diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-07 21:54:29 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-07 21:54:29 +0000 |
| commit | ba05953cb867388052ee41ddf2bc5cc2d16b6ba4 (patch) | |
| tree | 724a51bf5d5d7d943434bf1e0cd3b309363aff51 /net | |
| parent | 001e4eeda9ae3d823ceb601ba993cf67d81d864a (diff) | |
| download | chromium_src-ba05953cb867388052ee41ddf2bc5cc2d16b6ba4.zip chromium_src-ba05953cb867388052ee41ddf2bc5cc2d16b6ba4.tar.gz chromium_src-ba05953cb867388052ee41ddf2bc5cc2d16b6ba4.tar.bz2 | |
Don't assert what the certificate's subjectAltName extension
contains, which can be anything. Assert the type of subjectAltName
we're trying to find.
R=avi
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/464026
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33995 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/x509_certificate_mac.cc | 12 | ||||
| -rw-r--r-- | net/base/x509_certificate_nss.cc | 14 |
2 files changed, 16 insertions, 10 deletions
diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc index e5535fb..d5b597f 100644 --- a/net/base/x509_certificate_mac.cc +++ b/net/base/x509_certificate_mac.cc @@ -266,6 +266,12 @@ OSStatus GetCertFields(X509Certificate::OSCertHandle cert_handle, void GetCertGeneralNamesForOID(X509Certificate::OSCertHandle cert_handle, CSSM_OID oid, CE_GeneralNameType name_type, std::vector<std::string>* result) { + // For future extension: We only support general names of types + // GNT_RFC822Name, GNT_DNSName or GNT_URI. + DCHECK(name_type == GNT_RFC822Name || + name_type == GNT_DNSName || + name_type == GNT_URI); + CSSMFields fields; OSStatus status = GetCertFields(cert_handle, &fields); if (status) @@ -280,15 +286,11 @@ void GetCertGeneralNamesForOID(X509Certificate::OSCertHandle cert_handle, for (size_t name = 0; name < alt_name->numNames; ++name) { const CE_GeneralName& name_struct = alt_name->generalName[name]; - // For future extension: We're assuming that these values are of types - // GNT_RFC822Name, GNT_DNSName or GNT_URI, all of which are encoded as + // All of the general name types we support are encoded as // IA5String. In general, we should be switching off // |name_struct.nameType| and doing type-appropriate conversions. See // certextensions.h and the comment immediately preceding // CE_GeneralNameType for more information. - DCHECK(name_struct.nameType == GNT_RFC822Name || - name_struct.nameType == GNT_DNSName || - name_struct.nameType == GNT_URI); if (name_struct.nameType == name_type) { const CSSM_DATA& name_data = name_struct.name; std::string value = diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index f459585..5f7075e 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -298,6 +298,12 @@ void ParseDate(SECItem* der_date, base::Time* result) { void GetCertSubjectAltNamesOfType(X509Certificate::OSCertHandle cert_handle, CERTGeneralNameType name_type, std::vector<std::string>* result) { + // For future extension: We only support general names of types + // RFC822Name, DNSName or URI. + DCHECK(name_type == certRFC822Name || + name_type == certDNSName || + name_type == certURI); + SECItem alt_name; SECStatus rv = CERT_FindCertExtension(cert_handle, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name); @@ -313,11 +319,9 @@ void GetCertSubjectAltNamesOfType(X509Certificate::OSCertHandle cert_handle, CERTGeneralName* name = alt_name_list; while (name) { - // For future extension: We're assuming that these values are of types - // RFC822Name, DNSName or URI. See the mac code for notes. - DCHECK(name->type == certRFC822Name || - name->type == certDNSName || - name->type == certURI); + // All of the general name types we support are encoded as + // IA5String. In general, we should be switching off + // |name->type| and doing type-appropriate conversions. if (name->type == name_type) { unsigned char* p = name->name.other.data; int len = name->name.other.len; |