summaryrefslogtreecommitdiffstats
path: root/net/socket/ssl_client_socket_nss.cc
diff options
context:
space:
mode:
Diffstat (limited to 'net/socket/ssl_client_socket_nss.cc')
-rw-r--r--net/socket/ssl_client_socket_nss.cc14
1 files changed, 2 insertions, 12 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index e1b69fc..c2bc843 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1461,18 +1461,8 @@ int SSLClientSocketNSS::DoVerifyCert(int result) {
}
int flags = 0;
- if (ssl_config_.rev_checking_enabled) {
- const std::string& hostname = host_and_port_.host();
- // is_pinned is an approximation but is currently accurate. Even if more
- // pinned sites are added, this errs on the site of caution.
- bool is_pinned = hostname == "google.com" ||
- (hostname.size() > 11 &&
- hostname.rfind(".google.com") == hostname.size() - 11);
- if (!is_pinned ||
- !SSLConfigService::rev_checking_disabled_for_pinned_sites()) {
- flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
- }
- }
+ if (ssl_config_.rev_checking_enabled)
+ flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
if (ssl_config_.verify_ev_cert)
flags |= X509Certificate::VERIFY_EV_CERT;
verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
generated by cgit v1.1 at 2025-02-12 19:19:00 +0000