Removed the DCHECK for single common name in the certificate.

SSL certificates can have multiple Common Names, we will pick
the first common name. Will implement support for multiple CNs
based on RFC in a separate CL.

BUG=75677
TEST= visit https://www.rpxnow.com in debug mode.
R=wtc

Review URL: http://codereview.chromium.org/6685055

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78111 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 2 deletions

diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc
index 98e3367..2bf4a28 100644
--- a/net/base/x509_certificate_win.cc
+++ b/net/base/x509_certificate_win.cc
@@ -396,7 +396,12 @@ void ParsePrincipal(const std::string& description,
     }
   }
 
-  // We don't expect to have more than one CN, L, S, and C.
+  // We don't expect to have more than one CN, L, S, and C. If there is more
+  // than one entry for CN, L, S, and C, we will use the first entry. Although
+  // RFC 2818 Section 3.1 says the "most specific" CN should be used, that term
+  // has been removed in draft-saintandre-tls-server-id-check, which requires
+  // that the Subject field contains only one CN. So it is fine for us to just
+  // use the first CN.
   std::vector<std::string>* single_value_lists[4] = {
       &common_names, &locality_names, &state_names, &country_names };
   std::string* single_values[4] = {
@@ -404,7 +409,6 @@ void ParsePrincipal(const std::string& description,
       &principal->state_or_province_name, &principal->country_name };
   for (int i = 0; i < arraysize(single_value_lists); ++i) {
     int length = static_cast<int>(single_value_lists[i]->size());
-    DCHECK(single_value_lists[i]->size() <= 1);
     if (!single_value_lists[i]->empty())
       *(single_values[i]) = (*(single_value_lists[i]))[0];
   }