diff options
| author | matthewyuan <matthewyuan@google.com> | 2014-11-11 09:38:00 -0800 |
|---|---|---|
| committer | matthewyuan <matthewyuan@google.com> | 2014-11-11 17:39:52 +0000 |
| commit | eb1c866cc26014767e795ebcc83bb952a495fe77 (patch) | |
| tree | d27a501e30d412c18887945b72308db22e9874cd /net/cert/cert_verify_proc.h | |
| parent | d876775344438790e3116f1415e6f43b8f49889e (diff) | |
| download | chromium_src-eb1c866cc26014767e795ebcc83bb952a495fe77.zip chromium_src-eb1c866cc26014767e795ebcc83bb952a495fe77.tar.gz chromium_src-eb1c866cc26014767e795ebcc83bb952a495fe77.tar.bz2 | |
Cherrypicking revert which caused a bug.
BUG=431907
Revert "Reject certificates that are valid for too long."
Was: https://codereview.chromium.org/20628006
We want this change in M41, not M40. Also, it has a date math bug. A new CL
to fix the bug and re-land will come soon.
BUG=119211
TBR=rsleevi@chromium.org,abarth,felt
Review URL: https://codereview.chromium.org/717653002
Cr-Commit-Position: refs/heads/master@{#303562}
(cherry picked from commit 03ef2046664b096b28ccc753d081050a3cd117d5)
Review URL: https://codereview.chromium.org/716843002
Cr-Commit-Position: refs/branch-heads/2214@{#8}
Cr-Branched-From: 03655fd3f6d72165dc3c9bd2c89807305316fe6c-refs/heads/master@{#303346}
Diffstat (limited to 'net/cert/cert_verify_proc.h')
| -rw-r--r-- | net/cert/cert_verify_proc.h | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/net/cert/cert_verify_proc.h b/net/cert/cert_verify_proc.h index f60ed6d..95e464e 100644 --- a/net/cert/cert_verify_proc.h +++ b/net/cert/cert_verify_proc.h @@ -73,7 +73,6 @@ class NET_EXPORT CertVerifyProc private: friend class base::RefCountedThreadSafe<CertVerifyProc>; FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts); - FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, TestHasTooLongValidity); // Performs the actual verification using the desired underlying // cryptographic library. @@ -100,18 +99,6 @@ class NET_EXPORT CertVerifyProc const std::vector<std::string>& dns_names, const std::vector<std::string>& ip_addrs); - // The CA/Browser Forum's Baseline Requirements specify maximum validity - // periods (https://cabforum.org/Baseline_Requirements_V1.pdf): - // - // For certificates issued after 1 July 2012: 60 months. - // For certificates issued after 1 April 2015: 39 months. - // - // For certificates issued before the BRs took effect, there were no - // guidelines, but clamp them at a maximum of 10 year validity, with the - // requirement they expire within 7 years after the effective date of the BRs - // (i.e. by 1 July 2019). - static bool HasTooLongValidity(const X509Certificate& cert); - DISALLOW_COPY_AND_ASSIGN(CertVerifyProc); }; |