net/cert/x509_util_nss.cc - Issue 2761333002: Add a DevTools warning for a missing subjectAltName

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_util_nss.cc

Issue 2761333002: Add a DevTools warning for a missing subjectAltName (Closed)

Patch Set: iOS & NSS fix Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_util_nss.cc

diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc

index 04c34c565f851619cc9da956a387a398ea8f410a..32b310277daaf672ce31acf08c6b39efcb9d5164 100644

--- a/net/cert/x509_util_nss.cc

+++ b/net/cert/x509_util_nss.cc

@@ -159,7 +159,7 @@ std::string ParseSerialNumber(const CERTCertificate* certificate) {

certificate->serialNumber.len);

}

-void GetSubjectAltName(CERTCertificate* cert_handle,

+bool GetSubjectAltName(CERTCertificate* cert_handle,

std::vector<std::string>* dns_names,

std::vector<std::string>* ip_addrs) {

if (dns_names)

@@ -171,34 +171,45 @@ void GetSubjectAltName(CERTCertificate* cert_handle,

SECStatus rv = CERT_FindCertExtension(

cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name);

if (rv != SECSuccess)

- return;

+ return false;

- PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);

- DCHECK(arena != NULL);

+ crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));

CERTGeneralName* alt_name_list;

alt_name_list = CERT_DecodeAltNameExtension(arena, &alt_name);

SECITEM_FreeItem(&alt_name, PR_FALSE);

+ bool has_san = false;

CERTGeneralName* name = alt_name_list;

while (name) {

// DNSName and IPAddress are encoded as IA5String and OCTET STRINGs

// respectively, both of which can be byte copied from

// SECItemType::data into the appropriate output vector.

- if (dns_names && name->type == certDNSName) {

- dns_names->push_back(

- std::string(reinterpret_cast<char*>(name->name.other.data),

- name->name.other.len));

- } else if (ip_addrs && name->type == certIPAddress) {

- ip_addrs->push_back(

- std::string(reinterpret_cast<char*>(name->name.other.data),

- name->name.other.len));

+ if (name->type == certDNSName) {

+ has_san = true;

+ if (dns_names) {

+ dns_names->push_back(

+ std::string(reinterpret_cast<char*>(name->name.other.data),

+ name->name.other.len));

+ }

+ } else if (name->type == certIPAddress) {

+ has_san = true;

+ if (ip_addrs) {

+ ip_addrs->push_back(

+ std::string(reinterpret_cast<char*>(name->name.other.data),

+ name->name.other.len));

+ }

}

+ // Fast path: Found at least one subjectAltName and the caller doesn't

+ // need the actual values.

+ if (has_san && !ip_addrs && !dns_names)

+ return true;

name = CERT_GetNextGeneralName(name);

if (name == alt_name_list)

break;

}

- PORT_FreeArena(arena, PR_FALSE);

+ return has_san;

}

void GetRFC822SubjectAltNames(CERTCertificate* cert_handle,

« net/cert/x509_util_nss.h ('K') | « net/cert/x509_util_nss.h ('k') | no next file » | no next file with comments »