| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 513 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 524 static bool CheckNameConstraints(const std::vector<std::string>& dns_names, | 524 static bool CheckNameConstraints(const std::vector<std::string>& dns_names, |
| 525 const char domains[][kMaxDomainLength]) { | 525 const char domains[][kMaxDomainLength]) { |
| 526 for (std::vector<std::string>::const_iterator i = dns_names.begin(); | 526 for (std::vector<std::string>::const_iterator i = dns_names.begin(); |
| 527 i != dns_names.end(); ++i) { | 527 i != dns_names.end(); ++i) { |
| 528 bool ok = false; | 528 bool ok = false; |
| 529 url::CanonHostInfo host_info; | 529 url::CanonHostInfo host_info; |
| 530 const std::string dns_name = CanonicalizeHost(*i, &host_info); | 530 const std::string dns_name = CanonicalizeHost(*i, &host_info); |
| 531 if (host_info.IsIPAddress()) | 531 if (host_info.IsIPAddress()) |
| 532 continue; | 532 continue; |
| 533 | 533 |
| 534 const size_t registry_len = registry_controlled_domains::GetRegistryLength( | |
| 535 dns_name, | |
| 536 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, | |
| 537 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); | |
| 538 // If the name is not in a known TLD, ignore it. This permits internal | 534 // If the name is not in a known TLD, ignore it. This permits internal |
| 539 // names. | 535 // names. |
| 540 if (registry_len == 0) | 536 if (!registry_controlled_domains::HostHasRegistryControlledDomain( |
| 537 dns_name, registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, |
| 538 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) |
| 541 continue; | 539 continue; |
| 542 | 540 |
| 543 for (size_t j = 0; domains[j][0]; ++j) { | 541 for (size_t j = 0; domains[j][0]; ++j) { |
| 544 const size_t domain_length = strlen(domains[j]); | 542 const size_t domain_length = strlen(domains[j]); |
| 545 // The DNS name must have "." + domains[j] as a suffix. | 543 // The DNS name must have "." + domains[j] as a suffix. |
| 546 if (i->size() <= (1 /* period before domain */ + domain_length)) | 544 if (i->size() <= (1 /* period before domain */ + domain_length)) |
| 547 continue; | 545 continue; |
| 548 | 546 |
| 549 std::string suffix = | 547 std::string suffix = |
| 550 base::ToLowerASCII(&(*i)[i->size() - domain_length - 1]); | 548 base::ToLowerASCII(&(*i)[i->size() - domain_length - 1]); |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 709 return true; | 707 return true; |
| 710 | 708 |
| 711 // For certificates issued after 1 April 2015: 39 months. | 709 // For certificates issued after 1 April 2015: 39 months. |
| 712 if (start >= time_2015_04_01 && month_diff > 39) | 710 if (start >= time_2015_04_01 && month_diff > 39) |
| 713 return true; | 711 return true; |
| 714 | 712 |
| 715 return false; | 713 return false; |
| 716 } | 714 } |
| 717 | 715 |
| 718 } // namespace net | 716 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2433583002:
Reduce buggy usage of the registry controlled domain service. (Closed)
