chromium/src
0
Fork 0
Code Activity

Cert Management UI V2: add a few NSS cleanup related TODOs

Browse Source 
Bug: 40928765
Change-Id: Ie9fc6adb08595e2863c5635d38372c1ab03225fa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6198970
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: Hubert Chao <hchao@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1411785}
This commit is contained in:
Matt Mueller
2025-01-27 11:32:12 -08:00
committed by Chromium LUCI CQ
parent b62865680f
commit 2d2e9c271c
3 changed files with 8 additions and 0 deletions
components/server_certificate_database
server_certificate_database_service.cc
net/cert
nss_cert_database.h
services/cert_verifier
cert_verifier_creation.cc

2
components/server_certificate_database/server_certificate_database_service.cc

@ -66,6 +66,8 @@ void ServerCertificateDatabaseService::GetAllCertificates(
// database. Migration will only be done once per profile. If called multiple
// times before migration completes, all the callbacks will be queued and
// processed once the migration is done.
// TODO(crbug.com/390333881): Remove the migration code once sufficient time
// has passed after the feature is launched.
if (prefs_->GetInteger(prefs::kNSSCertsMigratedToServerCertDb) ==
static_cast<int>(NSSMigrationResultPref::kNotMigrated)) {
if (!nss_migrator_) {

3
net/cert/nss_cert_database.h

@ -153,6 +153,9 @@ class NET_EXPORT NSSCertDatabase {
enum class NSSRootsHandling {
kInclude,
// TODO(crbug.com/390333881): kExclude is only used by the old cert
// manager. Remove this and any other no-longer needed NSSCertDatabase
// features once the new cert manager is fully launched.
kExclude,
};
// Asynchronously get a list of certificates along with additional

3
services/cert_verifier/cert_verifier_creation.cc

@ -158,6 +158,9 @@ class CertVerifyProcFactoryImpl : public net::CertVerifyProcFactory {
std::unique_ptr<net::SystemTrustStore> trust_store;
#if BUILDFLAG(IS_CHROMEOS)
if (user_slot_restriction_) {
// TODO(crbug.com/390333881): Remove this (and dependencies/dependants)
// once ServerCertificateDatabase has fully launched and NSS is not used
// for cert verification related certs on ChromeOS.
trust_store =
net::CreateSslSystemTrustStoreChromeRootWithUserSlotRestriction(
std::move(chrome_root), crypto::ScopedPK11Slot(PK11_ReferenceSlot(