net/socket/ssl_client_socket_win.cc - Issue 7473009: Revert r92977 partially to fix a certificate verification regression

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_win.cc

Issue 7473009: Revert r92977 partially to fix a certificate verification regression (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 9 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_win.cc

===================================================================

--- net/socket/ssl_client_socket_win.cc (revision 93224)

+++ net/socket/ssl_client_socket_win.cc (working copy)

@@ -337,6 +337,40 @@

//-----------------------------------------------------------------------------

+// A memory certificate store for client certificates. This allows us to

+// close the "MY" system certificate store when we finish searching for

+// client certificates.

+class ClientCertStore {

+ public:

+ ClientCertStore() {

+ store_ = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, 0, NULL);

+ }

+ ~ClientCertStore() {

+ if (store_) {

+ BOOL ok = CertCloseStore(store_, CERT_CLOSE_STORE_CHECK_FLAG);

+ DCHECK(ok);

+ }

+ PCCERT_CONTEXT CopyCertContext(PCCERT_CONTEXT client_cert) {

+ PCCERT_CONTEXT copy;

+ BOOL ok = CertAddCertificateContextToStore(store_, client_cert,

+ CERT_STORE_ADD_USE_EXISTING,

+ &copy);

+ DCHECK(ok);

+ return ok ? copy : NULL;

+ }

+ private:

+ HCERTSTORE store_;

+};

+static base::LazyInstance<ClientCertStore> g_client_cert_store(

+ base::LINKER_INITIALIZED);

+//-----------------------------------------------------------------------------

// Size of recv_buffer_

// Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to

@@ -488,13 +522,11 @@

// Get the leaf certificate.

PCCERT_CONTEXT cert_context =

chain_context->rgpChain[0]->rgpElement[0]->pCertContext;

- // Copy the certificate into a NULL store, so that we can close the "MY"

- // store before returning from this function.

- PCCERT_CONTEXT cert_context2 = NULL;

- BOOL ok = CertAddCertificateContextToStore(NULL, cert_context,

- CERT_STORE_ADD_USE_EXISTING,

- &cert_context2);

- if (!ok) {

+ // Copy it to our own certificate store, so that we can close the "MY"

+ // certificate store before returning from this function.

+ PCCERT_CONTEXT cert_context2 =

+ g_client_cert_store.Get().CopyCertContext(cert_context);

+ if (!cert_context2) {

NOTREACHED();

continue;

}

« net/base/x509_certificate_win.cc ('K') | « net/socket/ssl_client_socket_nss.cc ('k') | no next file » | no next file with comments »