Google Git
Sign in
chromium / chromium / src / e4fe0fb45e055073dca560354951d53128504cfc
commite4fe0fb45e055073dca560354951d53128504cfc[log] [tgz]
authorRyan Sleevi <rsleevi@chromium.org>Wed Apr 11 16:57:42 2018
committerCommit Bot <commit-bot@chromium.org>Wed Apr 11 16:57:42 2018
tree610e65b315a780de3be23013351dc3cb89a79b7c
parentb802af67226a650658df0c2e6a1ee727d42465ad [diff]
Disable SHA-1 support for Local Anchors by default

net::SSLConfig exposes a policy for configuring whether
or not to accept SHA-1 certificates issued by
locally-trusted (as opposed to publicly trusted) trust
anchors. The default for this policy was to accept these
certificates, while anything creating an
SSLConfigServiceManager under //components/ssl_config
would have these disabled by default, unless overridden
by preferences.

Change the default to be secure-by-default, as embedders
can supply an SSLConfigService that best reflects their
desired behaviours (if they do not wish the defaults) as
part of the URLRequestContext(Builder,Getter).

BUG=831240

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: I0bcb3474458ca4e0f3e0a554054eec3046a103bb
Reviewed-on: https://chromium-review.googlesource.com/1005416
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#549910}
5 files changed
tree: 610e65b315a780de3be23013351dc3cb89a79b7c
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blink/
  6. build/
  7. build_overrides/
  8. cc/
  9. chrome/
  10. chrome_cleaner/
  11. chrome_elf/
  12. chromecast/
  13. chromeos/
  14. cloud_print/
  15. components/
  16. content/
  17. courgette/
  18. crypto/
  19. dbus/
  20. device/
  21. docs/
  22. extensions/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. mash/
  33. media/
  34. mojo/
  35. native_client_sdk/
  36. net/
  37. notification_helper/
  38. pdf/
  39. ppapi/
  40. printing/
  41. remoting/
  42. rlz/
  43. sandbox/
  44. services/
  45. skia/
  46. sql/
  47. storage/
  48. styleguide/
  49. testing/
  50. third_party/
  51. tools/
  52. ui/
  53. url/
  54. webrunner/
  55. .clang-format
  56. .eslintrc.js
  57. .git-blame-ignore-revs
  58. .gitattributes
  59. .gitignore
  60. .gn
  61. .vpython
  62. AUTHORS
  63. BUILD.gn
  64. CODE_OF_CONDUCT.md
  65. codereview.settings
  66. DEPS
  67. ENG_REVIEW_OWNERS
  68. LICENSE
  69. LICENSE.chromium_os
  70. OWNERS
  71. PRESUBMIT.py
  72. PRESUBMIT_test.py
  73. PRESUBMIT_test_mocks.py
  74. README.md
  75. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .