Add a histogram for measuring the number of times we fall back to common name matching, when a certificate lacks a subjectAltName

BUG=308330 Review URL: https://codereview.chromium.org/27624002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@230679 0039d316-1c4b-4281-b951-d872f2087c98
author: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-10-24 08:14:15 +0000
committer: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-10-24 08:14:15 +0000
commit: cc33eb7dcbe80a9dce2ff37f120ed0f2af0cce33 (patch)
tree: a788b7207db37b3d4fa33e08eb760f27340b6d58 /net/cert/x509_certificate.h
parent: a865dc529c26d3f52acbded65ebd7ba8e3ab747d (diff)
download: chromium_src-cc33eb7dcbe80a9dce2ff37f120ed0f2af0cce33.zip
chromium_src-cc33eb7dcbe80a9dce2ff37f120ed0f2af0cce33.tar.gz
chromium_src-cc33eb7dcbe80a9dce2ff37f120ed0f2af0cce33.tar.bz2
1 files changed, 10 insertions, 3 deletions
diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h
index ef55243..43ed014 100644
--- a/net/cert/x509_certificate.h
+++ b/net/cert/x509_certificate.h
@@ -313,8 +313,11 @@ class NET_EXPORT X509Certificate
   // Verifies that |hostname| matches this certificate.
   // Does not verify that the certificate is valid, only that the certificate
   // matches this host.
-  // Returns true if it matches.
-  bool VerifyNameMatch(const std::string& hostname) const;
+  // Returns true if it matches, and updates |*common_name_fallback_used|,
+  // setting it to true if a fallback to the CN was used, rather than
+  // subjectAltName.
+  bool VerifyNameMatch(const std::string& hostname,
+                       bool* common_name_fallback_used) const;
 
   // Obtains the DER encoded certificate data for |cert_handle|. On success,
   // returns true and writes the DER encoded certificate to |*der_encoded|.
@@ -425,10 +428,14 @@ class NET_EXPORT X509Certificate
   // extension, if present. Note these IP addresses are NOT ascii-encoded:
   // they must be 4 or 16 bytes of network-ordered data, for IPv4 and IPv6
   // addresses, respectively.
+  // |common_name_fallback_used| will be updated to true if cert_common_name
+  // was used to match the hostname, or false if either of the |cert_san_*|
+  // parameters was used to match the hostname.
   static bool VerifyHostname(const std::string& hostname,
                              const std::string& cert_common_name,
                              const std::vector<std::string>& cert_san_dns_names,
-                             const std::vector<std::string>& cert_san_ip_addrs);
+                             const std::vector<std::string>& cert_san_ip_addrs,
+                             bool* common_name_fallback_used);
 
   // Reads a single certificate from |pickle_iter| and returns a
   // platform-specific certificate handle. The format of the certificate
author	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-10-24 08:14:15 +0000
committer	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-10-24 08:14:15 +0000
commit	cc33eb7dcbe80a9dce2ff37f120ed0f2af0cce33 (patch)
tree	a788b7207db37b3d4fa33e08eb760f27340b6d58 /net/cert/x509_certificate.h
parent	a865dc529c26d3f52acbded65ebd7ba8e3ab747d (diff)
download	chromium_src-cc33eb7dcbe80a9dce2ff37f120ed0f2af0cce33.zip chromium_src-cc33eb7dcbe80a9dce2ff37f120ed0f2af0cce33.tar.gz chromium_src-cc33eb7dcbe80a9dce2ff37f120ed0f2af0cce33.tar.bz2