Index: net/cert/cert_verify_proc_mac.cc |
diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc |
index 987eed236e46f14d2f9066ebd9a0ecc87c6d2a57..234d95997494cd86d831c4f408b429756515beab 100644 |
--- a/net/cert/cert_verify_proc_mac.cc |
+++ b/net/cert/cert_verify_proc_mac.cc |
@@ -988,8 +988,8 @@ int VerifyWithGivenFlags(X509Certificate* cert, |
break; |
} |
- // Perform hostname verification independent of SecTrustEvaluate. In order to |
- // do so, mask off any reported name errors first. |
+ // Hostname validation is handled by CertVerifyProc, so mask off any errors |
+ // that SecTrustEvaluate may have set, as its results are not used. |
verify_result->cert_status &= ~CERT_STATUS_COMMON_NAME_INVALID; |
// TODO(wtc): Suppress CERT_STATUS_NO_REVOCATION_MECHANISM for now to be |