Index: chrome/browser/ssl/ssl_policy.cc |
=================================================================== |
--- chrome/browser/ssl/ssl_policy.cc (revision 62112) |
+++ chrome/browser/ssl/ssl_policy.cc (working copy) |
@@ -32,6 +32,17 @@ |
#include "net/base/ssl_info.h" |
#include "webkit/glue/resource_type.h" |
+namespace { |
+ |
+static const char kDot = '.'; |
+ |
+static bool IsIntranetHost(const std::string& host) { |
+ const size_t dot = host.find(kDot); |
+ return dot == std::string::npos || dot == host.length() - 1; |
+} |
+ |
+} // namespace |
+ |
SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) |
: backend_(backend) { |
DCHECK(backend_); |
@@ -151,6 +162,15 @@ |
return; |
} |
+ if (!(entry->ssl().cert_status() & net::CERT_STATUS_COMMON_NAME_INVALID)) { |
+ // CAs issue certificates for intranet hosts to everyone. Therefore, we |
+ // mark intranet hosts as being non-unique. |
+ if (IsIntranetHost(entry->url().host())) { |
+ entry->ssl().set_cert_status(entry->ssl().cert_status() | |
+ net::CERT_STATUS_NON_UNIQUE_NAME); |
+ } |
+ } |
+ |
// If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error, |
// don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN. |
int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS; |