| Index: net/cert/cert_verify_proc_mac.cc
|
| diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc
|
| index ee8b829c55d2c170057caaa07f79634bd91282f9..c6a3f0e37a314f8b93c3cb803ae9358e74f5cdab 100644
|
| --- a/net/cert/cert_verify_proc_mac.cc
|
| +++ b/net/cert/cert_verify_proc_mac.cc
|
| @@ -338,7 +338,11 @@ void GetCandidateEVPolicy(const X509Certificate* cert_input,
|
| for (const der::Input& policy_oid : policies) {
|
| if (metadata->IsEVPolicyOID(policy_oid)) {
|
| *ev_policy_oid = policy_oid.AsString();
|
| - return;
|
| +
|
| + // De-prioritize the CA/Browser forum Extended Validation policy
|
| + // (2.23.140.1.1). See crbug.com/705285.
|
| + if (!EVRootCAMetadata::IsCaBrowserForumEvOid(policy_oid))
|
| + break;
|
| }
|
| }
|
| }
|
|
|
Chromium Code Reviews
Issue 2781093003:
De-prioritize 2.23.140.1.1 when searching for EV policy. (Closed)
