-
Adrian Taylor authored
On Android and iOS platforms, we do not currently pin TLS connections, so verifying Variations payloads is important to ensure that the data has not been tampered with in transit from Google to the device. Such verification of these payloads on mobile devices previously added 25ms to process startup; modern mobile devices are much quicker and we do not anticipate such an impact but we will assess on the perf bots. Unfortunately we can't delete the SignatureVerificationEnabled() call entirely because it's still needed in order to disable signature verification for unit tests. This would be hard to solve because unit tests would need to simulate the real signing procedure of the variations servers, using their private key. This may be worth further investigation in future (e.g. using a different key pair for unit tests) as it would allow removal of quite a bit of production code. Change-Id: I9cb89750e100bf7204140920583db8bd0fa0f41a Bug: 1078056 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2181564 Commit-Queue: Adrian Taylor <adetaylor@chromium.org> Reviewed-by:
Alexei Svitkine <asvitkine@chromium.org> Reviewed-by:
Bo <boliu@chromium.org> Cr-Commit-Position: refs/heads/master@{#770744}
2613db76
