| Index: net/base/x509_certificate_mac.cc
|
| ===================================================================
|
| --- net/base/x509_certificate_mac.cc (revision 77730)
|
| +++ net/base/x509_certificate_mac.cc (working copy)
|
| @@ -71,6 +71,14 @@
|
| return CERT_STATUS_REVOKED;
|
|
|
| case CSSMERR_APPLETP_HOSTNAME_MISMATCH:
|
| + // CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT is set if the certificate has an
|
| + // empty Subject field but the subjectAltName extension is not marked as
|
| + // critical. This interpretation of RFC 5280 Section 4.1.2.6 is overly
|
| + // strict. It's not clear whether we can ignore this error, so we report
|
| + // it, but map it to an overridable error rather than CERT_STATUS_INVALID.
|
| + // Properly issued certificates should not have this error.
|
| + // NOTE: to ignore this error, map it to 0.
|
| + case CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT:
|
| return CERT_STATUS_COMMON_NAME_INVALID;
|
|
|
| case CSSMERR_APPLETP_CRL_NOT_FOUND:
|
|
|