Add --ignore-certificate-errors-spki-list switch and UMA histogram.
The switch takes a comma-separated list of base64-encoded, SHA-256
subject public key hashes. If any of the certs presented by the
server match a hash from the list, certificate verification is
skipped, in order to ignore certificate errors.
Presence of the flag is counted in a UMA histogram.
This should allow us to remove the more blunt
--ignore-certificate-errors switch eventually.
11 files changed