diff options
author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-16 11:06:32 +0000 |
---|---|---|
committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-16 11:06:32 +0000 |
commit | 0082a836e98e76e883d1034f4eab42017f054c35 (patch) | |
tree | 78b062118ebb1591bdfa3894a0c047156c249050 /components/onc/docs | |
parent | 5b1ce25093fa93ae91366a05af80bcff999b113a (diff) | |
download | chromium_src-0082a836e98e76e883d1034f4eab42017f054c35.zip chromium_src-0082a836e98e76e883d1034f4eab42017f054c35.tar.gz chromium_src-0082a836e98e76e883d1034f4eab42017f054c35.tar.bz2 |
ONC: Reject ServerCARef in IPsec if PSK is used.
Looking at IpsecManager::Initialize in platform/vpn-manager/ipsec_manager.cc, then a CA certificate for server verification is rejected if a PSK is set.
However, in ONC, the ServerCARef was silently ignored if PSK was used. This might unintentionally reduce security.
Note: ServerCARef from ONC maps to server_ca_file in IpsecManager::Initialize.
PSK from ONC maps to psk_file in IpsecManager::Initialize.
BUG=276291
R=bartfab@chromium.org
Review URL: https://codereview.chromium.org/62173002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240865 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'components/onc/docs')
-rw-r--r-- | components/onc/docs/onc_spec.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/components/onc/docs/onc_spec.html b/components/onc/docs/onc_spec.html index f7c87e6..709ca0f 100644 --- a/components/onc/docs/onc_spec.html +++ b/components/onc/docs/onc_spec.html @@ -753,7 +753,7 @@ <dd> <span class="field_meta"> (required if <span class="field">AuthenticationType</span> - is <span class="value">Cert</span>, otherwise ignored) + is <span class="value">Cert</span>, otherwise rejected) <span class="type">string</span> </span> Reference to server certificate authority stored in certificate section. |