DescriptionEnsure X509Certificate::OSCertHandles are safe to be used on both UI, IO, and Worker threads on Win.
Mirror the behaviour of SChannel by creating a new in-memory HCERTSTORE containing the certificate and its intermediate CA certificates whenever it is necessary to pass in a PCCERT_CONTEXT to a Windows API that may need to access the PCCERT_CONTEXT->hCertStore - such as certificate chain verification or display.
This also paves the way for removing the GlobalCertStore on Windows, which was necessary in order to link certificates with their intermediates for these same APIs.
BUG=47648
TEST=net_unittests:X509CertificateTest.* should cover this. Additionally, on a fresh profile, navigate to different HTTPS sites. From the Page Info Bubble, select Certificate Information, and in the Windows Certificate Viewer, click "Certification Path" and confirm the entire certificate chain is displayed. This is a variation of testing for http://crbug.com/45706, which should not regress.
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=108056
Patch Set 1 #
Total comments: 27
Patch Set 2 : Rebase to trunk #Patch Set 3 : Review feedback #
Total comments: 4
Patch Set 4 : Restructuring #Patch Set 5 : Mac fix #
Total comments: 10
Patch Set 6 : Rebase to trunk #Patch Set 7 : Rebase to trunk #Patch Set 8 : wtc feedback #Patch Set 9 : Fix win #Patch Set 10 : Fix include #Patch Set 11 : Fix OpenSSL forward declare #Patch Set 12 : Rebased #Patch Set 13 : Rebase #
Messages
Total messages: 12 (0 generated)
|