Chromium Code Reviews Chromium Code Reviews
Issue 8400075:
Fix the "certificate is not yet valid" error for server certificates (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: net/base/x509_certificate_mac.cc |
| =================================================================== |
| --- net/base/x509_certificate_mac.cc (revision 107789) |
| +++ net/base/x509_certificate_mac.cc (working copy) |
| @@ -540,6 +540,7 @@ |
| &valid_expiry_); |
| fingerprint_ = CalculateFingerprint(cert_handle_); |
| + chain_fingerprint_ = CalculateChainFingerprint(); |
| serial_number_ = GetCertSerialNumber(cert_handle_); |
| } |
| @@ -1069,6 +1070,30 @@ |
| return sha1; |
| } |
| +SHA1Fingerprint X509Certificate::CalculateChainFingerprint() const { |
| + SHA1Fingerprint sha1; |
| + memset(sha1.data, 0, sizeof(sha1.data)); |
| + |
| + // The CC_SHA(3cc) man page says all CC_SHA1_xxx routines return 1, so |
| + // we don't check their return values. |
| + CC_SHA1_CTX sha1_ctx; |
| + CC_SHA1_Init(&sha1_ctx); |
| + CSSM_DATA cert_data; |
| + OSStatus status = SecCertificateGetData(cert_handle_, &cert_data); |
| + if (status) |
| + return sha1; |
| + CC_SHA1_Update(&sha1_ctx, cert_data.Data, cert_data.Length); |
| + for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| + status = SecCertificateGetData(intermediate_ca_certs_[i], &cert_data); |
|
agl
2011/10/28 23:45:47
I note in the OS X documentation that this is list
Ryan Sleevi
2011/10/28 23:55:03
I would go as far as to say that > 80% of the cert
|
| + if (status) |
| + return sha1; |
|
Ryan Sleevi
2011/10/28 23:55:03
BUG: |sha1_ctx| is improperly cleaned up here.
wtc
2011/10/29 01:32:03
Thank you for pointing out this issue.
Based on h
|
| + CC_SHA1_Update(&sha1_ctx, cert_data.Data, cert_data.Length); |
| + } |
| + CC_SHA1_Final(sha1.data, &sha1_ctx); |
| + |
| + return sha1; |
| +} |
| + |
| bool X509Certificate::SupportsSSLClientAuth() const { |
| CSSMFields fields; |
| if (GetCertFields(cert_handle_, &fields) != noErr) |
