net/base/x509_certificate_openssl.cc - Issue 7324039: Ensure X509Certificate::OSCertHandles are safe to be used on both UI and IO threads on Win

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate_openssl.cc

Issue 7324039: Ensure X509Certificate::OSCertHandles are safe to be used on both UI and IO threads on Win (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Review feedback Created 9 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/x509_certificate_openssl.cc

diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc

index 009257705d14863df040c882d91cb84118124cbd..1d9b948f42d54fb9a3806e003e2a657ef2df4f45 100644

--- a/net/base/x509_certificate_openssl.cc

+++ b/net/base/x509_certificate_openssl.cc

@@ -323,6 +323,12 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {

X509_free(cert_handle);

}

+// static

+void X509Certificate::FreeOSCertListHandle(

+ OSCertListHandle cert_list_handle) {

+ sk_X509_pop_free(cert_list_handle, X509_free);

void X509Certificate::Initialize() {

crypto::EnsureOpenSSLInit();

fingerprint_ = CalculateFingerprint(cert_handle_);

@@ -358,6 +364,34 @@ SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) {

}

// static

+X509Certificate::OSCertListHandle

+X509Certificate::CreateOSCertListHandle() const {

+ STACK_OF(X509)* cert_list_handle = sk_X509_new_null();

+ if (!cert_list_handle)

+ return NULL;

+ if (!sk_X509_push(cert_list_handle, DupOSCertHandle(cert_handle_))) {

+ FreeOSCertListHandle(cert_list_handle);

+ return NULL;

+ }

+ bool ok = true;

+ for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {

+ if (!sk_X509_push(cert_list_handle,

+ DupOSCertHandle(intermediate_ca_certs_[i]))) {

+ ok = false;

+ break;

+ }

+ if (!ok) {

+ FreeOSCertListHandle(cert_list_handle);

+ return NULL;

+ }

+ return cert_list_handle;

+// static

X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(

const char* data, int length) {

if (length < 0)

@@ -448,15 +482,10 @@ int X509Certificate::VerifyInternal(const std::string& hostname,

X509_STORE_CTX_new());

crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates(

- sk_X509_new_null());

+ CreateOSCertListHandle());

if (!intermediates.get())

return ERR_OUT_OF_MEMORY;

- for (OSCertHandles::const_iterator it = intermediate_ca_certs_.begin();

- it != intermediate_ca_certs_.end(); ++it) {

- if (!sk_X509_push(intermediates.get(), *it))

- return ERR_OUT_OF_MEMORY;

- }

int rv = X509_STORE_CTX_init(ctx.get(), cert_store(),

cert_handle_, intermediates.get());

CHECK_EQ(1, rv);

« net/base/x509_certificate.h ('K') | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_win.cc » ('j') | net/base/x509_certificate_win.cc » ('J')