Add support for certificate name checking

net/base/x509_openssl_util.h

Index: net/base/x509_openssl_util.h
diff --git a/net/base/x509_openssl_util.h b/net/base/x509_openssl_util.h
index 5ac511bdfefbf1a4b4a84d2b7209f58a2ab12785..5c927fff56df3b793c0962f93692d0838d6a9d17 100644
--- a/net/base/x509_openssl_util.h
+++ b/net/base/x509_openssl_util.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -10,6 +10,7 @@
 #include <openssl/x509v3.h>
 
 #include <string>
+#include <vector>
 
 namespace base {
 class Time;
@@ -32,6 +33,15 @@ bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value);
 
 bool ParseDate(ASN1_TIME* x509_time, base::Time* time);
 
+// Verifies that |hostname| matches one of the names in |cert_names|, based on
+// TLS name matching rules. The members of |cert_names| must have been

[wtc, 2010/11/03 00:29:49]

Nit: cite the RFC or Internet-Draft that specifies the TLS name matching rules.

[joth, 2010/11/12 18:55:23]

Done.

+// extracted from the Subject CN or SAN fields of a certificate. See also
+// GetDNSNames.
+// TODO(joth): Investigate if we can upstream this into the OpenSSL library,
+// to avoid duplicating this logic across projects.
+bool VerifyHostname(const std::string& hostname,
+                    const std::vector<std::string>& cert_names);
+
 } // namespace x509_openssl_util
 
 } // namespace net