Hack for AIA fetching on Mac Sierra: On >=10.12, always do FETCH_CRL_…

…FROM_NET if adding a crl policy. BUG=645629 Review-Url: https://codereview.chromium.org/2368453002 Cr-Commit-Position: refs/heads/master@{#420482}
crosswalk-project · Sep 22, 2016 · 97a93ce · 97a93ce
1 parent d96e270
commit 97a93ce
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/net/cert/x509_util_mac.cc b/net/cert/x509_util_mac.cc
@@ -5,6 +5,7 @@
 #include "net/cert/x509_util_mac.h"
 
 #include "base/logging.h"
+#include "base/mac/mac_util.h"
 #include "third_party/apple_apsl/cssmapplePriv.h"
 
 namespace net {
@@ -100,7 +101,9 @@ OSStatus CreateRevocationPolicies(bool enable_revocation_checking,
     // online revocation checking. Note that, as of OS X 10.7.2, the system
     // will set force this flag on according to system policies, so
     // online revocation checks cannot be completely disabled.
-    if (enable_revocation_checking)
+    // Starting with OS X 10.12, if a CRL policy is added without the
+    // FETCH_CRL_FROM_NET flag, AIA fetching is disabled.
+    if (enable_revocation_checking || base::mac::IsAtLeastOS10_12())
       tp_crl_options.CrlFlags = CSSM_TP_ACTION_FETCH_CRL_FROM_NET;
 
     SecPolicyRef crl_policy;