Check self-signed certificate names and signatures

net/cert/x509_certificate_nss.cc

Index: net/cert/x509_certificate_nss.cc
diff --git a/net/cert/x509_certificate_nss.cc b/net/cert/x509_certificate_nss.cc
index 4e6380648a30d469ae94147f8e705f4931ee187d..435e51119346a2c3098cddddbf886b604486405f 100644
--- a/net/cert/x509_certificate_nss.cc
+++ b/net/cert/x509_certificate_nss.cc
@@ -285,8 +285,13 @@ bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
   crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert_handle));
   if (!public_key.get())
     return false;
-  return SECSuccess == CERT_VerifySignedDataWithPublicKey(
-      &cert_handle->signatureWrap, public_key.get(), NULL);
+  if (SECSuccess != CERT_VerifySignedDataWithPublicKey(
+                        &cert_handle->signatureWrap, public_key.get(), NULL)) {
+    return false;
+  }
+  SECComparison c =
+      CERT_CompareName(&cert_handle->subject, &cert_handle->issuer);
+  return c == SECComparison::SECEqual;

[svaldez, 2016/05/24 14:18:01]

nit: You could almost just combine these two lines and kill the local, though
not super important.

 }
 
 }  // namespace net