Beginning with https://security.googleblog.com/2015/03/maintaining-digital-certificate-security.html , a temporary whitelist for CNNIC end-entity certificates was introduced. As sufficient time has passed, remove this whitelist, fully distrusting CNNIC certificates.
O
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d921e149bf9a405d9952e40e12085d4bc3814e8a commit d921e149bf9a405d9952e40e12085d4bc3814e8a Author: rsleevi <rsleevi@chromium.org> Date: Mon Dec 12 22:39:58 2016 Remove the CNNIC whitelist The CNNIC whitelist was temporary, and only contained EE certs. Remove the whitelist, fully distrusting CNNIC. BUG= 673083 Review-Url: https://codereview.chromium.org/2565743004 Cr-Commit-Position: refs/heads/master@{#437935} [modify] https://crrev.com/d921e149bf9a405d9952e40e12085d4bc3814e8a/net/cert/cert_verify_proc_blacklist.inc [modify] https://crrev.com/d921e149bf9a405d9952e40e12085d4bc3814e8a/net/cert/cert_verify_proc_whitelist.cc [modify] https://crrev.com/d921e149bf9a405d9952e40e12085d4bc3814e8a/net/cert/cert_verify_proc_whitelist.h [modify] https://crrev.com/d921e149bf9a405d9952e40e12085d4bc3814e8a/net/cert/cert_verify_proc_whitelist_unittest.cc [add] https://crrev.com/d921e149bf9a405d9952e40e12085d4bc3814e8a/net/data/ssl/blacklist/1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem [modify] https://crrev.com/d921e149bf9a405d9952e40e12085d4bc3814e8a/net/data/ssl/blacklist/README.md [add] https://crrev.com/d921e149bf9a405d9952e40e12085d4bc3814e8a/net/data/ssl/blacklist/e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7.pem
Comment 1 by kongkong...@gmail.com
, Dec 10 2016