Require Certificate Transparency status always be considered when establishing a socket |
||
Issue descriptionIn order to support Issue 620178 , all //net consumers establishing sockets should be required to affirmatively consider the CT status, by ensuring a CTVerifier and CTPolicyEvaluator are provided. Downstream consumers of Chromium that intentionally do not intend to apply the mitigations described in Issue 620178 can supply custom implementations that ignore CT information. By requiring (and enforcing with DCHECK) that all implementations consider CT, we can ensure consistent handling and application of policies.
,
Jun 21 2016
,
Jun 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5e6deacd502aea944eaaa37ad51936ad877462af commit 5e6deacd502aea944eaaa37ad51936ad877462af Author: sdefresne <sdefresne@chromium.org> Date: Tue Jun 21 11:53:37 2016 [iOS] Fix initialisation of net::URLRequestContext. After https://codereview.chromium.org/2067843003, the factory method net::URLRequestContextBuilder::SetHttpNetworkSessionComponents checks that ct_policy_enforcer and cert_transparency_verifier are set but did not fix all code path on iOS (as some of them are only excercised by downstream tests). So this CL move the ownership of net::CTPolicyVerifier to the globals variable of IOSChromeIOThread (instead of leaking it) and correctly pass this to the net::URLRequestContext created. BUG= 620179 Review-Url: https://codereview.chromium.org/2084723003 Cr-Commit-Position: refs/heads/master@{#400957} [modify] https://crrev.com/5e6deacd502aea944eaaa37ad51936ad877462af/ios/chrome/browser/browser_state/chrome_browser_state_io_data.cc [modify] https://crrev.com/5e6deacd502aea944eaaa37ad51936ad877462af/ios/chrome/browser/ios_chrome_io_thread.h [modify] https://crrev.com/5e6deacd502aea944eaaa37ad51936ad877462af/ios/chrome/browser/ios_chrome_io_thread.mm |
||
►
Sign in to add a comment |
||
Comment 1 by bugdroid1@chromium.org
, Jun 21 2016