Add support for certificate name checking

net/base/x509_openssl_util.h

Index: net/base/x509_openssl_util.h
diff --git a/net/base/x509_openssl_util.h b/net/base/x509_openssl_util.h
index 5ac511bdfefbf1a4b4a84d2b7209f58a2ab12785..4a6fa24cc1aec1c6b63f9dc4753cd88fc10a807b 100644
--- a/net/base/x509_openssl_util.h
+++ b/net/base/x509_openssl_util.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -10,6 +10,7 @@
 #include <openssl/x509v3.h>
 
 #include <string>
+#include <vector>
 
 namespace base {
 class Time;
@@ -32,6 +33,13 @@ bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value);
 
 bool ParseDate(ASN1_TIME* x509_time, base::Time* time);
 
+// Verifies that |hostname| matches one of the names in |cert_names|, based on
+// TLS name matching rules, specifically following http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09#section-4.4.3
+// The members of |cert_names| must have been extracted from the Subject CN or
+// SAN fields of a certificate.
+bool VerifyHostname(const std::string& hostname,
+                    const std::vector<std::string>& cert_names);
+
 } // namespace x509_openssl_util
 
 } // namespace net