Perform dynamic pin checks even when the build is not timely.

BUG=391032 Review URL: https://codereview.chromium.org/452183002 Cr-Commit-Position: refs/heads/master@{#289389} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289389 0039d316-1c4b-4281-b951-d872f2087c98

Perform dynamic pin checks even when the build is not timely.
BUG=391032 Review URL: https://codereview.chromium.org/452183002 Cr-Commit-Position: refs/heads/master@{#289389} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289389 0039d316-1c4b-4281-b951-d872f2087c98
dd4a4f84 · rch@chromium.org · 7052188e · dd4a4f84
Commit dd4a4f84 authored Aug 13, 2014 by rch@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 7 deletions

net/http/transport_security_state.cc net/http/transport_security_state.cc +1 -7

No files found.
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -133,14 +133,8 @@ bool TransportSecurityState::CheckPublicKeyPins(
  //
  // * the server's certificate chain chains up to a known root (i.e. not a
  //   user-installed trust anchor); and
-  // * the build is recent (very old builds should fail open so that users
-  //   have some chance to recover).
  // * the server actually has public key pins.
-  //
+  if (!is_issued_by_known_root || !HasPublicKeyPins(host, sni_available)) {
-  // TODO(rsleevi): http://crbug.com/391032 - Only disable static HPKP if the
-  // build is not timely.
-  if (!is_issued_by_known_root || !IsBuildTimely() ||
-      !HasPublicKeyPins(host, sni_available)) {
    return true;
  }