Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(139)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/spdy_session.cc

Issue 2735733003: Disable commonName matching for certificates (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/test_tools/mock_crypto_client_stream.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_session.h" 5 #include "net/spdy/spdy_session.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 #include <map> 9 #include <map>
10 #include <utility> 10 #include <utility>
(...skipping 672 matching lines...) Expand 10 before | Expand all | Expand 10 after
683 683
684 if (ssl_info.client_cert_sent) 684 if (ssl_info.client_cert_sent)
685 return false; 685 return false;
686 686
687 if (ssl_info.channel_id_sent && 687 if (ssl_info.channel_id_sent &&
688 ChannelIDService::GetDomainForHost(new_hostname) != 688 ChannelIDService::GetDomainForHost(new_hostname) !=
689 ChannelIDService::GetDomainForHost(old_hostname)) { 689 ChannelIDService::GetDomainForHost(old_hostname)) {
690 return false; 690 return false;
691 } 691 }
692 692
693 bool unused = false; 693 if (!ssl_info.cert->VerifyNameMatch(new_hostname, false))
694 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused))
695 return false; 694 return false;
696 695
697 std::string pinning_failure_log; 696 std::string pinning_failure_log;
698 // DISABLE_PIN_REPORTS is set here because this check can fail in 697 // DISABLE_PIN_REPORTS is set here because this check can fail in
699 // normal operation without being indicative of a misconfiguration or 698 // normal operation without being indicative of a misconfiguration or
700 // attack. Port is left at 0 as it is never used. 699 // attack. Port is left at 0 as it is never used.
701 if (transport_security_state->CheckPublicKeyPins( 700 if (transport_security_state->CheckPublicKeyPins(
702 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root, 701 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root,
703 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), 702 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(),
704 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS, 703 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS,
(...skipping 2453 matching lines...) Expand 10 before | Expand all | Expand 10 after
3158 if (!queue->empty()) { 3157 if (!queue->empty()) {
3159 SpdyStreamId stream_id = queue->front(); 3158 SpdyStreamId stream_id = queue->front();
3160 queue->pop_front(); 3159 queue->pop_front();
3161 return stream_id; 3160 return stream_id;
3162 } 3161 }
3163 } 3162 }
3164 return 0; 3163 return 0;
3165 } 3164 }
3166 3165
3167 } // namespace net 3166 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/test_tools/mock_crypto_client_stream.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698