Created
December 1, 2014 05:56
-
-
Save mattgrill/a6b6319801d504de8042 to your computer and use it in GitHub Desktop.
x509_certificate.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if (!reference_domain.empty()) { | |
DCHECK(reference_domain.starts_with(".")); | |
// Do not allow wildcards for public/ICANN registry controlled domains - | |
// that is, prevent *.com or *.co.uk as valid presented names, but do not | |
// prevent *.appspot.com (a private registry controlled domain). | |
// In addition, unknown top-level domains (such as 'intranet' domains or | |
// new TLDs/gTLDs not yet added to the registry controlled domain dataset) | |
// are also implicitly prevented. | |
// Because |reference_domain| must contain at least one name component that | |
// is not registry controlled, this ensures that all reference domains | |
// contain at least three domain components when using wildcards. | |
size_t registry_length = | |
registry_controlled_domains::GetRegistryLength( | |
reference_name, | |
registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES, | |
registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); | |
// Because |reference_name| was already canonicalized, the following | |
// should never happen. | |
CHECK_NE(std::string::npos, registry_length); | |
// Account for the leading dot in |reference_domain|. | |
bool is_registry_controlled = | |
registry_length != 0 && | |
registry_length == (reference_domain.size() - 1); | |
// Additionally, do not attempt wildcard matching for purely numeric | |
// hostnames. | |
allow_wildcards = | |
!is_registry_controlled && | |
reference_name.find_first_not_of("0123456789.") != std::string::npos; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment