Index: net/cert/x509_certificate_win.cc |
diff --git a/net/cert/x509_certificate_win.cc b/net/cert/x509_certificate_win.cc |
index c67011e06b9c783059b0804c2eb3e97fad473b30..b7fc0fcede53253753a024d44bcfea38e20e0971 100644 |
--- a/net/cert/x509_certificate_win.cc |
+++ b/net/cert/x509_certificate_win.cc |
@@ -151,7 +151,7 @@ void X509Certificate::Initialize() { |
reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); |
} |
-void X509Certificate::GetSubjectAltName( |
+bool X509Certificate::GetSubjectAltName( |
std::vector<std::string>* dns_names, |
std::vector<std::string>* ip_addrs) const { |
if (dns_names) |
@@ -160,28 +160,40 @@ void X509Certificate::GetSubjectAltName( |
ip_addrs->clear(); |
if (!cert_handle_) |
- return; |
+ return false; |
std::unique_ptr<CERT_ALT_NAME_INFO, base::FreeDeleter> alt_name_info; |
GetCertSubjectAltName(cert_handle_, &alt_name_info); |
CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); |
- if (alt_name) { |
- int num_entries = alt_name->cAltEntry; |
- for (int i = 0; i < num_entries; i++) { |
- // dNSName is an ASN.1 IA5String representing a string of ASCII |
- // characters, so we can use UTF16ToASCII here. |
- const CERT_ALT_NAME_ENTRY& entry = alt_name->rgAltEntry[i]; |
- |
- if (dns_names && entry.dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { |
+ if (!alt_name) |
+ return false; |
+ |
+ bool has_san = false; |
+ int num_entries = alt_name->cAltEntry; |
eroman
2017/03/21 21:09:54
Why the implicit signed cast? (I believe cAltEntry
|
+ for (int i = 0; i < num_entries; i++) { |
+ // dNSName is an ASN.1 IA5String representing a string of ASCII |
+ // characters, so we can use UTF16ToASCII here. |
+ const CERT_ALT_NAME_ENTRY& entry = alt_name->rgAltEntry[i]; |
+ |
+ if (entry.dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) { |
+ has_san = true; |
+ if (dns_names) |
dns_names->push_back(base::UTF16ToASCII(entry.pwszDNSName)); |
- } else if (ip_addrs && |
- entry.dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { |
+ } else if (entry.dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) { |
+ has_san = true; |
+ if (ip_addrs) { |
ip_addrs->push_back(std::string( |
reinterpret_cast<const char*>(entry.IPAddress.pbData), |
entry.IPAddress.cbData)); |
} |
} |
+ // Fast path: Found at least one subjectAltName and the caller doesn't |
+ // need the actual values. |
+ if (has_san && !ip_addrs && !dns_names) |
+ return true; |
} |
+ |
+ return has_san; |
} |
PCCERT_CONTEXT X509Certificate::CreateOSCertChainForCert() const { |