net/cert/x509_certificate_win.cc - Issue 2761333002: Add a DevTools warning for a missing subjectAltName

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_certificate_win.cc

Issue 2761333002: Add a DevTools warning for a missing subjectAltName (Closed)

Patch Set: iOS & NSS fix Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_certificate_win.cc

diff --git a/net/cert/x509_certificate_win.cc b/net/cert/x509_certificate_win.cc

index c67011e06b9c783059b0804c2eb3e97fad473b30..b7fc0fcede53253753a024d44bcfea38e20e0971 100644

--- a/net/cert/x509_certificate_win.cc

+++ b/net/cert/x509_certificate_win.cc

@@ -151,7 +151,7 @@ void X509Certificate::Initialize() {

reinterpret_cast<char*>(serial_bytes.get()), serial->cbData);

}

-void X509Certificate::GetSubjectAltName(

+bool X509Certificate::GetSubjectAltName(

std::vector<std::string>* dns_names,

std::vector<std::string>* ip_addrs) const {

if (dns_names)

@@ -160,28 +160,40 @@ void X509Certificate::GetSubjectAltName(

ip_addrs->clear();

if (!cert_handle_)

- return;

+ return false;

std::unique_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter> alt_name_info;

GetCertSubjectAltName(cert_handle_, &alt_name_info);

CERT_ALT_NAME_INFO* alt_name = alt_name_info.get();

- if (alt_name) {

- int num_entries = alt_name->cAltEntry;

- for (int i = 0; i < num_entries; i++) {

- // dNSName is an ASN.1 IA5String representing a string of ASCII

- // characters, so we can use UTF16ToASCII here.

- const CERT_ALT_NAME_ENTRY& entry = alt_name->rgAltEntry[i];

- if (dns_names && entry.dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) {

+ if (!alt_name)

+ return false;

+ bool has_san = false;

+ int num_entries = alt_name->cAltEntry;

eroman 2017/03/21 21:09:54 Why the implicit signed cast? (I believe cAltEntry

+ for (int i = 0; i < num_entries; i++) {

+ // dNSName is an ASN.1 IA5String representing a string of ASCII

+ // characters, so we can use UTF16ToASCII here.

+ const CERT_ALT_NAME_ENTRY& entry = alt_name->rgAltEntry[i];

+ if (entry.dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) {

+ has_san = true;

+ if (dns_names)

dns_names->push_back(base::UTF16ToASCII(entry.pwszDNSName));

- } else if (ip_addrs &&

- entry.dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) {

+ } else if (entry.dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) {

+ has_san = true;

+ if (ip_addrs) {

ip_addrs->push_back(std::string(

reinterpret_cast<const char*>(entry.IPAddress.pbData),

entry.IPAddress.cbData));

}

+ // Fast path: Found at least one subjectAltName and the caller doesn't

+ // need the actual values.

+ if (has_san && !ip_addrs && !dns_names)

+ return true;

}

+ return has_san;

}

PCCERT_CONTEXT X509Certificate::CreateOSCertChainForCert() const {

« net/cert/x509_certificate_unittest.cc ('K') | « net/cert/x509_certificate_unittest.cc ('k') | net/cert/x509_util_nss.h » ('j') | net/cert/x509_util_nss.h » ('J')