Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(156)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_openssl_util.h

Issue 4184004: Add support for certificate name checking (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: wtc & rsleevi comments Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_certificate_openssl.cc ('K') | « net/base/x509_certificate_openssl.cc ('k') | net/base/x509_openssl_util.cc » ('j') | net/base/x509_openssl_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_X509_OPENSSL_UTIL_H_ 5 #ifndef NET_BASE_X509_OPENSSL_UTIL_H_
6 #define NET_BASE_X509_OPENSSL_UTIL_H_ 6 #define NET_BASE_X509_OPENSSL_UTIL_H_
7 #pragma once 7 #pragma once
8 8
9 #include <openssl/asn1.h> 9 #include <openssl/asn1.h>
10 #include <openssl/x509v3.h> 10 #include <openssl/x509v3.h>
11 11
12 #include <string> 12 #include <string>
13 #include <vector>
13 14
14 namespace base { 15 namespace base {
15 class Time; 16 class Time;
16 } // namespace base 17 } // namespace base
17 18
18 namespace net { 19 namespace net {
19 20
20 // A collection of helper functions to fetch data from OpenSSL X509 certificates 21 // A collection of helper functions to fetch data from OpenSSL X509 certificates
21 // into more convenient std / base datatypes. 22 // into more convenient std / base datatypes.
22 namespace x509_openssl_util { 23 namespace x509_openssl_util {
23 24
24 bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name, 25 bool ParsePrincipalKeyAndValueByIndex(X509_NAME* name,
25 int index, 26 int index,
26 std::string* key, 27 std::string* key,
27 std::string* value); 28 std::string* value);
28 29
29 bool ParsePrincipalValueByIndex(X509_NAME* name, int index, std::string* value); 30 bool ParsePrincipalValueByIndex(X509_NAME* name, int index, std::string* value);
30 31
31 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value); 32 bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value);
32 33
33 bool ParseDate(ASN1_TIME* x509_time, base::Time* time); 34 bool ParseDate(ASN1_TIME* x509_time, base::Time* time);
34 35
36 // Verifies that |hostname| matches one of the names in |cert_names|, based on
37 // TLS name matching rules, specifically following http://tools.ietf.org/html/dr aft-saintandre-tls-server-id-check-09#section-4.4.3
38 // The members of |cert_names| must have been extracted from the Subject CN or
39 // SAN fields of a certificate.
40 bool VerifyHostname(const std::string& hostname,
41 const std::vector<std::string>& cert_names);
42
35 } // namespace x509_openssl_util 43 } // namespace x509_openssl_util
36 44
37 } // namespace net 45 } // namespace net
38 46
39 #endif // NET_BASE_X509_OPENSSL_UTIL_H_ 47 #endif // NET_BASE_X509_OPENSSL_UTIL_H_
OLDNEW
« net/base/x509_certificate_openssl.cc ('K') | « net/base/x509_certificate_openssl.cc ('k') | net/base/x509_openssl_util.cc » ('j') | net/base/x509_openssl_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698