Move name matching into the shared certificate validator
In the way-old times, Chrome used to rely on the underlying OS to
perform certificate name matching. Unfortunately, this meant that
certificates that worked in Chrome on one platform wouldn't work
in Chrome on another platform. As a result, a long time ago (e.g.
more than two years ago), Chrome moved to a common name validator,
which ensured that IPv6 was handled correctly, as were things like
trailing dots in the hostname (used to bypass DNS suffix search).
This cleans up the historical remants of that, by moving name
matching for certificates into a single place, in
CertVerifyProc::Verify, rather than the per-platform implementations
in CertVerifyProc::VerifyInternal.
The upside is this reduces code duplication.
The downside is this means that MockCertVerifyProc's now need to
supply certificates that *really* match their intended hostname, and
can no longer fake it til they make it.
BUG=308330
Review-Url: https://codereview.chromium.org/2725683002
Cr-Commit-Position: refs/heads/master@{#453735}
11 files changed
