Skip to content

GitLab

T
tangled
Commit c8fa67cf authored by eugenebut's avatar eugenebut Committed by Commit bot
Browse files
Options

[ios] Removed CRLSets usage for WKWebView. 

SecTrust API is used to make load/no-load decision for certs, while
CertVerifier is used to get rejection reason. Using CRLSets to get
rejection reason is impractical, because iOS blacklist is very
different from Chrome blacklist as well as cost to store CRLSets on
disk is very high.

BUG=None

Review URL: https://codereview.chromium.org/1465513002

Cr-Commit-Position: refs/heads/master@{#361212}
parent 0ead9778
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
ios/web/net/crw_cert_verification_controller.mm
View file @ c8fa67cf
......@@ -18,7 +18,6 @@
#include "ios/web/public/web_thread.h"
#import "ios/web/web_state/wk_web_view_security_util.h"
#include "net/cert/cert_verify_result.h"
#include "net/ssl/ssl_config_service.h"
#include "net/url_request/url_request_context.h"
#include "net/url_request/url_request_context_getter.h"
......@@ -430,8 +429,9 @@ decideLoadPolicyForAcceptedTrustResult:(SecTrustResultType)trustResult
web::CertVerifierBlockAdapter::Params params(
blockCert.Pass(), base::SysNSStringToUTF8(host));
params.flags = self.certVerifyFlags;
params.crl_set = net::SSLConfigService::GetCRLSet();
// OCSP response is not provided by iOS API.
// CRLSets are not used, as the OS is used to make load/no-load
// decisions, not the CertVerifier.
_certVerifier->Verify(params, ^(net::CertVerifyResult result, int) {
completionHandler(result, YES);
});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment