Chromium Code Reviews Chromium Code Reviews
Issue 2761333002:
Add a DevTools warning for a missing subjectAltName (Closed)
| Index: components/security_state/core/security_state.cc |
| diff --git a/components/security_state/core/security_state.cc b/components/security_state/core/security_state.cc |
| index 577d93b4af174c4371b688476614c504b657fa19..111c465e25e321ae704aa010998c24e76256dc05 100644 |
| --- a/components/security_state/core/security_state.cc |
| +++ b/components/security_state/core/security_state.cc |
| @@ -222,6 +222,12 @@ void SecurityInfoForRequest( |
| visible_security_state.displayed_password_field_on_http; |
| security_info->displayed_credit_card_field_on_http = |
| visible_security_state.displayed_credit_card_field_on_http; |
| + if (visible_security_state.certificate) { |
|
elawrence
2017/03/21 16:49:04
Could we change this to:
if (visible_security_sta
Ryan Sleevi
2017/03/21 16:50:39
I intentionally omitted this, because like SHA-1,
|
| + std::vector<std::string> dns_names; |
| + std::vector<std::string> ip_addrs; |
| + visible_security_state.certificate.GetSubjectAltName(&dns_names, &ip_addrs); |
|
elawrence
2017/03/21 16:22:54
Would it make sense to just have a HasSubjectAltNa
Ryan Sleevi
2017/03/21 16:41:41
No. Generally, I explicitly try to avoid adding th
elawrence
2017/03/21 16:49:04
Ok. I was slightly worried about the perf of doing
Ryan Sleevi
2017/03/21 16:50:39
I don't think we can/should, but I think that make
|
| + security_info->san_is_missing = dns_names.empty() && ip_addrs.empty(); |
| + } |
| security_info->security_level = GetSecurityLevelForRequest( |
| visible_security_state, used_policy_installed_certificate, |
| @@ -249,7 +255,8 @@ SecurityInfo::SecurityInfo() |
| obsolete_ssl_status(net::OBSOLETE_SSL_NONE), |
| pkp_bypassed(false), |
| displayed_password_field_on_http(false), |
| - displayed_credit_card_field_on_http(false) {} |
| + displayed_credit_card_field_on_http(false), |
| + san_is_missing(false) {} |
| SecurityInfo::~SecurityInfo() {} |
