Chromium Code Reviews Chromium Code Reviews
Issue 27624002:
Add a histogram for measuring the number of times we fall back to common name matching, when a cert… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/cert/x509_certificate.h |
| diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h |
| index ef55243172984fbbbe742ef1338f0fdf71e19581..95cf6bb2a393145b8880f12cd68619776ef152b7 100644 |
| --- a/net/cert/x509_certificate.h |
| +++ b/net/cert/x509_certificate.h |
| @@ -313,8 +313,10 @@ class NET_EXPORT X509Certificate |
| // Verifies that |hostname| matches this certificate. |
| // Does not verify that the certificate is valid, only that the certificate |
| // matches this host. |
| - // Returns true if it matches. |
| - bool VerifyNameMatch(const std::string& hostname) const; |
| + // Returns true if it matches, and sets |common_name_fallback_used| to true |
| + // if a fallback to the CN was used, rather than subjectAlternativeName. |
|
wtc
2013/10/23 22:39:26
Nit: it should be clarified that |common_name_fall
|
| + bool VerifyNameMatch(const std::string& hostname, |
| + bool* common_name_fallback_used) const; |
| // Obtains the DER encoded certificate data for |cert_handle|. On success, |
| // returns true and writes the DER encoded certificate to |*der_encoded|. |
| @@ -428,7 +430,8 @@ class NET_EXPORT X509Certificate |
| static bool VerifyHostname(const std::string& hostname, |
| const std::string& cert_common_name, |
| const std::vector<std::string>& cert_san_dns_names, |
| - const std::vector<std::string>& cert_san_ip_addrs); |
| + const std::vector<std::string>& cert_san_ip_addrs, |
| + bool* common_name_fallback_used); |
|
wtc
2013/10/23 22:39:26
Having VerifyHostname return common_name_fallback_
Ryan Sleevi
2013/10/24 00:25:37
We already expose GetSubjectAltName, which is a cl
|
| // Reads a single certificate from |pickle_iter| and returns a |
| // platform-specific certificate handle. The format of the certificate |
