| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 547 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 558 static bool CheckNameConstraints(const std::vector<std::string>& dns_names, | 558 static bool CheckNameConstraints(const std::vector<std::string>& dns_names, |
| 559 const char domains[][kMaxDomainLength]) { | 559 const char domains[][kMaxDomainLength]) { |
| 560 for (std::vector<std::string>::const_iterator i = dns_names.begin(); | 560 for (std::vector<std::string>::const_iterator i = dns_names.begin(); |
| 561 i != dns_names.end(); ++i) { | 561 i != dns_names.end(); ++i) { |
| 562 bool ok = false; | 562 bool ok = false; |
| 563 url::CanonHostInfo host_info; | 563 url::CanonHostInfo host_info; |
| 564 const std::string dns_name = CanonicalizeHost(*i, &host_info); | 564 const std::string dns_name = CanonicalizeHost(*i, &host_info); |
| 565 if (host_info.IsIPAddress()) | 565 if (host_info.IsIPAddress()) |
| 566 continue; | 566 continue; |
| 567 | 567 |
| 568 const size_t registry_len = registry_controlled_domains::GetRegistryLength( |
| 569 dns_name, |
| 570 registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, |
| 571 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); |
| 568 // If the name is not in a known TLD, ignore it. This permits internal | 572 // If the name is not in a known TLD, ignore it. This permits internal |
| 569 // names. | 573 // names. |
| 570 if (!registry_controlled_domains::HostHasRegistryControlledDomain( | 574 if (registry_len == 0) |
| 571 dns_name, registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, | |
| 572 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) | |
| 573 continue; | 575 continue; |
| 574 | 576 |
| 575 for (size_t j = 0; domains[j][0]; ++j) { | 577 for (size_t j = 0; domains[j][0]; ++j) { |
| 576 const size_t domain_length = strlen(domains[j]); | 578 const size_t domain_length = strlen(domains[j]); |
| 577 // The DNS name must have "." + domains[j] as a suffix. | 579 // The DNS name must have "." + domains[j] as a suffix. |
| 578 if (i->size() <= (1 /* period before domain */ + domain_length)) | 580 if (i->size() <= (1 /* period before domain */ + domain_length)) |
| 579 continue; | 581 continue; |
| 580 | 582 |
| 581 std::string suffix = | 583 std::string suffix = |
| 582 base::ToLowerASCII(&(*i)[i->size() - domain_length - 1]); | 584 base::ToLowerASCII(&(*i)[i->size() - domain_length - 1]); |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 741 return true; | 743 return true; |
| 742 | 744 |
| 743 // For certificates issued after 1 April 2015: 39 months. | 745 // For certificates issued after 1 April 2015: 39 months. |
| 744 if (start >= time_2015_04_01 && month_diff > 39) | 746 if (start >= time_2015_04_01 && month_diff > 39) |
| 745 return true; | 747 return true; |
| 746 | 748 |
| 747 return false; | 749 return false; |
| 748 } | 750 } |
| 749 | 751 |
| 750 } // namespace net | 752 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2454553002:
Revert of Reduce buggy usage of the registry controlled domain service. (Closed)
