Index: net/cert/cert_verify_proc_ios.cc |
diff --git a/net/cert/cert_verify_proc_ios.cc b/net/cert/cert_verify_proc_ios.cc |
index 42746499e3b20f0d2fac4d37dbf30cb7fc3985e8..84ecd2aea84ba31730c706d83dc16c03ed414667 100644 |
--- a/net/cert/cert_verify_proc_ios.cc |
+++ b/net/cert/cert_verify_proc_ios.cc |
@@ -266,6 +266,9 @@ int CertVerifyProcIOS::VerifyInternal( |
GetCertChainInfo(final_chain, verify_result); |
+ // iOS lacks the ability to distinguish built-in versus non-built-in roots, |
+ // so opt to 'fail open' of any restrictive policies that apply to built-in |
+ // roots. |
verify_result->is_issued_by_known_root = false; |
if (IsCertStatusError(verify_result->cert_status)) |