Ensure X509Certificate::OSCertHandles are safe to be used on both UI and IO threads on Win

net/base/x509_certificate_openssl.cc

Index: net/base/x509_certificate_openssl.cc
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc
index c672615319561d810ccd0e5afa5d311ab4a282ae..9c5951fbf9801660396d9291847aee18daeee0b2 100644
--- a/net/base/x509_certificate_openssl.cc
+++ b/net/base/x509_certificate_openssl.cc
@@ -307,6 +307,11 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
   X509_free(cert_handle);
 }
 
+// static
+void X509Certificate::FreeOSCertListHandle(OSCertListHandle cert_list) {

[wtc, 2011/10/04 00:26:34]

cert_list => cert_list_handle

+  sk_X509_pop_free(cert_list, X509_free);
+}
+
 void X509Certificate::Initialize() {
   crypto::EnsureOpenSSLInit();
   fingerprint_ = CalculateFingerprint(cert_handle_);
@@ -342,6 +347,34 @@ SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) {
 }
 
 // static
+X509Certificate::OSCertListHandle
+X509Certificate::CreateOSCertListHandle() const {

[wtc, 2011/10/04 00:26:34]

Change VerifyInternal to use CreateOSCertListHandle().

+  STACK_OF(X509)* cert_list_handle = sk_X509_new_null();
+  if (!cert_list_handle)
+    return NULL;
+
+  if (!sk_X509_push(cert_list_handle, DupOSCertHandle(cert_handle_))) {
+    FreeOSCertListHandle(cert_list_handle);
+    return NULL;
+  }
+
+  bool ok = true;
+  for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
+    if (!sk_X509_push(cert_list_handle,
+                      DupOSCertHandle(intermediate_ca_certs_[i]))) {
+      ok = false;
+      break;
+    }
+  }
+  if (!ok) {
+    FreeOSCertListHandle(cert_list_handle);
+    return NULL;
+  }
+
+  return cert_list_handle;
+}
+
+// static
 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
     const char* data, int length) {
   if (length < 0)