Index: net/cert/x509_certificate.h |
diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h |
index ef55243172984fbbbe742ef1338f0fdf71e19581..95cf6bb2a393145b8880f12cd68619776ef152b7 100644 |
--- a/net/cert/x509_certificate.h |
+++ b/net/cert/x509_certificate.h |
@@ -313,8 +313,10 @@ class NET_EXPORT X509Certificate |
// Verifies that |hostname| matches this certificate. |
// Does not verify that the certificate is valid, only that the certificate |
// matches this host. |
- // Returns true if it matches. |
- bool VerifyNameMatch(const std::string& hostname) const; |
+ // Returns true if it matches, and sets |common_name_fallback_used| to true |
+ // if a fallback to the CN was used, rather than subjectAlternativeName. |
wtc
2013/10/23 22:39:26
Nit: it should be clarified that |common_name_fall
|
+ bool VerifyNameMatch(const std::string& hostname, |
+ bool* common_name_fallback_used) const; |
// Obtains the DER encoded certificate data for |cert_handle|. On success, |
// returns true and writes the DER encoded certificate to |*der_encoded|. |
@@ -428,7 +430,8 @@ class NET_EXPORT X509Certificate |
static bool VerifyHostname(const std::string& hostname, |
const std::string& cert_common_name, |
const std::vector<std::string>& cert_san_dns_names, |
- const std::vector<std::string>& cert_san_ip_addrs); |
+ const std::vector<std::string>& cert_san_ip_addrs, |
+ bool* common_name_fallback_used); |
wtc
2013/10/23 22:39:26
Having VerifyHostname return common_name_fallback_
Ryan Sleevi
2013/10/24 00:25:37
We already expose GetSubjectAltName, which is a cl
|
// Reads a single certificate from |pickle_iter| and returns a |
// platform-specific certificate handle. The format of the certificate |