| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <map> | 10 #include <map> |
| (...skipping 510 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 521 // the input name was absolute (included trailing .), normalize it as if it | 521 // the input name was absolute (included trailing .), normalize it as if it |
| 522 // was relative. | 522 // was relative. |
| 523 if (!reference_name.empty() && *reference_name.rbegin() == '.') | 523 if (!reference_name.empty() && *reference_name.rbegin() == '.') |
| 524 reference_name.resize(reference_name.size() - 1); | 524 reference_name.resize(reference_name.size() - 1); |
| 525 if (reference_name.empty()) | 525 if (reference_name.empty()) |
| 526 return false; | 526 return false; |
| 527 | 527 |
| 528 // Allow fallback to Common name matching? | 528 // Allow fallback to Common name matching? |
| 529 const bool common_name_fallback = cert_san_dns_names.empty() && | 529 const bool common_name_fallback = cert_san_dns_names.empty() && |
| 530 cert_san_ip_addrs.empty(); | 530 cert_san_ip_addrs.empty(); |
| 531 UMA_HISTOGRAM_BOOLEAN("Net.CertCommonNameFallback", common_name_fallback); |
| 531 | 532 |
| 532 // Fully handle all cases where |hostname| contains an IP address. | 533 // Fully handle all cases where |hostname| contains an IP address. |
| 533 if (host_info.IsIPAddress()) { | 534 if (host_info.IsIPAddress()) { |
| 534 if (common_name_fallback && | 535 if (common_name_fallback && |
| 535 host_info.family == url_canon::CanonHostInfo::IPV4) { | 536 host_info.family == url_canon::CanonHostInfo::IPV4) { |
| 536 // Fallback to Common name matching. As this is deprecated and only | 537 // Fallback to Common name matching. As this is deprecated and only |
| 537 // supported for compatibility refuse it for IPv6 addresses. | 538 // supported for compatibility refuse it for IPv6 addresses. |
| 538 return reference_name == cert_common_name; | 539 return reference_name == cert_common_name; |
| 539 } | 540 } |
| 540 base::StringPiece ip_addr_string( | 541 base::StringPiece ip_addr_string( |
| (...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 725 RemoveFromCache(cert_handle_); | 726 RemoveFromCache(cert_handle_); |
| 726 FreeOSCertHandle(cert_handle_); | 727 FreeOSCertHandle(cert_handle_); |
| 727 } | 728 } |
| 728 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 729 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| 729 RemoveFromCache(intermediate_ca_certs_[i]); | 730 RemoveFromCache(intermediate_ca_certs_[i]); |
| 730 FreeOSCertHandle(intermediate_ca_certs_[i]); | 731 FreeOSCertHandle(intermediate_ca_certs_[i]); |
| 731 } | 732 } |
| 732 } | 733 } |
| 733 | 734 |
| 734 } // namespace net | 735 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27624002:
Add a histogram for measuring the number of times we fall back to common name matching, when a cert… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src