diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-20 20:04:01 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-20 20:04:01 +0000 |
| commit | 05454a435deac9bce39960ea21e218ebde7d17b5 (patch) | |
| tree | 45960c1d2bec94ee1b9b3ec54d9467ba7e1f4b1a /net/base/x509_certificate_mac.cc | |
| parent | 86cd1df6450f0838b670fdff392dd0d8401fc5ae (diff) | |
| download | chromium_src-05454a435deac9bce39960ea21e218ebde7d17b5.zip chromium_src-05454a435deac9bce39960ea21e218ebde7d17b5.tar.gz chromium_src-05454a435deac9bce39960ea21e218ebde7d17b5.tar.bz2 | |
net: fallback to online revocation checks for EV status when CRLSet has expired.
After this change our CRLSet logic is:
* If we have a fresh CRLSet then we don't do online revocation checks unless the
user has configured them. (It can be configured either via the settings UI,
or with the EnableOnlineRevocationChecks policy option.)
* If we don't have a CRLSet, or if it has expired, and we're trying EV verification,
then we require a positive online revocation check in order to show the EV badge.
An invalid revocation check reply will prevent the EV badge, but not hard-fail
the whole verification.
BUG=none
TEST=net_unittests
Review URL: https://chromiumcodereview.appspot.com/9699043
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127757 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate_mac.cc')
| -rw-r--r-- | net/base/x509_certificate_mac.cc | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc index 9103152..af72451 100644 --- a/net/base/x509_certificate_mac.cc +++ b/net/base/x509_certificate_mac.cc @@ -732,7 +732,6 @@ bool CheckRevocationWithCRLSet(CFArrayRef chain, CRLSet* crl_set) { return false; case CRLSet::UNKNOWN: case CRLSet::GOOD: - case CRLSet::CRL_SET_EXPIRED: continue; default: NOTREACHED(); |