Index: net/base/x509_certificate_openssl.cc |
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc |
index 7f36d3270be230d34b0579268139319bfb4e0107..49c9a72b530743c1d51740b2dcc55baf066aba4d 100644 |
--- a/net/base/x509_certificate_openssl.cc |
+++ b/net/base/x509_certificate_openssl.cc |
@@ -445,6 +445,8 @@ int X509Certificate::Verify(const std::string& hostname, |
int flags, |
CertVerifyResult* verify_result) const { |
verify_result->Reset(); |
+ verify_result->verified_cert = |
+ CreateFromHandle(cert_handle_, GetIntermediateCertificates()); |
if (IsBlacklisted()) { |
verify_result->cert_status |= CERT_STATUS_REVOKED; |
@@ -491,8 +493,16 @@ int X509Certificate::Verify(const std::string& hostname, |
return MapCertStatusToNetError(verify_result->cert_status); |
STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx.get()); |
+ X509* verified_cert = NULL; |
+ std::vector<X509*> verified_chain; |
for (int i = 0; i < sk_X509_num(chain); ++i) { |
X509* cert = sk_X509_value(chain, i); |
+ if (i == 0) { |
+ verified_cert = cert; |
+ } else { |
+ verified_chain.push_back(verified_cert); |
+ } |
+ |
DERCache der_cache; |
if (!GetDERAndCacheIfNeeded(cert, &der_cache)) |
continue; |
@@ -509,6 +519,11 @@ int X509Certificate::Verify(const std::string& hostname, |
verify_result->public_key_hashes.push_back(hash); |
} |
+ if (verified_cert) { |
+ verify_result->verified_cert = CreateFromHandle(verified_cert, |
+ verified_chain); |
+ } |
+ |
// Currently we only ues OpenSSL's default root CA paths, so treat all |
// correctly verified certs as being from a known root. TODO(joth): if the |
// motivations described in http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 |