Disable commonName matching for certificates

net/cert/x509_certificate_unittest.cc

Index: net/cert/x509_certificate_unittest.cc
diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc
index 9cadb266849f493a6b915d34573a3f079fda864a..84048824b36a9e1eae8befa388199133870417d7 100644
--- a/net/cert/x509_certificate_unittest.cc
+++ b/net/cert/x509_certificate_unittest.cc
@@ -167,12 +167,11 @@ TEST(X509CertificateTest, WebkitCertParsing) {
   EXPECT_EQ("webkit.org", dns_names[1]);
 
   // Test that the wildcard cert matches properly.
-  bool unused = false;
-  EXPECT_TRUE(webkit_cert->VerifyNameMatch("www.webkit.org", &unused));
-  EXPECT_TRUE(webkit_cert->VerifyNameMatch("foo.webkit.org", &unused));
-  EXPECT_TRUE(webkit_cert->VerifyNameMatch("webkit.org", &unused));
-  EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.webkit.com", &unused));
-  EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.foo.webkit.com", &unused));
+  EXPECT_TRUE(webkit_cert->VerifyNameMatch("www.webkit.org", false));
+  EXPECT_TRUE(webkit_cert->VerifyNameMatch("foo.webkit.org", false));
+  EXPECT_TRUE(webkit_cert->VerifyNameMatch("webkit.org", false));
+  EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.webkit.com", false));
+  EXPECT_FALSE(webkit_cert->VerifyNameMatch("www.foo.webkit.com", false));
 }
 
 TEST(X509CertificateTest, ThawteCertParsing) {
@@ -1143,9 +1142,8 @@ TEST_P(X509CertificateNameVerifyTest, VerifyHostname) {
     }
   }
 
-  bool unused = false;
   EXPECT_EQ(test_data.expected, X509Certificate::VerifyHostname(
-      test_data.hostname, common_name, dns_names, ip_addressses, &unused));
+      test_data.hostname, common_name, dns_names, ip_addressses, true));

[Ryan Sleevi, 2017/02/28 02:16:58]

I'll be adding additional tests to cover these permutations.

 }
 
 INSTANTIATE_TEST_CASE_P(, X509CertificateNameVerifyTest,