net/base/x509_certificate_mac.cc - Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify()

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate_mac.cc

Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Ensure the EE cert is marked as a TLS server cert, not a CA cert Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/base/x509_certificate_mac.cc

diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc

index eb604abcd184d4fbe384ebd37d791e34006d5b05..bd10acb101ad88f5f70a6ea7a00e487b6597f04f 100644

--- a/net/base/x509_certificate_mac.cc

+++ b/net/base/x509_certificate_mac.cc

@@ -800,6 +800,8 @@ X509Certificate::CreateOSCertListHandle() const {

int X509Certificate::Verify(const std::string& hostname, int flags,

CertVerifyResult* verify_result) const {

verify_result->Reset();

+ verify_result->verified_cert =

+ CreateFromHandle(cert_handle_, GetIntermediateCertificates());

wtc 2011/07/26 00:16:35 Use intermediate_ca_certs_ instead of GetIntermedi

if (IsBlacklisted()) {

verify_result->cert_status |= CERT_STATUS_REVOKED;

@@ -898,6 +900,23 @@ int X509Certificate::Verify(const std::string& hostname, int flags,

return NetErrorFromOSStatus(status);

ScopedCFTypeRef<CFArrayRef> scoped_completed_chain(completed_chain);

+ SecCertificateRef verified_cert = NULL;

+ std::vector<SecCertificateRef> verified_chain;

wtc 2011/07/26 00:16:35 Nit: it is not obvious that verified_chain does no

+ for (CFIndex i = 0, count = CFArrayGetCount(completed_chain);

+ i < count; ++i) {

+ SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>(

+ const_cast<void*>(CFArrayGetValueAtIndex(completed_chain, i)));

+ if (i == 0) {

+ verified_cert = chain_cert;

+ } else {

+ verified_chain.push_back(chain_cert);

+ }

+ if (verified_cert) {

+ verify_result->verified_cert = CreateFromHandle(verified_cert,

+ verified_chain);

+ }

// Evaluate the results

OSStatus cssm_result;

bool got_certificate_error = false;