| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <map> | 10 #include <map> |
| (...skipping 498 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 509 DCHECK(!hostname.empty()); | 509 DCHECK(!hostname.empty()); |
| 510 // Perform name verification following http://tools.ietf.org/html/rfc6125. | 510 // Perform name verification following http://tools.ietf.org/html/rfc6125. |
| 511 // The terminology used in this method is as per that RFC:- | 511 // The terminology used in this method is as per that RFC:- |
| 512 // Reference identifier == the host the local user/agent is intending to | 512 // Reference identifier == the host the local user/agent is intending to |
| 513 // access, i.e. the thing displayed in the URL bar. | 513 // access, i.e. the thing displayed in the URL bar. |
| 514 // Presented identifier(s) == name(s) the server knows itself as, in its cert. | 514 // Presented identifier(s) == name(s) the server knows itself as, in its cert. |
| 515 | 515 |
| 516 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address. | 516 // CanonicalizeHost requires surrounding brackets to parse an IPv6 address. |
| 517 const std::string host_or_ip = hostname.find(':') != std::string::npos ? | 517 const std::string host_or_ip = hostname.find(':') != std::string::npos ? |
| 518 "[" + hostname + "]" : hostname; | 518 "[" + hostname + "]" : hostname; |
| 519 url_canon::CanonHostInfo host_info; | 519 url::CanonHostInfo host_info; |
| 520 std::string reference_name = CanonicalizeHost(host_or_ip, &host_info); | 520 std::string reference_name = CanonicalizeHost(host_or_ip, &host_info); |
| 521 // CanonicalizeHost does not normalize absolute vs relative DNS names. If | 521 // CanonicalizeHost does not normalize absolute vs relative DNS names. If |
| 522 // the input name was absolute (included trailing .), normalize it as if it | 522 // the input name was absolute (included trailing .), normalize it as if it |
| 523 // was relative. | 523 // was relative. |
| 524 if (!reference_name.empty() && *reference_name.rbegin() == '.') | 524 if (!reference_name.empty() && *reference_name.rbegin() == '.') |
| 525 reference_name.resize(reference_name.size() - 1); | 525 reference_name.resize(reference_name.size() - 1); |
| 526 if (reference_name.empty()) | 526 if (reference_name.empty()) |
| 527 return false; | 527 return false; |
| 528 | 528 |
| 529 // Allow fallback to Common name matching? | 529 // Allow fallback to Common name matching? |
| 530 const bool common_name_fallback = cert_san_dns_names.empty() && | 530 const bool common_name_fallback = cert_san_dns_names.empty() && |
| 531 cert_san_ip_addrs.empty(); | 531 cert_san_ip_addrs.empty(); |
| 532 *common_name_fallback_used = common_name_fallback; | 532 *common_name_fallback_used = common_name_fallback; |
| 533 | 533 |
| 534 // Fully handle all cases where |hostname| contains an IP address. | 534 // Fully handle all cases where |hostname| contains an IP address. |
| 535 if (host_info.IsIPAddress()) { | 535 if (host_info.IsIPAddress()) { |
| 536 if (common_name_fallback && | 536 if (common_name_fallback && host_info.family == url::CanonHostInfo::IPV4) { |
| 537 host_info.family == url_canon::CanonHostInfo::IPV4) { | |
| 538 // Fallback to Common name matching. As this is deprecated and only | 537 // Fallback to Common name matching. As this is deprecated and only |
| 539 // supported for compatibility refuse it for IPv6 addresses. | 538 // supported for compatibility refuse it for IPv6 addresses. |
| 540 return reference_name == cert_common_name; | 539 return reference_name == cert_common_name; |
| 541 } | 540 } |
| 542 base::StringPiece ip_addr_string( | 541 base::StringPiece ip_addr_string( |
| 543 reinterpret_cast<const char*>(host_info.address), | 542 reinterpret_cast<const char*>(host_info.address), |
| 544 host_info.AddressLength()); | 543 host_info.AddressLength()); |
| 545 return std::find(cert_san_ip_addrs.begin(), cert_san_ip_addrs.end(), | 544 return std::find(cert_san_ip_addrs.begin(), cert_san_ip_addrs.end(), |
| 546 ip_addr_string) != cert_san_ip_addrs.end(); | 545 ip_addr_string) != cert_san_ip_addrs.end(); |
| 547 } | 546 } |
| (...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 728 RemoveFromCache(cert_handle_); | 727 RemoveFromCache(cert_handle_); |
| 729 FreeOSCertHandle(cert_handle_); | 728 FreeOSCertHandle(cert_handle_); |
| 730 } | 729 } |
| 731 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 730 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| 732 RemoveFromCache(intermediate_ca_certs_[i]); | 731 RemoveFromCache(intermediate_ca_certs_[i]); |
| 733 FreeOSCertHandle(intermediate_ca_certs_[i]); | 732 FreeOSCertHandle(intermediate_ca_certs_[i]); |
| 734 } | 733 } |
| 735 } | 734 } |
| 736 | 735 |
| 737 } // namespace net | 736 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 255333003:
Renamed namespaces in src/net. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src