Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(72)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verifier.h

Issue 2735733003: Disable commonName matching for certificates (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/ssl_config/ssl_config_service_manager_pref.cc ('k') | net/cert/cert_verify_proc.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_CERT_VERIFIER_H_ 5 #ifndef NET_CERT_CERT_VERIFIER_H_
6 #define NET_CERT_CERT_VERIFIER_H_ 6 #define NET_CERT_CERT_VERIFIER_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
72 // Note: If VERIFY_CERT_IO_ENABLE is not also supplied, certificates 72 // Note: If VERIFY_CERT_IO_ENABLE is not also supplied, certificates
73 // that chain to local trust anchors will likely fail - for example, due to 73 // that chain to local trust anchors will likely fail - for example, due to
74 // lacking fresh cached revocation issue (Windows) or because OCSP stapling 74 // lacking fresh cached revocation issue (Windows) or because OCSP stapling
75 // can only provide information for the leaf, and not for any 75 // can only provide information for the leaf, and not for any
76 // intermediates. 76 // intermediates.
77 VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS = 1 << 4, 77 VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS = 1 << 4,
78 78
79 // If set, certificates with SHA-1 signatures will be allowed, but only if 79 // If set, certificates with SHA-1 signatures will be allowed, but only if
80 // they are issued by non-public trust anchors. 80 // they are issued by non-public trust anchors.
81 VERIFY_ENABLE_SHA1_LOCAL_ANCHORS = 1 << 5, 81 VERIFY_ENABLE_SHA1_LOCAL_ANCHORS = 1 << 5,
82
83 // If set, certificates which lack a subjectAltName will be allowed to
84 // match against the commonName of the certificate, but only if they are
85 // issued by non-public trust anchors.
86 VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS = 1 << 6,
82 }; 87 };
83 88
84 // Parameters to verify |certificate| against the supplied 89 // Parameters to verify |certificate| against the supplied
85 // |hostname| as an SSL server. 90 // |hostname| as an SSL server.
86 // 91 //
87 // |hostname| should be a canonicalized hostname (in A-Label form) or IP 92 // |hostname| should be a canonicalized hostname (in A-Label form) or IP
88 // address in string form, following the rules of a URL host portion. In 93 // address in string form, following the rules of a URL host portion. In
89 // the case of |hostname| being a domain name, it may contain a trailing 94 // the case of |hostname| being a domain name, it may contain a trailing
90 // dot (e.g. "example.com."), as used to signal to DNS not to perform 95 // dot (e.g. "example.com."), as used to signal to DNS not to perform
91 // suffix search, and it will safely be ignored. If |hostname| is an IPv6 96 // suffix search, and it will safely be ignored. If |hostname| is an IPv6
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after
173 virtual bool SupportsOCSPStapling(); 178 virtual bool SupportsOCSPStapling();
174 179
175 // Creates a CertVerifier implementation that verifies certificates using 180 // Creates a CertVerifier implementation that verifies certificates using
176 // the preferred underlying cryptographic libraries. 181 // the preferred underlying cryptographic libraries.
177 static std::unique_ptr<CertVerifier> CreateDefault(); 182 static std::unique_ptr<CertVerifier> CreateDefault();
178 }; 183 };
179 184
180 } // namespace net 185 } // namespace net
181 186
182 #endif // NET_CERT_CERT_VERIFIER_H_ 187 #endif // NET_CERT_CERT_VERIFIER_H_
OLDNEW
« no previous file with comments | « components/ssl_config/ssl_config_service_manager_pref.cc ('k') | net/cert/cert_verify_proc.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698