| Index: net/base/x509_certificate_mac.cc
|
| diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc
|
| index 02fdb42ad731f66c766b22ecd8ab4c538504b92f..6687a63704cd1d38f8477b07128be4f2a6f2d043 100644
|
| --- a/net/base/x509_certificate_mac.cc
|
| +++ b/net/base/x509_certificate_mac.cc
|
| @@ -409,6 +409,22 @@ void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const {
|
| dns_names->push_back(subject_.common_name);
|
| }
|
|
|
| +X509Certificate::OSCertListHandle
|
| +X509Certificate::CreateOSCertListHandle() const {
|
| + CFMutableArrayRef cert_list =
|
| + CFArrayCreateMutable(kCFAllocatorDefault, 0,
|
| + &kCFTypeArrayCallBacks);
|
| + if (!cert_list)
|
| + return NULL;
|
| +
|
| + CFArrayAppendValue(cert_list, cert_handle_);
|
| + for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
|
| + CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]);
|
| + }
|
| +
|
| + return cert_list;
|
| +}
|
| +
|
| int X509Certificate::Verify(const std::string& hostname, int flags,
|
| CertVerifyResult* verify_result) const {
|
| verify_result->Reset();
|
| @@ -436,14 +452,7 @@ int X509Certificate::Verify(const std::string& hostname, int flags,
|
| // array of certificates, the first of which is the certificate we're
|
| // verifying, and the subsequent (optional) certificates are used for
|
| // chain building.
|
| - CFMutableArrayRef cert_array = CFArrayCreateMutable(kCFAllocatorDefault, 0,
|
| - &kCFTypeArrayCallBacks);
|
| - if (!cert_array)
|
| - return ERR_OUT_OF_MEMORY;
|
| - ScopedCFTypeRef<CFArrayRef> scoped_cert_array(cert_array);
|
| - CFArrayAppendValue(cert_array, cert_handle_);
|
| - for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i)
|
| - CFArrayAppendValue(cert_array, intermediate_ca_certs_[i]);
|
| + ScopedCFTypeRef<CFArrayRef> cert_array(CreateOSCertListHandle());
|
|
|
| // From here on, only one thread can be active at a time. We have had a number
|
| // of sporadic crashes in the SecTrustEvaluate call below, way down inside
|
| @@ -721,6 +730,11 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
|
| }
|
|
|
| // static
|
| +void X509Certificate::FreeOSCertListHandle(OSCertListHandle identity) {
|
| + CFRelease(identity);
|
| +}
|
| +
|
| +// static
|
| SHA1Fingerprint X509Certificate::CalculateFingerprint(
|
| OSCertHandle cert) {
|
| SHA1Fingerprint sha1;
|
| @@ -819,7 +833,6 @@ bool X509Certificate::IsIssuedBy(
|
| const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i)));
|
| scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromHandle(
|
| cert_handle,
|
| - X509Certificate::SOURCE_LONE_CERT_IMPORT,
|
| X509Certificate::OSCertHandles()));
|
| for (unsigned j = 0; j < valid_issuers.size(); j++) {
|
| if (cert->issuer().Matches(valid_issuers[j]))
|
| @@ -881,8 +894,7 @@ bool X509Certificate::GetSSLClientCertificates(
|
| ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle);
|
|
|
| scoped_refptr<X509Certificate> cert(
|
| - CreateFromHandle(cert_handle, SOURCE_LONE_CERT_IMPORT,
|
| - OSCertHandles()));
|
| + CreateFromHandle(cert_handle, OSCertHandles()));
|
| if (cert->HasExpired() || !cert->SupportsSSLClientAuth())
|
| continue;
|
|
|
|
|
Chromium Code Reviews
Issue 2944008:
Refactor X509Certificate caching to cache the OS handle, rather than the X509Certificate (Closed)
