net/cert/x509_certificate_mac.cc - Issue 2761333002: Add a DevTools warning for a missing subjectAltName

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_certificate_mac.cc

Issue 2761333002: Add a DevTools warning for a missing subjectAltName (Closed)

Patch Set: Feedback & fixes Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_certificate_mac.cc

diff --git a/net/cert/x509_certificate_mac.cc b/net/cert/x509_certificate_mac.cc

index 60f33a9f25fb9a8d31d1b414dbb89198eadf6f2b..85aacac51b4fa9cc3297d59f335971a8e8d69982 100644

--- a/net/cert/x509_certificate_mac.cc

+++ b/net/cert/x509_certificate_mac.cc

@@ -216,7 +216,7 @@ bool X509Certificate::IsIssuedByEncoded(

return false;

}

-void X509Certificate::GetSubjectAltName(

+bool X509Certificate::GetSubjectAltName(

std::vector<std::string>* dns_names,

std::vector<std::string>* ip_addrs) const {

if (dns_names)

@@ -227,34 +227,47 @@ void X509Certificate::GetSubjectAltName(

x509_util::CSSMCachedCertificate cached_cert;

OSStatus status = cached_cert.Init(cert_handle_);

if (status)

- return;

+ return false;

x509_util::CSSMFieldValue subject_alt_name;

status = cached_cert.GetField(&CSSMOID_SubjectAltName, &subject_alt_name);

if (status || !subject_alt_name.field())

- return;

+ return false;

const CSSM_X509_EXTENSION* cssm_ext =

subject_alt_name.GetAs<CSSM_X509_EXTENSION>();

if (!cssm_ext || !cssm_ext->value.parsedValue)

- return;

+ return false;

const CE_GeneralNames* alt_name =

reinterpret_cast<const CE_GeneralNames*>(cssm_ext->value.parsedValue);

+ bool has_san = false;

for (size_t name = 0; name < alt_name->numNames; ++name) {

const CE_GeneralName& name_struct = alt_name->generalName[name];

const CSSM_DATA& name_data = name_struct.name;

// DNSName and IPAddress are encoded as IA5String and OCTET STRINGs

// respectively, both of which can be byte copied from

// CSSM_DATA::data into the appropriate output vector.

- if (dns_names && name_struct.nameType == GNT_DNSName) {

- dns_names->push_back(std::string(

- reinterpret_cast<const char*>(name_data.Data),

- name_data.Length));

- } else if (ip_addrs && name_struct.nameType == GNT_IPAddress) {

- ip_addrs->push_back(std::string(

- reinterpret_cast<const char*>(name_data.Data),

- name_data.Length));

+ if (name_struct.nameType == GNT_DNSName) {

+ has_san = true;

+ if (dns_names) {

+ dns_names->push_back(std::string(

+ reinterpret_cast<const char*>(name_data.Data), name_data.Length));

+ }

+ } else if (name_struct.nameType == GNT_IPAddress) {

+ has_san = true;

+ if (ip_addrs) {

+ ip_addrs->push_back(std::string(

+ reinterpret_cast<const char*>(name_data.Data), name_data.Length));

+ }

}

+ // Fast path: Found at least one subjectAltName and the caller doesn't

+ // need the actual values.

+ if (has_san && !ip_addrs && !dns_names)

+ return true;

}

+ return has_san;

}

// static

« no previous file with comments | « net/cert/x509_certificate_ios.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | no next file with comments »