Index: net/cert/cert_verify_proc_ios.cc |
diff --git a/net/cert/cert_verify_proc_ios.cc b/net/cert/cert_verify_proc_ios.cc |
index 19dc20fa7227e4d5fa2519f9d7bae2fc1ae20603..84ecd2aea84ba31730c706d83dc16c03ed414667 100644 |
--- a/net/cert/cert_verify_proc_ios.cc |
+++ b/net/cert/cert_verify_proc_ios.cc |
@@ -266,12 +266,9 @@ int CertVerifyProcIOS::VerifyInternal( |
GetCertChainInfo(final_chain, verify_result); |
- // Perform hostname verification independent of SecTrustEvaluate. |
- if (!verify_result->verified_cert->VerifyNameMatch( |
- hostname, &verify_result->common_name_fallback_used)) { |
- verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
- } |
- |
+ // iOS lacks the ability to distinguish built-in versus non-built-in roots, |
+ // so opt to 'fail open' of any restrictive policies that apply to built-in |
+ // roots. |
verify_result->is_issued_by_known_root = false; |
if (IsCertStatusError(verify_result->cert_status)) |