Index: components/ssl_errors/error_classification.cc |
diff --git a/components/ssl_errors/error_classification.cc b/components/ssl_errors/error_classification.cc |
index 2ce6dbbd15761073ec8b8bdaa0dd266206464e58..878caa7d9bb63226d195d7612ccf8ccc3e90bb7f 100644 |
--- a/components/ssl_errors/error_classification.cc |
+++ b/components/ssl_errors/error_classification.cc |
@@ -104,15 +104,6 @@ int FindSubdomainDifference(const HostnameTokens& potential_subdomain, |
return diff_size; |
} |
-// We accept the inverse case for www for historical reasons. |
-bool IsWWWSubDomainMatch(const GURL& request_url, |
- const net::X509Certificate& cert) { |
- std::string www_host; |
- std::vector<std::string> dns_names; |
- cert.GetDNSNames(&dns_names); |
- return GetWWWSubDomainMatch(request_url, dns_names, &www_host); |
-} |
- |
// The time to use when doing build time operations in browser tests. |
base::LazyInstance<base::Time>::DestructorAtExit g_testing_build_time = |
LAZY_INSTANCE_INITIALIZER; |
@@ -156,7 +147,7 @@ void RecordUMAStatistics(bool overridable, |
if (IsSubDomainOutsideWildcard(request_url, cert)) |
RecordSSLInterstitialCause(overridable, SUBDOMAIN_OUTSIDE_WILDCARD); |
std::vector<std::string> dns_names; |
- cert.GetDNSNames(&dns_names); |
+ cert.GetSubjectAltName(&dns_names, NULL); |
Ryan Sleevi
2017/03/31 14:51:33
nit: nullptr
elawrence
2017/03/31 16:09:41
Done.
|
std::vector<HostnameTokens> dns_name_tokens = |
GetTokenizedDNSNames(dns_names); |
if (NameUnderAnyNames(host_name_tokens, dns_name_tokens)) |
@@ -290,6 +281,15 @@ HostnameTokens Tokenize(const std::string& name) { |
base::SPLIT_WANT_ALL); |
} |
+// We accept the inverse case for www for historical reasons. |
+bool IsWWWSubDomainMatch(const GURL& request_url, |
+ const net::X509Certificate& cert) { |
+ std::string www_host; |
+ std::vector<std::string> dns_names; |
+ cert.GetSubjectAltName(&dns_names, NULL); |
Ryan Sleevi
2017/03/31 14:51:33
nit: nullptr
elawrence
2017/03/31 16:09:41
Done.
|
+ return GetWWWSubDomainMatch(request_url, dns_names, &www_host); |
+} |
+ |
bool GetWWWSubDomainMatch(const GURL& request_url, |
const std::vector<std::string>& dns_names, |
std::string* www_match_host_name) { |
@@ -383,7 +383,7 @@ bool IsSubDomainOutsideWildcard(const GURL& request_url, |
std::string host_name = request_url.host(); |
HostnameTokens host_name_tokens = Tokenize(host_name); |
std::vector<std::string> dns_names; |
- cert.GetDNSNames(&dns_names); |
+ cert.GetSubjectAltName(&dns_names, NULL); |
Ryan Sleevi
2017/03/31 14:51:33
nit: nullptr
elawrence
2017/03/31 16:09:41
Done.
|
bool result = false; |
// This method requires that the host name be longer than the dns name on |
@@ -411,7 +411,7 @@ bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url, |
std::string host_name = request_url.host(); |
std::vector<std::string> dns_names; |
std::vector<std::string> dns_names_domain; |
- cert.GetDNSNames(&dns_names); |
+ cert.GetSubjectAltName(&dns_names, NULL); |
Ryan Sleevi
2017/03/31 14:51:33
nit: nullptr
elawrence
2017/03/31 16:09:41
Done.
|
size_t dns_names_size = dns_names.size(); |
// If there is only 1 DNS name then it is definitely not a shared certificate. |
@@ -458,7 +458,9 @@ bool IsCertLikelyFromSameDomain(const GURL& request_url, |
const net::X509Certificate& cert) { |
std::string host_name = request_url.host(); |
std::vector<std::string> dns_names; |
- cert.GetDNSNames(&dns_names); |
+ cert.GetSubjectAltName(&dns_names, NULL); |
Ryan Sleevi
2017/03/31 14:51:34
nit: nullptr
elawrence
2017/03/31 16:09:41
Done.
|
+ if (dns_names.empty()) |
+ return false; |
dns_names.push_back(host_name); |
std::vector<std::string> dns_names_domain; |