Index: net/cert/cert_verify_proc.h |
diff --git a/net/cert/cert_verify_proc.h b/net/cert/cert_verify_proc.h |
index c85bf75b519b1bba15a623ffe0565f541d27125b..4feae19182551e01de6c6e1d22e7e78e50a758f6 100644 |
--- a/net/cert/cert_verify_proc.h |
+++ b/net/cert/cert_verify_proc.h |
@@ -67,13 +67,14 @@ class NET_EXPORT CertVerifyProc |
virtual bool SupportsAdditionalTrustAnchors() const = 0; |
protected: |
- friend class base::RefCountedThreadSafe<CertVerifyProc>; |
- FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts); |
- |
CertVerifyProc(); |
virtual ~CertVerifyProc(); |
private: |
+ friend class base::RefCountedThreadSafe<CertVerifyProc>; |
+ friend class CertVerifyProcNonUniqueNameTest; |
+ FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts); |
+ |
// Performs the actual verification using the desired underlying |
// cryptographic library. |
virtual int VerifyInternal(X509Certificate* cert, |
@@ -89,6 +90,19 @@ class NET_EXPORT CertVerifyProc |
// IsPublicKeyBlacklisted returns true iff one of |public_key_hashes| (which |
// are hashes of SubjectPublicKeyInfo structures) is explicitly blocked. |
static bool IsPublicKeyBlacklisted(const HashValueVector& public_key_hashes); |
+ |
+ // Returns true if |hostname| contains a name that is non-unique among |
+ // certificates (eg: an "internal server name"). |
+ // |
+ // While such names are not scheduled to be deprecated until 1 November 2015 |
+ // according to the CA/Browser Forum Baseline Requirements (v1.1), they |
+ // represent a real risk for the deployment of new gTLDs, and thus being |
+ // phased out ahead of the hard deadline. |
+ // TODO(rsleevi): http://crbug.com/119212 - Also match internal IP address |
+ // ranges. |
+ static bool IsHostnameNonUnique(const std::string& hostname); |
+ |
+ DISALLOW_COPY_AND_ASSIGN(CertVerifyProc); |
}; |
} // namespace net |