| Index: net/base/x509_certificate_openssl.cc
|
| diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc
|
| index 1001a883431389c6843eed7f822095a0fcb8fbd4..512de14fbf808f816855772bc187a8eb70b8355b 100644
|
| --- a/net/base/x509_certificate_openssl.cc
|
| +++ b/net/base/x509_certificate_openssl.cc
|
| @@ -1,4 +1,4 @@
|
| -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
|
| +// Copyright (c) 2010 The Chromium Authors. All rights reserved.
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| @@ -379,6 +379,14 @@ int X509Certificate::Verify(const std::string& hostname,
|
| CertVerifyResult* verify_result) const {
|
| verify_result->Reset();
|
|
|
| + // TODO(joth): We should fetch the subjectAltNames directly rather than via
|
| + // GetDNSNames, so we can apply special handling for IP addresses vs DNS
|
| + // names, etc. See http://crbug.com/62973.
|
| + std::vector<std::string> cert_names;
|
| + GetDNSNames(&cert_names);
|
| + if (!x509_openssl_util::VerifyHostname(hostname, cert_names))
|
| + verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
|
| +
|
| ScopedSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx(X509_STORE_CTX_new());
|
|
|
| ScopedSSL<STACK_OF(X509), sk_X509_free_fn> intermediates(sk_X509_new_null());
|
|
|
Chromium Code Reviews
Issue 4184004:
Add support for certificate name checking (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src