Index: chrome/browser/io_thread.cc |
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc |
index 11a0084276f89521e4aac2d0632c93fdf5ad31ba..328c4ae0460bf06636c0b5001ee0cadb2a78a79b 100644 |
--- a/chrome/browser/io_thread.cc |
+++ b/chrome/browser/io_thread.cc |
@@ -1024,6 +1024,26 @@ void IOThread::ConfigureParamsFromFieldTrialsAndCommandLine( |
if (command_line.HasSwitch(switches::kEnableUserAlternateProtocolPorts)) { |
params->enable_user_alternate_protocol_ports = true; |
} |
+ if (command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)) { |
+ std::string spki_list = command_line.GetSwitchValueASCII( |
+ switches::kIgnoreCertificateErrorsSPKIList); |
+ for (const std::string& spki : base::SplitString( |
+ spki_list, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) { |
+ net::HashValue hash; |
+ if (!hash.FromString("sha256/" + spki)) { |
+ LOG(ERROR) << "Invalid SPKI in --ignore-certificate-errors-spki-list: " |
+ << spki; |
+ } else { |
+ net::SHA256HashValue hv; |
+ DCHECK_EQ(hash.size(), sizeof(hv)); |
+ memcpy(&hv, hash.data(), sizeof(hv)); |
+ params->ignore_certificate_error_spki_set.insert(hv); |
+ } |
+ } |
+ } |
Ryan Sleevi
2017/03/30 15:12:09
So a thought - if we didn't want to plumb the SPKI
martinkr
2017/03/30 17:33:38
Yeah, I think it would also be easier to understan
|
+ UMA_HISTOGRAM_BOOLEAN( |
+ "Net.Certificate.kIgnoreCertificateErrorsSPKIList", |
+ command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)); |
if (command_line.HasSwitch(switches::kIgnoreCertificateErrors)) { |
params->ignore_certificate_errors = true; |
} |