Index: net/base/x509_certificate_win.cc |
diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc |
index 26926b4d81ffe395324fa73805bc28edcc83e9c3..c25d6aa64b5dd9e7cea714eff73e3a7d95a4f5d6 100644 |
--- a/net/base/x509_certificate_win.cc |
+++ b/net/base/x509_certificate_win.cc |
@@ -295,16 +295,28 @@ bool CertSubjectCommonNameHasNull(PCCERT_CONTEXT cert) { |
// this function. |
void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context, |
CertVerifyResult* verify_result) { |
+ if (chain_context->cChain < 1) |
+ return; |
wtc
2011/07/26 00:16:35
Why don't you test chain_context->cChain == 0 here
Ryan Sleevi
2011/07/26 00:44:15
No, it's a DWORD, so it's unsigned. Updated to be
|
+ |
PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0]; |
int num_elements = first_chain->cElement; |
PCERT_CHAIN_ELEMENT* element = first_chain->rgpElement; |
+ PCCERT_CONTEXT verified_cert = NULL; |
+ std::vector<PCCERT_CONTEXT> verified_chain; |
+ |
// Each chain starts with the end entity certificate (i = 0) and ends with |
// the root CA certificate (i = num_elements - 1). Do not inspect the |
// signature algorithm of the root CA certificate because the signature on |
// the trust anchor is not important. |
for (int i = 0; i < num_elements - 1; ++i) { |
PCCERT_CONTEXT cert = element[i]->pCertContext; |
+ if (i == 0) { |
+ verified_cert = cert; |
+ } else { |
+ verified_chain.push_back(cert); |
+ } |
+ |
const char* algorithm = cert->pCertInfo->SignatureAlgorithm.pszObjId; |
if (strcmp(algorithm, szOID_RSA_MD5RSA) == 0) { |
// md5WithRSAEncryption: 1.2.840.113549.1.1.4 |
@@ -321,6 +333,14 @@ void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context, |
verify_result->has_md4 = true; |
} |
} |
+ |
+ if (verified_cert) { |
+ // Add the root certificate, if present, as it was not added above. |
+ if (num_elements > 1) |
+ verified_chain.push_back(element[num_elements - 1]->pCertContext); |
+ verify_result->verified_cert = |
+ X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
+ } |
} |
// Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO |
@@ -674,8 +694,8 @@ int X509Certificate::Verify(const std::string& hostname, |
int flags, |
CertVerifyResult* verify_result) const { |
verify_result->Reset(); |
- if (!cert_handle_) |
- return ERR_UNEXPECTED; |
+ verify_result->verified_cert = |
+ CreateFromHandle(cert_handle_, GetIntermediateCertificates()); |
if (IsBlacklisted()) { |
verify_result->cert_status |= CERT_STATUS_REVOKED; |