net/base/x509_certificate_win.cc - Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify()

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate_win.cc

Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: wtc feedback Created 9 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/x509_certificate_win.cc

diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc

index 59b61a3277e1dc96d5b61c6142eb210ca7ec320c..7ef735b0bf6a7f9d563369de78b539f4246fcd54 100644

--- a/net/base/x509_certificate_win.cc

+++ b/net/base/x509_certificate_win.cc

@@ -296,16 +296,28 @@ bool CertSubjectCommonNameHasNull(PCCERT_CONTEXT cert) {

// this function.

void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,

CertVerifyResult* verify_result) {

+ if (chain_context->cChain == 0)

+ return;

PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0];

int num_elements = first_chain->cElement;

PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement;

+ PCCERT_CONTEXT verified_cert = NULL;

+ std::vector<PCCERT_CONTEXT> verified_chain;

// Each chain starts with the end entity certificate (i = 0) and ends with

// the root CA certificate (i = num_elements - 1). Do not inspect the

// signature algorithm of the root CA certificate because the signature on

// the trust anchor is not important.

for (int i = 0; i < num_elements - 1; ++i) {

PCCERT_CONTEXT cert = element[i]->pCertContext;

+ if (i == 0) {

+ verified_cert = cert;

+ } else {

+ verified_chain.push_back(cert);

+ }

const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId;

if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) {

// md5WithRSAEncryption: 1.2.840.113549.1.1.4

@@ -322,6 +334,14 @@ void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,

verify_result->has_md4 = true;

}

+ if (verified_cert) {

+ // Add the root certificate, if present, as it was not added above.

+ if (num_elements > 1)

+ verified_chain.push_back(element[num_elements - 1]->pCertContext);

+ verify_result->verified_cert =

+ X509Certificate::CreateFromHandle(verified_cert, verified_chain);

+ }

}

// Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO

« net/base/x509_certificate_unittest.cc ('K') | « net/base/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | net/socket/ssl_client_socket_mac.cc » ('J')