Index: net/base/x509_certificate_mac.cc |
diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc |
index eb604abcd184d4fbe384ebd37d791e34006d5b05..bd10acb101ad88f5f70a6ea7a00e487b6597f04f 100644 |
--- a/net/base/x509_certificate_mac.cc |
+++ b/net/base/x509_certificate_mac.cc |
@@ -800,6 +800,8 @@ X509Certificate::CreateOSCertListHandle() const { |
int X509Certificate::Verify(const std::string& hostname, int flags, |
CertVerifyResult* verify_result) const { |
verify_result->Reset(); |
+ verify_result->verified_cert = |
+ CreateFromHandle(cert_handle_, GetIntermediateCertificates()); |
wtc
2011/07/26 00:16:35
Use intermediate_ca_certs_ instead of GetIntermedi
|
if (IsBlacklisted()) { |
verify_result->cert_status |= CERT_STATUS_REVOKED; |
@@ -898,6 +900,23 @@ int X509Certificate::Verify(const std::string& hostname, int flags, |
return NetErrorFromOSStatus(status); |
ScopedCFTypeRef<CFArrayRef> scoped_completed_chain(completed_chain); |
+ SecCertificateRef verified_cert = NULL; |
+ std::vector<SecCertificateRef> verified_chain; |
wtc
2011/07/26 00:16:35
Nit: it is not obvious that verified_chain does no
|
+ for (CFIndex i = 0, count = CFArrayGetCount(completed_chain); |
+ i < count; ++i) { |
+ SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>( |
+ const_cast<void*>(CFArrayGetValueAtIndex(completed_chain, i))); |
+ if (i == 0) { |
+ verified_cert = chain_cert; |
+ } else { |
+ verified_chain.push_back(chain_cert); |
+ } |
+ } |
+ if (verified_cert) { |
+ verify_result->verified_cert = CreateFromHandle(verified_cert, |
+ verified_chain); |
+ } |
+ |
// Evaluate the results |
OSStatus cssm_result; |
bool got_certificate_error = false; |