Reject certificates that are valid for too long.

This is in conformance with the CA/Browser Forum Baseline Requirements for certificate issuance. This CL is adapted from a diff provided by sigbjorn@opera.com. Thanks! BUG=119211 TBR=abarth Review URL: https://codereview.chromium.org/20628006 Cr-Commit-Position: refs/heads/master@{#303286}
author: palmer <palmer@chromium.org> 2014-11-07 12:32:16 -0800
committer: Commit bot <commit-bot@chromium.org> 2014-11-07 20:32:31 +0000
commit: 15faa5904d553ebff1d72969ab1b7631d7d48d78 (patch)
tree: b701958e46b3ed645a72bbdc6fbe680f67f2a48d /content/browser/ssl
parent: 83a189f34e8b84d6a3c3cee2a42ceec8dc60dbdd (diff)
download: chromium_src-15faa5904d553ebff1d72969ab1b7631d7d48d78.zip
chromium_src-15faa5904d553ebff1d72969ab1b7631d7d48d78.tar.gz
chromium_src-15faa5904d553ebff1d72969ab1b7631d7d48d78.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index 51ae7b2..610f741 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -56,6 +56,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
     case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
     case net::ERR_CERT_WEAK_KEY:
     case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
+    case net::ERR_CERT_VALIDITY_TOO_LONG:
       if (!handler->fatal())
         options_mask |= OVERRIDABLE;
       else
author	palmer <palmer@chromium.org>	2014-11-07 12:32:16 -0800
committer	Commit bot <commit-bot@chromium.org>	2014-11-07 20:32:31 +0000
commit	15faa5904d553ebff1d72969ab1b7631d7d48d78 (patch)
tree	b701958e46b3ed645a72bbdc6fbe680f67f2a48d /content/browser/ssl
parent	83a189f34e8b84d6a3c3cee2a42ceec8dc60dbdd (diff)
download	chromium_src-15faa5904d553ebff1d72969ab1b7631d7d48d78.zip chromium_src-15faa5904d553ebff1d72969ab1b7631d7d48d78.tar.gz chromium_src-15faa5904d553ebff1d72969ab1b7631d7d48d78.tar.bz2