Add support for certificate name checking

net/base/x509_certificate_openssl.cc

Index: net/base/x509_certificate_openssl.cc
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc
index 1001a883431389c6843eed7f822095a0fcb8fbd4..4c238dc9959e94ea28bdaf3e2c6025699b477c75 100644
--- a/net/base/x509_certificate_openssl.cc
+++ b/net/base/x509_certificate_openssl.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -379,6 +379,14 @@ int X509Certificate::Verify(const std::string& hostname,
                             CertVerifyResult* verify_result) const {
   verify_result->Reset();
 
+  // TODO(joth): We should fetch the subjectAltNames directly rather than via

[wtc, 2010/11/03 00:29:49]

Please file a bug report for this work.

[joth, 2010/11/12 18:55:23]

Done.

+  // GetDNSNames, so we can apply special handling for IP addresses vs DNS
+  // names, etc.
+  std::vector<std::string> cert_names;
+  GetDNSNames(&cert_names);
+  if (!x509_openssl_util::VerifyHostname(hostname, cert_names))
+    verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
+
   ScopedSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx(X509_STORE_CTX_new());
 
   ScopedSSL<STACK_OF(X509), sk_X509_free_fn> intermediates(sk_X509_new_null());