commit | e4fe0fb45e055073dca560354951d53128504cfc | [log] [tgz] |
---|---|---|
author | Ryan Sleevi <rsleevi@chromium.org> | Wed Apr 11 16:57:42 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Wed Apr 11 16:57:42 2018 |
tree | 610e65b315a780de3be23013351dc3cb89a79b7c | |
parent | b802af67226a650658df0c2e6a1ee727d42465ad [diff] |
Disable SHA-1 support for Local Anchors by default net::SSLConfig exposes a policy for configuring whether or not to accept SHA-1 certificates issued by locally-trusted (as opposed to publicly trusted) trust anchors. The default for this policy was to accept these certificates, while anything creating an SSLConfigServiceManager under //components/ssl_config would have these disabled by default, unless overridden by preferences. Change the default to be secure-by-default, as embedders can supply an SSLConfigService that best reflects their desired behaviours (if they do not wish the defaults) as part of the URLRequestContext(Builder,Getter). BUG=831240 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo Change-Id: I0bcb3474458ca4e0f3e0a554054eec3046a103bb Reviewed-on: https://chromium-review.googlesource.com/1005416 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#549910}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .