Index: chrome/browser/io_thread.cc |
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc |
index 11a0084276f89521e4aac2d0632c93fdf5ad31ba..8ef4bcf341866b58a2bc91d96e08df8fd5612faf 100644 |
--- a/chrome/browser/io_thread.cc |
+++ b/chrome/browser/io_thread.cc |
@@ -39,6 +39,7 @@ |
#include "chrome/browser/net/dns_probe_service.h" |
#include "chrome/browser/net/proxy_service_factory.h" |
#include "chrome/browser/net/sth_distributor_provider.h" |
+#include "chrome/browser/ssl/ignore_errors_cert_verifier.h" |
#include "chrome/common/channel_info.h" |
#include "chrome/common/chrome_content_client.h" |
#include "chrome/common/chrome_switches.h" |
@@ -581,7 +582,21 @@ void IOThread::Init() { |
base::MakeUnique<net::MultiThreadedCertVerifier>( |
new chromeos::CertVerifyProcChromeOS())); |
#else |
- globals_->cert_verifier = net::CertVerifier::CreateDefault(); |
+ if (command_line.HasSwitch(switches::kUserDataDir) && |
+ command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)) { |
+ auto spki_list = |
+ base::SplitString(command_line.GetSwitchValueASCII( |
+ switches::kIgnoreCertificateErrorsSPKIList), |
+ ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); |
+ globals_->cert_verifier = base::MakeUnique<IgnoreErrorsCertVerifier>( |
+ net::CertVerifier::CreateDefault(), |
+ IgnoreErrorsCertVerifier::MakeWhitelist(spki_list)); |
+ } else { |
+ globals_->cert_verifier = net::CertVerifier::CreateDefault(); |
+ } |
+ UMA_HISTOGRAM_BOOLEAN( |
+ "Net.Certificate.kIgnoreCertificateErrorsSPKIList", |
+ command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)); |
#endif |
globals_->transport_security_state.reset(new net::TransportSecurityState()); |