Comment #18 on issue 4150 by kaiser.freddy: Security: SwissSign Root marked
for EV
http://code.google.com/p/chromium/issues/detail?id=4150
Engineering Feedback: "We do no longer pass a list of acceptable policy
OIDs to the
ConstructCertChain() function. This has the effect that CA certificates
and the subscriber certificate may have different policy sets. The
change was necessary in order to facilitate chain building for SwissSign
EV certificates.
Please note that the X509Certificate::IsEV() function still checks that
the subscriber certificate contains the correct policy OID. The actual
difference introduced by the patch is that the EV policy must no longer
be present in each certificate in the chain.
The behavior was inspired by Firefox, which also ignores the policies of
the root and intermediate certificates. According to sources at
Microsoft, their Internet Explorer follows a similar approach.
to build in my environment."
Attachments:
chrome-ev.patch 2.5 KB
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
