Index: net/base/x509_certificate_openssl.cc |
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc |
index 009257705d14863df040c882d91cb84118124cbd..1d9b948f42d54fb9a3806e003e2a657ef2df4f45 100644 |
--- a/net/base/x509_certificate_openssl.cc |
+++ b/net/base/x509_certificate_openssl.cc |
@@ -323,6 +323,12 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
X509_free(cert_handle); |
} |
+// static |
+void X509Certificate::FreeOSCertListHandle( |
+ OSCertListHandle cert_list_handle) { |
+ sk_X509_pop_free(cert_list_handle, X509_free); |
+} |
+ |
void X509Certificate::Initialize() { |
crypto::EnsureOpenSSLInit(); |
fingerprint_ = CalculateFingerprint(cert_handle_); |
@@ -358,6 +364,34 @@ SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { |
} |
// static |
+X509Certificate::OSCertListHandle |
+X509Certificate::CreateOSCertListHandle() const { |
+ STACK_OF(X509)* cert_list_handle = sk_X509_new_null(); |
+ if (!cert_list_handle) |
+ return NULL; |
+ |
+ if (!sk_X509_push(cert_list_handle, DupOSCertHandle(cert_handle_))) { |
+ FreeOSCertListHandle(cert_list_handle); |
+ return NULL; |
+ } |
+ |
+ bool ok = true; |
+ for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
+ if (!sk_X509_push(cert_list_handle, |
+ DupOSCertHandle(intermediate_ca_certs_[i]))) { |
+ ok = false; |
+ break; |
+ } |
+ } |
+ if (!ok) { |
+ FreeOSCertListHandle(cert_list_handle); |
+ return NULL; |
+ } |
+ |
+ return cert_list_handle; |
+} |
+ |
+// static |
X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( |
const char* data, int length) { |
if (length < 0) |
@@ -448,15 +482,10 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
X509_STORE_CTX_new()); |
crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( |
- sk_X509_new_null()); |
+ CreateOSCertListHandle()); |
if (!intermediates.get()) |
return ERR_OUT_OF_MEMORY; |
- for (OSCertHandles::const_iterator it = intermediate_ca_certs_.begin(); |
- it != intermediate_ca_certs_.end(); ++it) { |
- if (!sk_X509_push(intermediates.get(), *it)) |
- return ERR_OUT_OF_MEMORY; |
- } |
int rv = X509_STORE_CTX_init(ctx.get(), cert_store(), |
cert_handle_, intermediates.get()); |
CHECK_EQ(1, rv); |