summaryrefslogtreecommitdiffstats
path: root/components/onc/docs
diff options
context:
space:
mode:
authorpneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-12-16 11:06:32 +0000
committerpneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-12-16 11:06:32 +0000
commit0082a836e98e76e883d1034f4eab42017f054c35 (patch)
tree78b062118ebb1591bdfa3894a0c047156c249050 /components/onc/docs
parent5b1ce25093fa93ae91366a05af80bcff999b113a (diff)
downloadchromium_src-0082a836e98e76e883d1034f4eab42017f054c35.zip
chromium_src-0082a836e98e76e883d1034f4eab42017f054c35.tar.gz
chromium_src-0082a836e98e76e883d1034f4eab42017f054c35.tar.bz2
ONC: Reject ServerCARef in IPsec if PSK is used.
Looking at IpsecManager::Initialize in platform/vpn-manager/ipsec_manager.cc, then a CA certificate for server verification is rejected if a PSK is set. However, in ONC, the ServerCARef was silently ignored if PSK was used. This might unintentionally reduce security. Note: ServerCARef from ONC maps to server_ca_file in IpsecManager::Initialize. PSK from ONC maps to psk_file in IpsecManager::Initialize. BUG=276291 R=bartfab@chromium.org Review URL: https://codereview.chromium.org/62173002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240865 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'components/onc/docs')
-rw-r--r--components/onc/docs/onc_spec.html2
1 files changed, 1 insertions, 1 deletions
diff --git a/components/onc/docs/onc_spec.html b/components/onc/docs/onc_spec.html
index f7c87e6..709ca0f 100644
--- a/components/onc/docs/onc_spec.html
+++ b/components/onc/docs/onc_spec.html
@@ -753,7 +753,7 @@
<dd>
<span class="field_meta">
(required if <span class="field">AuthenticationType</span>
- is <span class="value">Cert</span>, otherwise ignored)
+ is <span class="value">Cert</span>, otherwise rejected)
<span class="type">string</span>
</span>
Reference to server certificate authority stored in certificate section.