diff options
Diffstat (limited to 'net/base/x509_openssl_util.h')
| -rw-r--r-- | net/base/x509_openssl_util.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/net/base/x509_openssl_util.h b/net/base/x509_openssl_util.h index 5ac511b..4a6fa24 100644 --- a/net/base/x509_openssl_util.h +++ b/net/base/x509_openssl_util.h @@ -1,4 +1,4 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -10,6 +10,7 @@ #include <openssl/x509v3.h> #include <string> +#include <vector> namespace base { class Time; @@ -32,6 +33,13 @@ bool ParsePrincipalValueByNID(X509_NAME* name, int nid, std::string* value); bool ParseDate(ASN1_TIME* x509_time, base::Time* time); +// Verifies that |hostname| matches one of the names in |cert_names|, based on +// TLS name matching rules, specifically following http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09#section-4.4.3 +// The members of |cert_names| must have been extracted from the Subject CN or +// SAN fields of a certificate. +bool VerifyHostname(const std::string& hostname, + const std::vector<std::string>& cert_names); + } // namespace x509_openssl_util } // namespace net |