Index: net/cert/cert_verify_proc_mac.cc |
diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc |
index ee8b829c55d2c170057caaa07f79634bd91282f9..c6a3f0e37a314f8b93c3cb803ae9358e74f5cdab 100644 |
--- a/net/cert/cert_verify_proc_mac.cc |
+++ b/net/cert/cert_verify_proc_mac.cc |
@@ -338,7 +338,11 @@ void GetCandidateEVPolicy(const X509Certificate* cert_input, |
for (const der::Input& policy_oid : policies) { |
if (metadata->IsEVPolicyOID(policy_oid)) { |
*ev_policy_oid = policy_oid.AsString(); |
- return; |
+ |
+ // De-prioritize the CA/Browser forum Extended Validation policy |
+ // (2.23.140.1.1). See crbug.com/705285. |
+ if (!EVRootCAMetadata::IsCaBrowserForumEvOid(policy_oid)) |
+ break; |
} |
} |
} |