Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(683)

Unified Diff: components/ssl_errors/error_info.cc

Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation (Closed)
Patch Set: Address Mark Feedback Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/ssl_errors/error_classification_unittest.cc ('k') | net/BUILD.gn » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/ssl_errors/error_info.cc
diff --git a/components/ssl_errors/error_info.cc b/components/ssl_errors/error_info.cc
index 7ef291ebe4b443c39dadb389877a4c9481bce1fc..ab7afccb05cfa37c20d9d09d15700aedaed06a93 100644
--- a/components/ssl_errors/error_info.cc
+++ b/components/ssl_errors/error_info.cc
@@ -32,22 +32,30 @@ ErrorInfo ErrorInfo::CreateError(ErrorType error_type,
base::string16 details, short_description;
switch (error_type) {
case CERT_COMMON_NAME_INVALID: {
- // If the certificate contains multiple DNS names, we choose the most
- // representative one -- either the DNS name that's also in the subject
- // field, or the first one. If this heuristic turns out to be
- // inadequate, we can consider choosing the DNS name that is the
- // "closest match" to the host name in the request URL, or listing all
- // the DNS names with an HTML <ul>.
std::vector<std::string> dns_names;
- cert->GetDNSNames(&dns_names);
- DCHECK(!dns_names.empty());
+ cert->GetSubjectAltName(&dns_names, nullptr);
+
size_t i = 0;
- for (; i < dns_names.size(); ++i) {
- if (dns_names[i] == cert->subject().common_name)
- break;
+ if (dns_names.empty()) {
+ // The certificate had no DNS names, display an explanatory string.
+ // TODO(elawrence): Change the error messsage instead of just the
+ // placeholder string; see https://crbug.com/708268
+ dns_names.push_back("[missing_subjectAltName]");
+ } else {
+ // If the certificate contains multiple DNS names, we choose the most
+ // representative one -- either the DNS name that's also in the subject
+ // field, or the first one. If this heuristic turns out to be
+ // inadequate, we can consider choosing the DNS name that is the
+ // "closest match" to the host name in the request URL, or listing all
+ // the DNS names with an HTML <ul>.
+ for (; i < dns_names.size(); ++i) {
+ if (dns_names[i] == cert->subject().common_name)
+ break;
+ }
+ if (i == dns_names.size())
+ i = 0;
}
- if (i == dns_names.size())
- i = 0;
+
details = l10n_util::GetStringFUTF16(
IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS,
UTF8ToUTF16(request_url.host()),
« no previous file with comments | « components/ssl_errors/error_classification_unittest.cc ('k') | net/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698