Index: net/base/x509_certificate_win.cc |
diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc |
index 1336f8c62ad2681f69e008e0f3b3984a9203034e..c5e37751cb29f3fa781565ce9542617344396368 100644 |
--- a/net/base/x509_certificate_win.cc |
+++ b/net/base/x509_certificate_win.cc |
@@ -6,6 +6,7 @@ |
#include "base/lazy_instance.h" |
#include "base/logging.h" |
+#include "base/memory/scoped_ptr.h" |
#include "base/pickle.h" |
#include "base/sha1.h" |
#include "base/string_tokenizer.h" |
@@ -18,9 +19,9 @@ |
#include "net/base/cert_verify_result.h" |
#include "net/base/ev_root_ca_metadata.h" |
#include "net/base/net_errors.h" |
-#include "net/base/scoped_cert_chain_context.h" |
#include "net/base/test_root_certs.h" |
#include "net/base/x509_certificate_known_roots_win.h" |
+#include "net/base/x509_util_win.h" |
#pragma comment(lib, "crypt32.lib") |
@@ -30,11 +31,6 @@ namespace net { |
namespace { |
-typedef crypto::ScopedCAPIHandle< |
- HCERTSTORE, |
- crypto::CAPIDestroyerWithFlags<HCERTSTORE, |
- CertCloseStore, 0> > ScopedHCERTSTORE; |
- |
struct FreeChainEngineFunctor { |
void operator()(HCERTCHAINENGINE engine) const { |
if (engine) |
@@ -42,9 +38,30 @@ struct FreeChainEngineFunctor { |
} |
}; |
+struct FreeCertContextFunctor { |
+ void operator()(PCCERT_CONTEXT context) const { |
+ if (context) |
+ CertFreeCertificateContext(context); |
+ } |
+}; |
+ |
+struct FreeCertChainContextFunctor { |
+ void operator()(PCCERT_CHAIN_CONTEXT chain_context) const { |
+ if (chain_context) |
+ CertFreeCertificateChain(chain_context); |
+ } |
+}; |
+ |
typedef crypto::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor> |
ScopedHCERTCHAINENGINE; |
+typedef scoped_ptr_malloc<const CERT_CONTEXT, |
+ FreeCertContextFunctor> ScopedPCCERT_CONTEXT; |
+ |
+typedef scoped_ptr_malloc<const CERT_CHAIN_CONTEXT, |
+ FreeCertChainContextFunctor> |
+ ScopedPCCERT_CHAIN_CONTEXT; |
+ |
//----------------------------------------------------------------------------- |
// TODO(wtc): This is a copy of the MapSecurityError function in |
@@ -770,21 +787,23 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
if (TestRootCerts::HasInstance()) |
chain_engine.reset(TestRootCerts::GetInstance()->GetChainEngine()); |
+ ScopedPCCERT_CONTEXT cert_list(x509_util::CreateOSCertChainForCert(this)); |
PCCERT_CHAIN_CONTEXT chain_context; |
// IE passes a non-NULL pTime argument that specifies the current system |
// time. IE passes CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT as the |
// chain_flags argument. |
if (!CertGetCertificateChain( |
chain_engine, |
- cert_handle_, |
+ cert_list.get(), |
NULL, // current system time |
- cert_handle_->hCertStore, |
+ cert_list->hCertStore, |
&chain_para, |
chain_flags, |
NULL, // reserved |
&chain_context)) { |
return MapSecurityError(GetLastError()); |
} |
+ |
if (chain_context->TrustStatus.dwErrorStatus & |
CERT_TRUST_IS_NOT_VALID_FOR_USAGE) { |
ev_policy_oid = NULL; |
@@ -793,9 +812,9 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
CertFreeCertificateChain(chain_context); |
if (!CertGetCertificateChain( |
chain_engine, |
- cert_handle_, |
+ cert_list.get(), |
NULL, // current system time |
- cert_handle_->hCertStore, |
+ cert_list->hCertStore, |
&chain_para, |
chain_flags, |
NULL, // reserved |
@@ -803,7 +822,8 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
return MapSecurityError(GetLastError()); |
} |
} |
- ScopedCertChainContext scoped_chain_context(chain_context); |
+ |
+ ScopedPCCERT_CHAIN_CONTEXT scoped_chain_context(chain_context); |
GetCertChainInfo(chain_context, verify_result); |
verify_result->cert_status |= MapCertChainErrorStatusToCertStatus( |