssl_config_prefs.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698