diff options
author | Eugene But <eugenebut@google.com> | 2015-12-07 09:32:06 -0800 |
---|---|---|
committer | Eugene But <eugenebut@google.com> | 2015-12-07 17:33:38 +0000 |
commit | 9c23ac1fb4b17d8f33056cf01a7ade8d152b8556 (patch) | |
tree | cd21de47292b196321b9a2ab68a95d29fa4bf595 | |
parent | 9fd42dd40d33146ff9afd92f51714f0426c1247c (diff) | |
download | chromium_src-9c23ac1fb4b17d8f33056cf01a7ade8d152b8556.zip chromium_src-9c23ac1fb4b17d8f33056cf01a7ade8d152b8556.tar.gz chromium_src-9c23ac1fb4b17d8f33056cf01a7ade8d152b8556.tar.bz2 |
[ios] Removed CRLSets usage for WKWebView.
SecTrust API is used to make load/no-load decision for certs, while
CertVerifier is used to get rejection reason. Using CRLSets to get
rejection reason is impractical, because iOS blacklist is very
different from Chrome blacklist as well as cost to store CRLSets on
disk is very high.
BUG=None
Review URL: https://codereview.chromium.org/1465513002
Cr-Commit-Position: refs/heads/master@{#361212}
(cherry picked from commit c8fa67cfb0a220dc259cd433c2f5496b6fb80cbc)
Review URL: https://codereview.chromium.org/1506923002 .
Cr-Commit-Position: refs/branch-heads/2526@{#506}
Cr-Branched-From: cb947c0153db0ec02a8abbcb3ca086d88bf6006f-refs/heads/master@{#352221}
-rw-r--r-- | ios/web/net/crw_cert_verification_controller.mm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ios/web/net/crw_cert_verification_controller.mm b/ios/web/net/crw_cert_verification_controller.mm index 42d3738..a2036dd 100644 --- a/ios/web/net/crw_cert_verification_controller.mm +++ b/ios/web/net/crw_cert_verification_controller.mm @@ -18,7 +18,6 @@ #include "ios/web/public/web_thread.h" #import "ios/web/web_state/wk_web_view_security_util.h" #include "net/cert/cert_verify_result.h" -#include "net/ssl/ssl_config_service.h" #include "net/url_request/url_request_context.h" #include "net/url_request/url_request_context_getter.h" @@ -430,8 +429,9 @@ decideLoadPolicyForAcceptedTrustResult:(SecTrustResultType)trustResult web::CertVerifierBlockAdapter::Params params( blockCert.Pass(), base::SysNSStringToUTF8(host)); params.flags = self.certVerifyFlags; - params.crl_set = net::SSLConfigService::GetCRLSet(); // OCSP response is not provided by iOS API. + // CRLSets are not used, as the OS is used to make load/no-load + // decisions, not the CertVerifier. _certVerifier->Verify(params, ^(net::CertVerifyResult result, int) { completionHandler(result, YES); }); |