Update SSL error handling code to account for Subject CN deprecation
In Issue 308330, Chrome deprecated the use of the Subject CN field in
certificate hostname validation. However, the certificate error
interstitial and error classification logic were left unchanged,
leading to misleading error messages and doomed error recovery attempts
in the event that a certificate lacked SubjectAltNames.
In this change, Chrome's Certificate Error interstitial and error
recovery will no longer fallback to the certificate's Subject CN field
when evaluating the certificate's valid dns names.
BUG=703614
Review-Url: https://codereview.chromium.org/2777383002
Cr-Commit-Position: refs/heads/master@{#462230}
diff --git a/net/test/test_certificate_data.h b/net/test/test_certificate_data.h
index c8fa950..fbeaca7 100644
--- a/net/test/test_certificate_data.h
+++ b/net/test/test_certificate_data.h
@@ -33,7 +33,8 @@
#define VARIABLE_IS_NOT_USED
#endif
-// Google's cert.
+// Google's 2009 cert. Lacks a SubjectAltName, but contains www.google.com in
+// the Subject CN field.
unsigned char VARIABLE_IS_NOT_USED google_der[] = {
0x30, 0x82, 0x03, 0x21, 0x30, 0x82, 0x02, 0x8a, 0xa0, 0x03, 0x02, 0x01,
@@ -106,7 +107,8 @@
0xdf
};
-// webkit.org's cert.
+// webkit.org's 2008 cert. Contains a SubjectAltName field with *.webkit.org and
+// webkit.org. The Subject CN field contains *.webkit.org.
unsigned char VARIABLE_IS_NOT_USED webkit_der[] = {
0x30, 0x82, 0x05, 0x0d, 0x30, 0x82, 0x03, 0xf5, 0xa0, 0x03, 0x02, 0x01,
@@ -220,7 +222,9 @@
0x8a
};
-// thawte.com's cert (it's EV-licious!).
+// thawte.com 2008 Extended Validation cert. Lacks a SubjectAltName, but
+// contains www.thawte.com in the Subject CN field.
+
unsigned char VARIABLE_IS_NOT_USED thawte_der[] = {
0x30, 0x82, 0x04, 0xa5, 0x30, 0x82, 0x03, 0x8d, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x10, 0x17, 0x76, 0x05, 0x88, 0x95, 0x58, 0xee, 0xbb, 0x00,
