Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(334)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate.h

Issue 2804883005: Update SSL error handling code to account for Subject CN deprecation (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/BUILD.gn ('k') | net/data/ssl/certificates/subjectAltName_www_example_com.pem » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_X509_CERTIFICATE_H_ 5 #ifndef NET_CERT_X509_CERTIFICATE_H_
6 #define NET_CERT_X509_CERTIFICATE_H_ 6 #define NET_CERT_X509_CERTIFICATE_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <string.h> 9 #include <string.h>
10 10
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
181 const CertPrincipal& issuer() const { return issuer_; } 181 const CertPrincipal& issuer() const { return issuer_; }
182 182
183 // Time period during which the certificate is valid. More precisely, this 183 // Time period during which the certificate is valid. More precisely, this
184 // certificate is invalid before the |valid_start| date and invalid after 184 // certificate is invalid before the |valid_start| date and invalid after
185 // the |valid_expiry| date. 185 // the |valid_expiry| date.
186 // If we were unable to parse either date from the certificate (or if the cert 186 // If we were unable to parse either date from the certificate (or if the cert
187 // lacks either date), the date will be null (i.e., is_null() will be true). 187 // lacks either date), the date will be null (i.e., is_null() will be true).
188 const base::Time& valid_start() const { return valid_start_; } 188 const base::Time& valid_start() const { return valid_start_; }
189 const base::Time& valid_expiry() const { return valid_expiry_; } 189 const base::Time& valid_expiry() const { return valid_expiry_; }
190 190
191 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1 191 // Gets the DNS names in the certificate. Pursuant to RFC 2818, Section 3.1
192 // Server Identity, if the certificate has a subjectAltName extension of 192 // Server Identity, if the certificate has a subjectAltName extension of
193 // type dNSName, this method gets the DNS names in that extension. 193 // type dNSName, this method gets the DNS names in that extension.
194 // Otherwise, it gets the common name in the subject field. 194 // Otherwise, it gets the common name in the subject field.
195 //
196 // Note: Chrome has deprecated fallback to the subject field, see
197 // https://crbug.com/308330; prefer GetSubjectAltName() instead.
195 void GetDNSNames(std::vector<std::string>* dns_names) const; 198 void GetDNSNames(std::vector<std::string>* dns_names) const;
196 199
197 // Gets the subjectAltName extension field from the certificate, if any. 200 // Gets the subjectAltName extension field from the certificate, if any.
198 // For future extension; currently this only returns those name types that 201 // For future extension; currently this only returns those name types that
199 // are required for HTTP certificate name verification - see VerifyHostname. 202 // are required for HTTP certificate name verification - see VerifyHostname.
200 // Returns true if any dNSName or iPAddress SAN was present. If |dns_names| 203 // Returns true if any dNSName or iPAddress SAN was present. If |dns_names|
201 // is non-null, it will be set to all dNSNames present. If |ip_addrs| is 204 // is non-null, it will be set to all dNSNames present. If |ip_addrs| is
202 // non-null, it will be set to all iPAddresses present. 205 // non-null, it will be set to all iPAddresses present.
203 bool GetSubjectAltName(std::vector<std::string>* dns_names, 206 bool GetSubjectAltName(std::vector<std::string>* dns_names,
204 std::vector<std::string>* ip_addrs) const; 207 std::vector<std::string>* ip_addrs) const;
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after
450 // Untrusted intermediate certificates associated with this certificate 453 // Untrusted intermediate certificates associated with this certificate
451 // that may be needed for chain building. 454 // that may be needed for chain building.
452 OSCertHandles intermediate_ca_certs_; 455 OSCertHandles intermediate_ca_certs_;
453 456
454 DISALLOW_COPY_AND_ASSIGN(X509Certificate); 457 DISALLOW_COPY_AND_ASSIGN(X509Certificate);
455 }; 458 };
456 459
457 } // namespace net 460 } // namespace net
458 461
459 #endif // NET_CERT_X509_CERTIFICATE_H_ 462 #endif // NET_CERT_X509_CERTIFICATE_H_
OLDNEW
« no previous file with comments | « net/BUILD.gn ('k') | net/data/ssl/certificates/subjectAltName_www_example_com.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698