8d60aa54abe0517d756c9d625ece75feabed613a - chromium/src

commit	8d60aa54abe0517d756c9d625ece75feabed613a	[log] [tgz]
author	rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	Fri Aug 08 21:22:45 2014
committer	rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	Fri Aug 08 21:24:05 2014
tree	2f37ad4a17f64323835d78ce33cb756b82c7326b
parent	eb7b4aac673321aee0731cf5fecfeda34ac07317 [diff]

Centralize the logic for checking public key pins from ClientSocketNSS
and ProofVerifierChromium to TransportSecurityState::CheckPublicKeyPins.
This required adding an is_issued_by_known_root argument to this method.

In addition, CheckPublicKeyPins now only checks static pins if the
TransportSecurityState's enable_static_pins_ member is true. This defaults
to true only for official desktop builds. This also means that dynamic
pins are now checked on mobile and on non-official builds.

BUG=398925,391033

Review URL: https://codereview.chromium.org/433123003

Cr-Commit-Position: refs/heads/master@{#288435}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@288435 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed