components/ssl_errors/error_info.cc - Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/ssl_errors/error_info.cc

Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation (Closed)

Patch Set: Address nits Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/ssl_errors/error_info.cc

diff --git a/components/ssl_errors/error_info.cc b/components/ssl_errors/error_info.cc

index 7ef291ebe4b443c39dadb389877a4c9481bce1fc..d4a662a6986b3b6f4bbbb04d180453e36f88a8a1 100644

--- a/components/ssl_errors/error_info.cc

+++ b/components/ssl_errors/error_info.cc

@@ -32,22 +32,28 @@ ErrorInfo ErrorInfo::CreateError(ErrorType error_type,

base::string16 details, short_description;

switch (error_type) {

case CERT_COMMON_NAME_INVALID: {

- // If the certificate contains multiple DNS names, we choose the most

- // representative one -- either the DNS name that's also in the subject

- // field, or the first one. If this heuristic turns out to be

- // inadequate, we can consider choosing the DNS name that is the

- // "closest match" to the host name in the request URL, or listing all

- // the DNS names with an HTML <ul>.

std::vector<std::string> dns_names;

- cert->GetDNSNames(&dns_names);

- DCHECK(!dns_names.empty());

+ cert->GetSubjectAltName(&dns_names, nullptr);

size_t i = 0;

- for (; i < dns_names.size(); ++i) {

- if (dns_names[i] == cert->subject().common_name)

- break;

+ if (dns_names.empty()) {

+ // The certificate had no DNS names, display an explanatory string.

+ dns_names.push_back("[missing_subjectAltName]");

+ } else {

+ // If the certificate contains multiple DNS names, we choose the most

+ // representative one -- either the DNS name that's also in the subject

+ // field, or the first one. If this heuristic turns out to be

+ // inadequate, we can consider choosing the DNS name that is the

+ // "closest match" to the host name in the request URL, or listing all

+ // the DNS names with an HTML <ul>.

+ for (; i < dns_names.size(); ++i) {

+ if (dns_names[i] == cert->subject().common_name)

+ break;

+ }

+ if (i == dns_names.size())

+ i = 0;

}

- if (i == dns_names.size())

- i = 0;

details = l10n_util::GetStringFUTF16(

IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS,

UTF8ToUTF16(request_url.host()),

« components/ssl_errors/error_classification.cc ('K') | « components/ssl_errors/error_classification_unittest.cc ('k') | net/BUILD.gn » ('j') | no next file with comments »