Add X509Certificate::IsIssuedByEncoded()

net/base/x509_util_nss.h

Index: net/base/x509_util_nss.h
diff --git a/net/base/x509_util_nss.h b/net/base/x509_util_nss.h
index f00c4abbf3d90f4bf06bce9d75bee61db975737a..713a7ff415e7bc901b8fbe7ff87761634e20dc7b 100644
--- a/net/base/x509_util_nss.h
+++ b/net/base/x509_util_nss.h
@@ -70,6 +70,16 @@ X509Certificate::OSCertHandle ReadOSCertHandleFromPickle(
 void GetPublicKeyInfo(CERTCertificate* handle,
                       size_t* size_bits,
                       X509Certificate::PublicKeyType* type);
+
+// Returns true if |name| is listed in |valid_issuers|
+// |name| is a SECItem corresponding to a DER-encoded X.509
+// DistinguishedName.
+// |valid_issuers| is a list of strings, where each string contains also
+// a DER-encoded X.509 DN.
+bool IsCertNameItemInIssuerList(
+    SECItem* name,

[Ryan Sleevi, 2012/12/13 19:49:05]

see comments in iOS about making this a CERTName and saving some name parsing

+    const std::vector<std::string>& valid_issuers);

[Ryan Sleevi, 2012/12/13 19:49:05]

Perhaps rather then passing a single SECItem for a name, along with a vector of
strings, you have it pass in a vector of CERTName (collected from the
CERTCertificate*s) and a vector of strings (collected from the SSL handshake)

[digit1, 2012/12/14 17:54:33]

Yes, I've actually changed the function to take a vector of CERTCertificate*,
which makes it easier to reuse for iOS too.

[Ryan Sleevi, 2012/12/14 18:16:42]

That works too

+
 #endif  // defined(USE_NSS) || defined(OS_IOS)
 
 } // namespace x509_util