Chromium Code Reviews Chromium Code Reviews
Issue 2753123002:
Add --ignore-certificate-errors-spki-list switch and UMA histogram. (Closed)
| Index: chrome/browser/io_thread.cc |
| diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc |
| index 11a0084276f89521e4aac2d0632c93fdf5ad31ba..ee77a4691a23036f7b95913db0eb64f2d448ba7f 100644 |
| --- a/chrome/browser/io_thread.cc |
| +++ b/chrome/browser/io_thread.cc |
| @@ -75,6 +75,7 @@ |
| #include "net/cert/ct_log_verifier.h" |
| #include "net/cert/ct_policy_enforcer.h" |
| #include "net/cert/ct_verifier.h" |
| +#include "net/cert/ignore_errors_cert_verifier.h" |
| #include "net/cert/multi_log_ct_verifier.h" |
| #include "net/cert/multi_threaded_cert_verifier.h" |
| #include "net/cert/sth_distributor.h" |
| @@ -581,7 +582,20 @@ void IOThread::Init() { |
| base::MakeUnique<net::MultiThreadedCertVerifier>( |
| new chromeos::CertVerifyProcChromeOS())); |
| #else |
| - globals_->cert_verifier = net::CertVerifier::CreateDefault(); |
| + if (command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)) { |
|
Ryan Sleevi
2017/04/07 16:08:05
I wasn't sure, but I thought you were thinking --u
martinkr
2017/04/07 21:40:57
Yup, forgot about this. Done (and updated the flag
|
| + auto spki_list = |
| + base::SplitString(command_line.GetSwitchValueASCII( |
| + switches::kIgnoreCertificateErrorsSPKIList), |
| + ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); |
| + globals_->cert_verifier = base::MakeUnique<net::IgnoreErrorsCertVerifier>( |
| + net::CertVerifier::CreateDefault(), |
| + net::IgnoreErrorsCertVerifier::MakeWhitelist(spki_list)); |
|
Ryan Sleevi
2017/04/07 16:08:05
This removes the command-line validation aspect, r
martinkr
2017/04/07 21:40:57
MakeWhitelist has the same "validation" as before,
|
| + } else { |
| + globals_->cert_verifier = net::CertVerifier::CreateDefault(); |
| + } |
| + UMA_HISTOGRAM_BOOLEAN( |
| + "Net.Certificate.kIgnoreCertificateErrorsSPKIList", |
| + command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)); |
| #endif |
| globals_->transport_security_state.reset(new net::TransportSecurityState()); |
