Index: net/cert/x509_certificate_mac.cc |
diff --git a/net/cert/x509_certificate_mac.cc b/net/cert/x509_certificate_mac.cc |
index 60f33a9f25fb9a8d31d1b414dbb89198eadf6f2b..85aacac51b4fa9cc3297d59f335971a8e8d69982 100644 |
--- a/net/cert/x509_certificate_mac.cc |
+++ b/net/cert/x509_certificate_mac.cc |
@@ -216,7 +216,7 @@ bool X509Certificate::IsIssuedByEncoded( |
return false; |
} |
-void X509Certificate::GetSubjectAltName( |
+bool X509Certificate::GetSubjectAltName( |
std::vector<std::string>* dns_names, |
std::vector<std::string>* ip_addrs) const { |
if (dns_names) |
@@ -227,34 +227,47 @@ void X509Certificate::GetSubjectAltName( |
x509_util::CSSMCachedCertificate cached_cert; |
OSStatus status = cached_cert.Init(cert_handle_); |
if (status) |
- return; |
+ return false; |
+ |
x509_util::CSSMFieldValue subject_alt_name; |
status = cached_cert.GetField(&CSSMOID_SubjectAltName, &subject_alt_name); |
if (status || !subject_alt_name.field()) |
- return; |
+ return false; |
+ |
const CSSM_X509_EXTENSION* cssm_ext = |
subject_alt_name.GetAs<CSSM_X509_EXTENSION>(); |
if (!cssm_ext || !cssm_ext->value.parsedValue) |
- return; |
+ return false; |
const CE_GeneralNames* alt_name = |
reinterpret_cast<const CE_GeneralNames*>(cssm_ext->value.parsedValue); |
+ bool has_san = false; |
for (size_t name = 0; name < alt_name->numNames; ++name) { |
const CE_GeneralName& name_struct = alt_name->generalName[name]; |
const CSSM_DATA& name_data = name_struct.name; |
// DNSName and IPAddress are encoded as IA5String and OCTET STRINGs |
// respectively, both of which can be byte copied from |
// CSSM_DATA::data into the appropriate output vector. |
- if (dns_names && name_struct.nameType == GNT_DNSName) { |
- dns_names->push_back(std::string( |
- reinterpret_cast<const char*>(name_data.Data), |
- name_data.Length)); |
- } else if (ip_addrs && name_struct.nameType == GNT_IPAddress) { |
- ip_addrs->push_back(std::string( |
- reinterpret_cast<const char*>(name_data.Data), |
- name_data.Length)); |
+ if (name_struct.nameType == GNT_DNSName) { |
+ has_san = true; |
+ if (dns_names) { |
+ dns_names->push_back(std::string( |
+ reinterpret_cast<const char*>(name_data.Data), name_data.Length)); |
+ } |
+ } else if (name_struct.nameType == GNT_IPAddress) { |
+ has_san = true; |
+ if (ip_addrs) { |
+ ip_addrs->push_back(std::string( |
+ reinterpret_cast<const char*>(name_data.Data), name_data.Length)); |
+ } |
} |
+ // Fast path: Found at least one subjectAltName and the caller doesn't |
+ // need the actual values. |
+ if (has_san && !ip_addrs && !dns_names) |
+ return true; |
} |
+ |
+ return has_san; |
} |
// static |