|
@@ -1,101 +0,0 @@
|
|
|
-From: Jan Engelhardt <jengelh@inai.de>
|
|
|
-Date: Thu, 2 Apr 2015 12:44:23 +0200
|
|
|
-Subject: Remove EV certificates
|
|
|
-
|
|
|
-The team chose to let EV certificates appear just like normal
|
|
|
-certificates. The web of trust is considered a failure in itself, so
|
|
|
-do not give users a false sense of extra security with EV certs.
|
|
|
-Instead, let them appear just like regular ones.
|
|
|
----
|
|
|
- net/cert/ev_root_ca_metadata.cc | 13 +++++++++----
|
|
|
- net/cert/ev_root_ca_metadata.h | 6 ++----
|
|
|
- 2 files changed, 11 insertions(+), 8 deletions(-)
|
|
|
-
|
|
|
-diff --git a/net/cert/ev_root_ca_metadata.cc b/net/cert/ev_root_ca_metadata.cc
|
|
|
---- a/net/cert/ev_root_ca_metadata.cc
|
|
|
-+++ b/net/cert/ev_root_ca_metadata.cc
|
|
|
-@@ -4,7 +4,7 @@
|
|
|
-
|
|
|
- #include "net/cert/ev_root_ca_metadata.h"
|
|
|
-
|
|
|
--#if defined(USE_NSS_CERTS)
|
|
|
-+#if defined(USE_NSS_CERTS) && defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
|
|
|
- #include <cert.h>
|
|
|
- #include <pkcs11n.h>
|
|
|
- #include <secerr.h>
|
|
|
-@@ -19,7 +19,7 @@
|
|
|
- #include "base/logging.h"
|
|
|
- #include "base/strings/string_piece.h"
|
|
|
- #include "net/der/input.h"
|
|
|
--#if defined(USE_NSS_CERTS)
|
|
|
-+#if defined(USE_NSS_CERTS) && defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
|
|
|
- #include "crypto/nss_util.h"
|
|
|
- #elif defined(PLATFORM_USES_CHROMIUM_EV_METADATA) || defined(OS_WIN)
|
|
|
- #include "third_party/boringssl/src/include/openssl/bytestring.h"
|
|
|
-@@ -763,7 +763,7 @@ EVRootCAMetadata* EVRootCAMetadata::GetInstance() {
|
|
|
- return g_ev_root_ca_metadata.Pointer();
|
|
|
- }
|
|
|
-
|
|
|
--#if defined(USE_NSS_CERTS)
|
|
|
-+#if defined(USE_NSS_CERTS) && defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
|
|
|
-
|
|
|
- namespace {
|
|
|
- // Converts a DER-encoded OID (without leading tag and length) to a SECOidTag.
|
|
|
-@@ -1045,6 +1045,11 @@ bool EVRootCAMetadata::RemoveEVCA(const SHA256HashValue& fingerprint) {
|
|
|
- // metadata.
|
|
|
- //
|
|
|
-
|
|
|
-+bool EVRootCAMetadata::IsCaBrowserForumEvOid(PolicyOID policy_oid) {
|
|
|
-+ LOG(WARNING) << "Not implemented";
|
|
|
-+ return false;
|
|
|
-+}
|
|
|
-+
|
|
|
- bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const {
|
|
|
- LOG(WARNING) << "Not implemented";
|
|
|
- return false;
|
|
|
-@@ -1084,7 +1089,7 @@ bool EVRootCAMetadata::RemoveEVCA(const SHA256HashValue& fingerprint) {
|
|
|
-
|
|
|
- EVRootCAMetadata::EVRootCAMetadata() {
|
|
|
- // Constructs the object from the raw metadata in kEvRootCaMetadata.
|
|
|
--#if defined(USE_NSS_CERTS)
|
|
|
-+#if defined(USE_NSS_CERTS) && defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
|
|
|
- crypto::EnsureNSSInit();
|
|
|
-
|
|
|
- for (const auto& ev_root : kEvRootCaMetadata) {
|
|
|
-diff --git a/net/cert/ev_root_ca_metadata.h b/net/cert/ev_root_ca_metadata.h
|
|
|
---- a/net/cert/ev_root_ca_metadata.h
|
|
|
-+++ b/net/cert/ev_root_ca_metadata.h
|
|
|
-@@ -24,7 +24,7 @@
|
|
|
- defined(OS_FUCHSIA)
|
|
|
- // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
|
|
|
- // implementation that will fail all EV lookup operations.
|
|
|
--#define PLATFORM_USES_CHROMIUM_EV_METADATA
|
|
|
-+//#define PLATFORM_USES_CHROMIUM_EV_METADATA
|
|
|
- #endif
|
|
|
-
|
|
|
- namespace base {
|
|
|
-@@ -68,12 +68,10 @@ class NET_EXPORT_PRIVATE EVRootCAMetadata {
|
|
|
- bool HasEVPolicyOIDGivenBytes(const SHA256HashValue& fingerprint,
|
|
|
- const der::Input& policy_oid) const;
|
|
|
-
|
|
|
--#if defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
|
|
|
- // Returns true if |policy_oid| is for 2.23.140.1.1 (CA/Browser Forum's
|
|
|
- // Extended Validation Policy). This is used as a hack by the
|
|
|
- // platform-specific CertVerifyProcs when doing EV verification.
|
|
|
- static bool IsCaBrowserForumEvOid(PolicyOID policy_oid);
|
|
|
--#endif
|
|
|
-
|
|
|
- // AddEVCA adds an EV CA to the list of known EV CAs with the given policy.
|
|
|
- // |policy| is expressed as a string of dotted numbers. It returns true on
|
|
|
-@@ -90,7 +88,7 @@ class NET_EXPORT_PRIVATE EVRootCAMetadata {
|
|
|
- EVRootCAMetadata();
|
|
|
- ~EVRootCAMetadata();
|
|
|
-
|
|
|
--#if defined(USE_NSS_CERTS)
|
|
|
-+#if defined(USE_NSS_CERTS) && defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
|
|
|
- using PolicyOIDMap = std::map<SHA256HashValue, std::vector<PolicyOID>>;
|
|
|
-
|
|
|
- // RegisterOID registers |policy|, a policy OID in dotted string form, and
|
|
|
---
|
|
|
-2.11.0
|
|
|
-
|