Chromium Code Reviews Chromium Code Reviews
Issue 6612013:
Add X509Certificate::VerifyCertName(string) API. This will be used... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| Index: net/base/x509_certificate.h |
| =================================================================== |
| --- net/base/x509_certificate.h (revision 76583) |
| +++ net/base/x509_certificate.h (working copy) |
| @@ -287,6 +287,12 @@ |
| int flags, |
| CertVerifyResult* verify_result) const; |
| + // Verifies that |hostname| matches this certificate. |
| + // Does not verify that the certificate is valid, only that the certificate |
| + // matches this host. |
| + // Returns true if it matches. |
|
wtc
2011/03/03 19:38:46
IMPORTANT: Please document that this function may
Mike Belshe
2011/03/03 23:06:14
Done.
|
| + bool VerifyNameMatch(const std::string& hostname) const; |
| + |
| // This method returns the DER encoded certificate. |
| // If the return value is true then the DER encoded certificate is available. |
| // The content of the DER encoded certificate is written to |encoded|. |
| @@ -313,6 +319,13 @@ |
| // Frees (or releases a reference to) an OS certificate handle. |
| static void FreeOSCertHandle(OSCertHandle cert_handle); |
| + // Verifies that |hostname| matches one of the names in |cert_names|, based on |
| + // TLS name matching rules, specifically following http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09#section-4.4.3 |
| + // The members of |cert_names| must have been extracted from the Subject CN or |
| + // SAN fields of a certificate. |
|
wtc
2011/03/03 19:38:46
Please document the limitation that this does not
Mike Belshe
2011/03/03 23:06:14
Done.
|
| + static bool VerifyHostname(const std::string& hostname, |
| + const std::vector<std::string>& cert_names); |
| + |
| private: |
| friend class base::RefCountedThreadSafe<X509Certificate>; |
| friend class TestRootCerts; // For unit tests |
