Index: net/cert/x509_util_nss.cc |
diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc |
index 04c34c565f851619cc9da956a387a398ea8f410a..2988417673b0a2fadb044217032857bee4f7a15d 100644 |
--- a/net/cert/x509_util_nss.cc |
+++ b/net/cert/x509_util_nss.cc |
@@ -159,7 +159,7 @@ std::string ParseSerialNumber(const CERTCertificate* certificate) { |
certificate->serialNumber.len); |
} |
-void GetSubjectAltName(CERTCertificate* cert_handle, |
+bool GetSubjectAltName(CERTCertificate* cert_handle, |
std::vector<std::string>* dns_names, |
std::vector<std::string>* ip_addrs) { |
if (dns_names) |
@@ -171,34 +171,45 @@ void GetSubjectAltName(CERTCertificate* cert_handle, |
SECStatus rv = CERT_FindCertExtension( |
cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name); |
if (rv != SECSuccess) |
- return; |
+ return false; |
- PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
- DCHECK(arena != NULL); |
+ crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); |
CERTGeneralName* alt_name_list; |
- alt_name_list = CERT_DecodeAltNameExtension(arena, &alt_name); |
+ alt_name_list = CERT_DecodeAltNameExtension(arena.get(), &alt_name); |
SECITEM_FreeItem(&alt_name, PR_FALSE); |
+ bool has_san = false; |
CERTGeneralName* name = alt_name_list; |
while (name) { |
// DNSName and IPAddress are encoded as IA5String and OCTET STRINGs |
// respectively, both of which can be byte copied from |
// SECItemType::data into the appropriate output vector. |
- if (dns_names && name->type == certDNSName) { |
- dns_names->push_back( |
- std::string(reinterpret_cast<char*>(name->name.other.data), |
- name->name.other.len)); |
- } else if (ip_addrs && name->type == certIPAddress) { |
- ip_addrs->push_back( |
- std::string(reinterpret_cast<char*>(name->name.other.data), |
- name->name.other.len)); |
+ if (name->type == certDNSName) { |
+ has_san = true; |
+ if (dns_names) { |
+ dns_names->push_back( |
+ std::string(reinterpret_cast<char*>(name->name.other.data), |
+ name->name.other.len)); |
+ } |
+ } else if (name->type == certIPAddress) { |
+ has_san = true; |
+ if (ip_addrs) { |
+ ip_addrs->push_back( |
+ std::string(reinterpret_cast<char*>(name->name.other.data), |
+ name->name.other.len)); |
+ } |
} |
+ // Fast path: Found at least one subjectAltName and the caller doesn't |
+ // need the actual values. |
+ if (has_san && !ip_addrs && !dns_names) |
+ return true; |
+ |
name = CERT_GetNextGeneralName(name); |
if (name == alt_name_list) |
break; |
} |
- PORT_FreeArena(arena, PR_FALSE); |
+ return has_san; |
} |
void GetRFC822SubjectAltNames(CERTCertificate* cert_handle, |