Fix the "certificate is not yet valid" error for server certificates

net/base/x509_certificate.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_X509_CERTIFICATE_H_
 #define NET_BASE_X509_CERTIFICATE_H_
 #pragma once
 
 #include <string.h>
 
@@ skipping 192 matching lines @@
   // certificate is invalid before the |valid_start| date and invalid after
   // the |valid_expiry| date.
   // If we were unable to parse either date from the certificate (or if the cert
   // lacks either date), the date will be null (i.e., is_null() will be true).
   const base::Time& valid_start() const { return valid_start_; }
   const base::Time& valid_expiry() const { return valid_expiry_; }
 
   // The fingerprint of this certificate.
   const SHA1Fingerprint& fingerprint() const { return fingerprint_; }
 
+  // The fingerprint of this certificate and its intermediate CA certificates.
+  const SHA1Fingerprint& chain_fingerprint() const {
+    return chain_fingerprint_;
+  }
+
   // Gets the DNS names in the certificate.  Pursuant to RFC 2818, Section 3.1
   // Server Identity, if the certificate has a subjectAltName extension of
   // type dNSName, this method gets the DNS names in that extension.
   // Otherwise, it gets the common name in the subject field.
   void GetDNSNames(std::vector<std::string>* dns_names) const;
 
   // Gets the subjectAltName extension field from the certificate, if any.
   // For future extension; currently this only returns those name types that
   // are required for HTTP certificate name verification - see VerifyHostname.
   // Unrequired parameters may be passed as NULL.
@@ skipping 135 matching lines @@
   // Duplicates (or adds a reference to) an OS certificate handle.
   static OSCertHandle DupOSCertHandle(OSCertHandle cert_handle);
 
   // Frees (or releases a reference to) an OS certificate handle.
   static void FreeOSCertHandle(OSCertHandle cert_handle);
 
   // Calculates the SHA-1 fingerprint of the certificate.  Returns an empty
   // (all zero) fingerprint on failure.
   static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle);
 
+  // Calculates the SHA-1 fingerprint of the certificate and its intermediate
+  // CA certificates.  Returns an empty (all zero) fingerprint on failure.
+  SHA1Fingerprint CalculateChainFingerprint() const;
+
  private:
   friend class base::RefCountedThreadSafe<X509Certificate>;
   friend class TestRootCerts;  // For unit tests
   FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache);
   FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates);
   FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers);
   FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, DigiNotarCerts);
   FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname);
 
   // Construct an X509Certificate from a handle to the certificate object
@@ skipping 87 matching lines @@
 
   // This certificate is not valid before |valid_start_|
   base::Time valid_start_;
 
   // This certificate is not valid after |valid_expiry_|
   base::Time valid_expiry_;
 
   // The fingerprint of this certificate.
   SHA1Fingerprint fingerprint_;
 
+  // The fingerprint of this certificate and its intermediate CA certificates.
+  SHA1Fingerprint chain_fingerprint_;
+
   // The serial number of this certificate, DER encoded.
   std::string serial_number_;
 
   // A handle to the certificate object in the underlying crypto library.
   OSCertHandle cert_handle_;
 
   // Untrusted intermediate certificates associated with this certificate
   // that may be needed for chain building.
   OSCertHandles intermediate_ca_certs_;
 
 #if defined(OS_MACOSX)
   // Blocks multiple threads from verifying the cert simultaneously.
   // (Marked mutable because it's used in a const method.)
   mutable base::Lock verification_lock_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_X509_CERTIFICATE_H_