OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <map> | 10 #include <map> |
(...skipping 611 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
622 // as we require the wildcard (if present) to match at least one character. | 622 // as we require the wildcard (if present) to match at least one character. |
623 if (presented_name.length() > reference_name.length()) | 623 if (presented_name.length() > reference_name.length()) |
624 continue; | 624 continue; |
625 | 625 |
626 base::StringPiece presented_host, presented_domain; | 626 base::StringPiece presented_host, presented_domain; |
627 SplitOnChar(presented_name, '.', &presented_host, &presented_domain); | 627 SplitOnChar(presented_name, '.', &presented_host, &presented_domain); |
628 | 628 |
629 if (presented_domain != reference_domain) | 629 if (presented_domain != reference_domain) |
630 continue; | 630 continue; |
631 | 631 |
632 base::StringPiece pattern_begin, pattern_end; | 632 if (presented_host != "*") { |
633 SplitOnChar(presented_host, '*', &pattern_begin, &pattern_end); | |
634 | |
635 if (pattern_end.empty()) { // No '*' in the presented_host | |
636 if (presented_host == reference_host) | 633 if (presented_host == reference_host) |
637 return true; | 634 return true; |
638 continue; | 635 continue; |
639 } | 636 } |
640 pattern_end.remove_prefix(1); // move past the * | |
641 | 637 |
642 if (!allow_wildcards) | 638 if (!allow_wildcards) |
643 continue; | 639 continue; |
644 | 640 |
645 // * must not match a substring of an IDN A label; just a whole fragment. | 641 return true; |
646 if (reference_host.starts_with("xn--") && | |
647 !(pattern_begin.empty() && pattern_end.empty())) | |
648 continue; | |
649 | |
650 if (reference_host.starts_with(pattern_begin) && | |
651 reference_host.ends_with(pattern_end)) | |
652 return true; | |
653 } | 642 } |
654 return false; | 643 return false; |
655 } | 644 } |
656 | 645 |
657 bool X509Certificate::VerifyNameMatch(const std::string& hostname, | 646 bool X509Certificate::VerifyNameMatch(const std::string& hostname, |
658 bool* common_name_fallback_used) const { | 647 bool* common_name_fallback_used) const { |
659 std::vector<std::string> dns_names, ip_addrs; | 648 std::vector<std::string> dns_names, ip_addrs; |
660 GetSubjectAltName(&dns_names, &ip_addrs); | 649 GetSubjectAltName(&dns_names, &ip_addrs); |
661 return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs, | 650 return VerifyHostname(hostname, subject_.common_name, dns_names, ip_addrs, |
662 common_name_fallback_used); | 651 common_name_fallback_used); |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
762 RemoveFromCache(cert_handle_); | 751 RemoveFromCache(cert_handle_); |
763 FreeOSCertHandle(cert_handle_); | 752 FreeOSCertHandle(cert_handle_); |
764 } | 753 } |
765 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 754 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
766 RemoveFromCache(intermediate_ca_certs_[i]); | 755 RemoveFromCache(intermediate_ca_certs_[i]); |
767 FreeOSCertHandle(intermediate_ca_certs_[i]); | 756 FreeOSCertHandle(intermediate_ca_certs_[i]); |
768 } | 757 } |
769 } | 758 } |
770 | 759 |
771 } // namespace net | 760 } // namespace net |
OLD | NEW |