• rsleevi's avatar
    Remove the EV Certs Whitelist · cd7390ed
    rsleevi authored
    Introduced as part of the 2015/01/01 requirement that all EV
    certificates should be accompanied by Certificate Transparency
    information, the EVCertWhitelist contained the set of publicly
    logged EV certificates issued prior to that date, to ensure they
    maintained their EV status.
    As an EV certificate is only valid for 27 months, the whitelist has
    been shrinking over time, with the most recent update trimming it to
    around 100 certificates.
    However, as 27 months have passed since 2015/01/01, the whitelist is
    no longer needed, and as such, the entire supporting infrastructure is
    also no longer needed.
    This rewinds the code by:
      - Removing the EVCertsWhitelist from //net
      - Removing the distinct EV CT policy from CTPolicyEnforcer
      - Unwinding the EV CT status from the CTVerifyResult and SSLInfo
      - Removing the specific Golomb-coded compressed CT EV whitelist logic
      - Removing the Component Updater version of the EV whitelist
      - Removing all metrics related to the EV whitelist
    Review-Url: https://codereview.chromium.org/2937563002
    Cr-Commit-Position: refs/heads/master@{#479343}
ssl_hmac_channel_authenticator.cc 15.4 KB