Index: net/cert/cert_verify_proc.cc |
diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc |
index d946256101271119c9d3f0f68ddb53651f1aa8cf..4d96379aff7ddf04a5e15767293bfc4bf2f6e223 100644 |
--- a/net/cert/cert_verify_proc.cc |
+++ b/net/cert/cert_verify_proc.cc |
@@ -485,11 +485,11 @@ int CertVerifyProc::Verify(X509Certificate* cert, |
ComputeSignatureHashAlgorithms(verify_result); |
- UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback", |
- verify_result->common_name_fallback_used); |
- if (!verify_result->is_issued_by_known_root) { |
- UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA", |
- verify_result->common_name_fallback_used); |
+ bool allow_common_name_fallback = |
+ !verify_result->is_issued_by_known_root && |
+ (flags & CertVerifier::VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS); |
+ if (!cert->VerifyNameMatch(hostname, allow_common_name_fallback)) { |
+ verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
} |
Ryan Sleevi
2017/02/28 02:16:58
Similarly, I'll be updating tests in CertVerifyPro
|
CheckOCSP(ocsp_response, *verify_result->verified_cert, |