DescriptionDo not use cert_pi_useAIACertFetch by default. Use it only
when we are likely to be missing intermediate CA certificates.
Work around the SEC_ERROR_POLICY_VALIDATION_FAILED error from
CERT_PKIXVerifyCert by retrying CERT_PKIXVerifyCert with the
certificate policy in the certificate.
Map SEC_ERROR_POLICY_VALIDATION_FAILED to ERR_CERT_INVALID
if we can't work around the error.
Start the migration away from test_certificate_data.h to the
certificate files in the src/net/data/ssl/certificates
directory.
R=eroman
BUG=31497, 30891, 37549
TEST=A new unit test. To verify the fix for issue 31497
manually, must install the "DoD Root CA 2" certificate first
(see comment 9 of bug 31497).
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=42118
Patch Set 1 #Patch Set 2 : Polished and ready for review. #Patch Set 3 : Add a unit test #Patch Set 4 : Minor fixes. #
Total comments: 3
Patch Set 5 : '' #
Total comments: 2
Patch Set 6 : Use std::vector like a real C++ programmer. More refactoring. Disable new unit test for Mac. #Patch Set 7 : Use std::vector like a real C++ programmer. More refactoring. Disable new unit test for Mac. #Patch Set 8 : Better workaround #Patch Set 9 : New workaround doesn't work in some cases. Revert to Patch Set 7. #
Messages
Total messages: 12 (0 generated)
|