Don't assert what the certificate's subjectAltName extension

contains, which can be anything.  Assert the type of subjectAltName
we're trying to find.

R=avi
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/464026

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33995 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 5 deletions

diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc
index f459585..5f7075e 100644
--- a/net/base/x509_certificate_nss.cc
+++ b/net/base/x509_certificate_nss.cc
@@ -298,6 +298,12 @@ void ParseDate(SECItem* der_date, base::Time* result) {
 void GetCertSubjectAltNamesOfType(X509Certificate::OSCertHandle cert_handle,
                                   CERTGeneralNameType name_type,
                                   std::vector<std::string>* result) {
+  // For future extension: We only support general names of types
+  // RFC822Name, DNSName or URI.
+  DCHECK(name_type == certRFC822Name ||
+         name_type == certDNSName ||
+         name_type == certURI);
+
   SECItem alt_name;
   SECStatus rv = CERT_FindCertExtension(cert_handle,
       SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name);
@@ -313,11 +319,9 @@ void GetCertSubjectAltNamesOfType(X509Certificate::OSCertHandle cert_handle,
 
   CERTGeneralName* name = alt_name_list;
   while (name) {
-    // For future extension: We're assuming that these values are of types
-    // RFC822Name, DNSName or URI.  See the mac code for notes.
-    DCHECK(name->type == certRFC822Name ||
-           name->type == certDNSName ||
-           name->type == certURI);
+    // All of the general name types we support are encoded as
+    // IA5String. In general, we should be switching off
+    // |name->type| and doing type-appropriate conversions.
     if (name->type == name_type) {
       unsigned char* p = name->name.other.data;
       int len = name->name.other.len;