Chromium Code Reviews| Index: net/base/x509_certificate_mac.cc |
| =================================================================== |
| --- net/base/x509_certificate_mac.cc (revision 77551) |
| +++ net/base/x509_certificate_mac.cc (working copy) |
| @@ -71,6 +71,14 @@ |
| return CERT_STATUS_REVOKED; |
| case CSSMERR_APPLETP_HOSTNAME_MISMATCH: |
| + // CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT is set if the certificate has an |
| + // empty Subject field but the subjectAltName extension is not marked as |
| + // critical. This interpretation of RFC 5280 Section 4.1.2.6 is overly |
| + // strict. It's not clear whether we can ignore this error, so we report |
| + // it, but map it to an overridable error rather than CERT_STATUS_INVALID. |
| + // Properly issued certificates should not have this error. |
| + // NOTE: to ignore this error, map it to 0. |
| + case CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT: |
|
Ryan Sleevi
2011/03/10 02:30:51
This error is also returned if the EE cert has an
wtc
2011/03/11 00:25:11
Both cases are OK.
Case 1: an EE cert has an empt
|
| return CERT_STATUS_COMMON_NAME_INVALID; |
| case CSSMERR_APPLETP_CRL_NOT_FOUND: |