Remove the EV Certs Whitelist

Desktop / Chromium - rsleevi [chromium.org] - 14 June 2017 06:18 EDT

Introduced as part of the 2015/01/01 requirement that all EV certificates should be accompanied by Certificate Transparency information, the EVCertWhitelist contained the set of publicly logged EV certificates issued prior to that date, to ensure they maintained their EV status.

As an EV certificate is only valid for 27 months, the whitelist has been shrinking over time, with the most recent update trimming it to around 100 certificates.

However, as 27 months have passed since 2015/01/01, the whitelist is no longer needed, and as such, the entire supporting infrastructure is also no longer needed.

This rewinds the code by:- Removing the EVCertsWhitelist from //net- Removing the distinct EV CT policy from CTPolicyEnforcer- Unwinding the EV CT status from the CTVerifyResult and SSLInfo- Removing the specific Golomb-coded compressed CT EV whitelist logic- Removing the Component Updater version of the EV whitelist- Removing all metrics related to the EV whitelist

BUG=732427 TBR=lcwu@chromium.org,sergeyu@chromium.org,isherman@chromium.org

Review-Url: https://codereview.chromium.org/2937563002 Cr-Commit-Position: refs/heads/master@{#479343}

cd7390e Remove the EV Certs Whitelist
WATCHLISTS | 1 -
chrome/browser/BUILD.gn | 3 -
chrome/browser/chrome_browser_main.cc | 5 -
.../chromeos/login/session/user_session_manager.cc | 3 -
chrome/browser/component_updater/DEPS | 1 -
.../ev_whitelist_component_installer.cc | 164 ---------------------
.../ev_whitelist_component_installer.h | 61 --------
chromecast/browser/url_request_context_factory.cc | 8 -
components/BUILD.gn | 1 -
components/packed_ct_ev_whitelist/BUILD.gn | 34 -----
components/packed_ct_ev_whitelist/DEPS | 5 -
components/packed_ct_ev_whitelist/OWNERS | 5 -
.../packed_ct_ev_whitelist/bit_stream_reader.cc | 78 ----------
.../packed_ct_ev_whitelist/bit_stream_reader.h | 67 ---------
.../bit_stream_reader_unittest.cc | 100 -------------
.../packed_ct_ev_whitelist.cc | 152 -------------------
.../packed_ct_ev_whitelist.h | 86 -----------
.../packed_ct_ev_whitelist_unittest.cc | 157 --------------------
content/common/common_param_traits_unittest.cc | 3 -
content/common/resource_messages.cc | 3 -
content/common/resource_messages.h | 2 -
.../browser/shell_url_request_context_getter.cc | 8 -
net/BUILD.gn | 1 -
net/cert/ct_ev_whitelist.h | 49 ------
net/cert/ct_policy_enforcer.cc | 163 --------------------
net/cert/ct_policy_enforcer.h | 59 --------
net/cert/ct_policy_enforcer_unittest.cc | 156 ++------------------
net/cert/ct_policy_status.h | 25 ----
net/cert/ct_verify_result.cc | 3 +-
net/cert/ct_verify_result.h | 4 -
.../chromium/crypto/proof_verifier_chromium.cc | 28 +---
.../crypto/proof_verifier_chromium_test.cc | 66 +--------
net/socket/ssl_client_socket_impl.cc | 28 +---
net/socket/ssl_client_socket_unittest.cc | 14 --
net/socket/ssl_server_socket_unittest.cc | 8 -
net/spdy/chromium/spdy_test_util_common.cc | 8 -
net/ssl/ssl_config_service.cc | 19 +--
net/ssl/ssl_config_service.h | 6 -
net/ssl/ssl_info.cc | 3 -
net/ssl/ssl_info.h | 8 +-
net/url_request/url_request_unittest.cc | 8 -
.../protocol/ssl_hmac_channel_authenticator.cc | 8 -
tools/metrics/histograms/enums.xml | 6 +
tools/metrics/histograms/histograms.xml | 11 ++
44 files changed, 52 insertions(+), 1576 deletions(-)

Upstream: git.chromium.org


  • Share