angler-fishThe Vulnerability History Project

Tie the lifetime of persisted transport-security metatdata to clearing cookies,

      thus giving the user control over it.
This involved adding in a &quotcreation&quot date to the metadata so we can respect the
user's choice of how far back to go when deleting browsing data. Care is taken
to handle older metadata without the creation date set.
Also fix a bug whereby we weren't making sure to persist the removed metadata
when it expires.

BUG=33445
TEST=TransportSecurityStateTest.DeleteSince, TransportSecurityStateTest.SerializeOld

Review URL: http://codereview.chromium.org/652035

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39684 0039d316-1c4b-4281-b951-d872f2087c98
by Jody the Dormouse 2010-02-23 01:03:10 UTC
commit 4d0d808d8a3d9bc767d01aa1c04c739ea4e22ec8
Chromium Fix CVE-2010-1230
chrome/browser/browsing_data_remover.cc
-8
chrome/browser/transport_security_persister.cc
+7 -15
net/base/transport_security_state.cc
+3 -47
net/base/transport_security_state.h
+1 -6
net/base/transport_security_state_unittest.cc
+3 -46
expand_less