Disable commonName matching for certificates

net/cert/cert_verify_proc.cc

Index: net/cert/cert_verify_proc.cc
diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc
index 175deb6329c4a99f79bd11f29a7da595653e5aef..7ce4eae4d89e22632f903e3a9e7dc5bc144710df 100644
--- a/net/cert/cert_verify_proc.cc
+++ b/net/cert/cert_verify_proc.cc
@@ -485,19 +485,14 @@ int CertVerifyProc::Verify(X509Certificate* cert,
 
   ComputeSignatureHashAlgorithms(verify_result);
 
-  if (!cert->VerifyNameMatch(hostname,
-                             &verify_result->common_name_fallback_used)) {
+  bool allow_common_name_fallback =
+      !verify_result->is_issued_by_known_root &&
+      (flags & CertVerifier::VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS);
+  if (!cert->VerifyNameMatch(hostname, allow_common_name_fallback)) {
     verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
     rv = MapCertStatusToNetError(verify_result->cert_status);
   }
 
-  UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback",
-                        verify_result->common_name_fallback_used);
-  if (!verify_result->is_issued_by_known_root) {
-    UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA",
-                          verify_result->common_name_fallback_used);
-  }
-
   CheckOCSP(ocsp_response, *verify_result->verified_cert,
             &verify_result->ocsp_result);