81 lines
2.9 KiB
Diff
81 lines
2.9 KiB
Diff
From: Jan Engelhardt <jengelh@inai.de>
|
|
Date: Thu, 2 Apr 2015 12:44:23 +0200
|
|
Subject: Remove EV certificates
|
|
|
|
The team chose to let EV certificates appear just like normal
|
|
certificates. The web of trust is considered a failure in itself, so
|
|
do not give users a false sense of extra security with EV certs.
|
|
Instead, let them appear just like regular ones.
|
|
|
|
License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
|
|
Change-Id: Ia943a861dc5cc173c982c969e4864d5ab2930106
|
|
---
|
|
net/cert/ev_root_ca_metadata.cc | 19 ++++++++++++++++++-
|
|
net/cert/ev_root_ca_metadata.h | 4 +---
|
|
2 files changed, 19 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/net/cert/ev_root_ca_metadata.cc b/net/cert/ev_root_ca_metadata.cc
|
|
--- a/net/cert/ev_root_ca_metadata.cc
|
|
+++ b/net/cert/ev_root_ca_metadata.cc
|
|
@@ -40,7 +40,19 @@ struct EVMetadata {
|
|
const base::StringPiece policy_oids[kMaxOIDsPerCA];
|
|
};
|
|
|
|
-#include "net/data/ssl/chrome_root_store/chrome-ev-roots-inc.cc"
|
|
+static const EVMetadata kEvRootCaMetadata[] = {
|
|
+ // need some dummy data to make compiler happy, because
|
|
+ // arraysize() is implemented as a convoluted template rather than
|
|
+ // the traditional sizeof(x)/sizeof(*x)
|
|
+ {
|
|
+ {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
|
|
+ {
|
|
+ "1.3.159.1.17.1",
|
|
+ "",
|
|
+ },
|
|
+ }
|
|
+};
|
|
|
|
#endif // defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
|
|
} // namespace
|
|
@@ -225,6 +237,11 @@ bool EVRootCAMetadata::RemoveEVCA(const SHA256HashValue& fingerprint) {
|
|
// metadata.
|
|
//
|
|
|
|
+bool EVRootCAMetadata::IsCaBrowserForumEvOid(PolicyOID policy_oid) {
|
|
+ LOG(WARNING) << "Not implemented";
|
|
+ return false;
|
|
+}
|
|
+
|
|
bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const {
|
|
LOG(WARNING) << "Not implemented";
|
|
return false;
|
|
diff --git a/net/cert/ev_root_ca_metadata.h b/net/cert/ev_root_ca_metadata.h
|
|
--- a/net/cert/ev_root_ca_metadata.h
|
|
+++ b/net/cert/ev_root_ca_metadata.h
|
|
@@ -20,7 +20,7 @@
|
|
BUILDFLAG(IS_FUCHSIA)
|
|
// When not defined, the EVRootCAMetadata singleton is a dumb placeholder
|
|
// implementation that will fail all EV lookup operations.
|
|
-#define PLATFORM_USES_CHROMIUM_EV_METADATA
|
|
+//#define PLATFORM_USES_CHROMIUM_EV_METADATA
|
|
#endif
|
|
|
|
namespace base {
|
|
@@ -65,12 +65,10 @@ class NET_EXPORT_PRIVATE EVRootCAMetadata {
|
|
bool HasEVPolicyOIDGivenBytes(const SHA256HashValue& fingerprint,
|
|
const der::Input& policy_oid) const;
|
|
|
|
-#if defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
|
|
// Returns true if |policy_oid| is for 2.23.140.1.1 (CA/Browser Forum's
|
|
// Extended Validation Policy). This is used as a hack by the
|
|
// platform-specific CertVerifyProcs when doing EV verification.
|
|
static bool IsCaBrowserForumEvOid(PolicyOID policy_oid);
|
|
-#endif
|
|
|
|
// AddEVCA adds an EV CA to the list of known EV CAs with the given policy.
|
|
// |policy| is expressed as a string of dotted numbers. It returns true on
|
|
--
|
|
2.40.1
|
|
|