net/ssl/ssl_config.h - Issue 2735733003: Disable commonName matching for certificates - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(630)

My Issues | Starred Open | Closed | All

Unified Diff: net/ssl/ssl_config.h

Issue 2735733003: Disable commonName matching for certificates (Closed)

Patch Set: Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « net/spdy/spdy_session.cc ('k') | net/ssl/ssl_config.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/ssl/ssl_config.h

diff --git a/net/ssl/ssl_config.h b/net/ssl/ssl_config.h

index 1188a0d128484acead0114e9474c0ea09c9abb54..7e6283dd6ad32f39cf1a1b087db40f7cd77a4916 100644

--- a/net/ssl/ssl_config.h

+++ b/net/ssl/ssl_config.h

@@ -78,6 +78,12 @@ struct NET_EXPORT SSLConfig {

// local (non-public) trust anchor should be allowed.

bool sha1_local_anchors_enabled;

+ // common_name_fallback_local_anchors_enabled is true if certificates which

+ // only have a commonName in the Subject (i.e. lacking a subjectAltName)

+ // should be checked if the name matches. Only those issued by a local

+ // (non-public) trust anchor will be allowed to match.

+ bool common_name_fallback_local_anchors_enabled;

+

// The minimum and maximum protocol versions that are enabled.

// (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.)

// SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it

« no previous file with comments | « net/spdy/spdy_session.cc ('k') | net/ssl/ssl_config.cc » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698