Index: net/ssl/ssl_config.h |
diff --git a/net/ssl/ssl_config.h b/net/ssl/ssl_config.h |
index 1188a0d128484acead0114e9474c0ea09c9abb54..7e6283dd6ad32f39cf1a1b087db40f7cd77a4916 100644 |
--- a/net/ssl/ssl_config.h |
+++ b/net/ssl/ssl_config.h |
@@ -78,6 +78,12 @@ struct NET_EXPORT SSLConfig { |
// local (non-public) trust anchor should be allowed. |
bool sha1_local_anchors_enabled; |
+ // common_name_fallback_local_anchors_enabled is true if certificates which |
+ // only have a commonName in the Subject (i.e. lacking a subjectAltName) |
+ // should be checked if the name matches. Only those issued by a local |
+ // (non-public) trust anchor will be allowed to match. |
+ bool common_name_fallback_local_anchors_enabled; |
+ |
// The minimum and maximum protocol versions that are enabled. |
// (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) |
// SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it |