Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(304)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate.h

Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation (Closed)
Patch Set: Address Mark Feedback Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/BUILD.gn ('k') | net/data/ssl/certificates/subjectAltName_www_example_com.pem » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_X509_CERTIFICATE_H_ 5 #ifndef NET_CERT_X509_CERTIFICATE_H_
6 #define NET_CERT_X509_CERTIFICATE_H_ 6 #define NET_CERT_X509_CERTIFICATE_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <string.h> 9 #include <string.h>
10 10
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after
185 const CertPrincipal& issuer() const { return issuer_; } 185 const CertPrincipal& issuer() const { return issuer_; }
186 186
187 // Time period during which the certificate is valid. More precisely, this 187 // Time period during which the certificate is valid. More precisely, this
188 // certificate is invalid before the |valid_start| date and invalid after 188 // certificate is invalid before the |valid_start| date and invalid after
189 // the |valid_expiry| date. 189 // the |valid_expiry| date.
190 // If we were unable to parse either date from the certificate (or if the cert 190 // If we were unable to parse either date from the certificate (or if the cert
191 // lacks either date), the date will be null (i.e., is_null() will be true). 191 // lacks either date), the date will be null (i.e., is_null() will be true).
192 const base::Time& valid_start() const { return valid_start_; } 192 const base::Time& valid_start() const { return valid_start_; }
193 const base::Time& valid_expiry() const { return valid_expiry_; } 193 const base::Time& valid_expiry() const { return valid_expiry_; }
194 194
195 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 195 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1
196 // Server Identity, if the certificate has a subjectAltName extension of 196 // Server Identity, if the certificate has a subjectAltName extension of
197 // type dNSName, this method gets the DNS names in that extension. 197 // type dNSName, this method gets the DNS names in that extension.
198 // Otherwise, it gets the common name in the subject field. 198 // Otherwise, it gets the common name in the subject field.
199 //
200 // Note: Chrome has deprecated fallback to the subject field, see
201 // https://crbug.com/308330; prefer GetSubjectAltName() instead.
199 void GetDNSNames(std::vector<std::string>* dns_names) const; 202 void GetDNSNames(std::vector<std::string>* dns_names) const;
200 203
201 // Gets the subjectAltName extension field from the certificate, if any. 204 // Gets the subjectAltName extension field from the certificate, if any.
202 // For future extension; currently this only returns those name types that 205 // For future extension; currently this only returns those name types that
203 // are required for HTTP certificate name verification - see VerifyHostname. 206 // are required for HTTP certificate name verification - see VerifyHostname.
204 // Returns true if any dNSName or iPAddress SAN was present. If |dns_names| 207 // Returns true if any dNSName or iPAddress SAN was present. If |dns_names|
205 // is non-null, it will be set to all dNSNames present. If |ip_addrs| is 208 // is non-null, it will be set to all dNSNames present. If |ip_addrs| is
206 // non-null, it will be set to all iPAddresses present. 209 // non-null, it will be set to all iPAddresses present.
207 bool GetSubjectAltName(std::vector<std::string>* dns_names, 210 bool GetSubjectAltName(std::vector<std::string>* dns_names,
208 std::vector<std::string>* ip_addrs) const; 211 std::vector<std::string>* ip_addrs) const;
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after
451 // Untrusted intermediate certificates associated with this certificate 454 // Untrusted intermediate certificates associated with this certificate
452 // that may be needed for chain building. 455 // that may be needed for chain building.
453 OSCertHandles intermediate_ca_certs_; 456 OSCertHandles intermediate_ca_certs_;
454 457
455 DISALLOW_COPY_AND_ASSIGN(X509Certificate); 458 DISALLOW_COPY_AND_ASSIGN(X509Certificate);
456 }; 459 };
457 460
458 } // namespace net 461 } // namespace net
459 462
460 #endif // NET_CERT_X509_CERTIFICATE_H_ 463 #endif // NET_CERT_X509_CERTIFICATE_H_
OLDNEW
« no previous file with comments | « net/BUILD.gn ('k') | net/data/ssl/certificates/subjectAltName_www_example_com.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698