Index: net/cert/cert_verify_proc.cc |
diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc |
index 175deb6329c4a99f79bd11f29a7da595653e5aef..7ce4eae4d89e22632f903e3a9e7dc5bc144710df 100644 |
--- a/net/cert/cert_verify_proc.cc |
+++ b/net/cert/cert_verify_proc.cc |
@@ -485,19 +485,14 @@ int CertVerifyProc::Verify(X509Certificate* cert, |
ComputeSignatureHashAlgorithms(verify_result); |
- if (!cert->VerifyNameMatch(hostname, |
- &verify_result->common_name_fallback_used)) { |
+ bool allow_common_name_fallback = |
+ !verify_result->is_issued_by_known_root && |
+ (flags & CertVerifier::VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS); |
+ if (!cert->VerifyNameMatch(hostname, allow_common_name_fallback)) { |
verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
rv = MapCertStatusToNetError(verify_result->cert_status); |
} |
- UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback", |
- verify_result->common_name_fallback_used); |
- if (!verify_result->is_issued_by_known_root) { |
- UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallbackPrivateCA", |
- verify_result->common_name_fallback_used); |
- } |
- |
CheckOCSP(ocsp_response, *verify_result->verified_cert, |
&verify_result->ocsp_result); |