While working on cleaning up how CRLSets and SSLConfigs are populated through the stack, I noticed that the https://developer.chrome.com/extensions/platformKeys#method-verifyTLSServerCertificate method doesn't respect Enterprise-provided settings, such as SHA-1, revocation checking, or legacy Symantec support.
I'm filing this issue because I'll be changing the API to also no longer respect CRLSets, as they'll be explicitly configured on the SSLConfig. Per the method documentation, this is documented as an acceptable change, but filing this so we can track enabling full support (which will be easier in M70)
Comment 1 by hunyadym@chromium.org
, Jul 10