Check cert->isRoot to skip extraneous root certificates in certificate

net/base/x509_certificate_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include <cert.h>
 #include <cryptohi.h>
 #include <keyhi.h>
 #include <nss.h>
@@ skipping 174 matching lines @@
 
   CERTCertificate* verified_cert = NULL;
   std::vector<CERTCertificate*> verified_chain;
   int i = 0;
   for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
        !CERT_LIST_END(node, cert_list);
        node = CERT_LIST_NEXT(node), ++i) {
     if (i == 0) {
       verified_cert = node->cert;
     } else {
+      // Because of an NSS bug, CERT_PKIXVerifyCert may chain a self-signed
+      // certificate of a root CA to another certificate of the same root CA
+      // key.  Detect that error and ignore the root CA certificate.
+      // See https://bugzilla.mozilla.org/show_bug.cgi?id=721288.
+      if (node->cert->isRoot) {

[Ryan Sleevi, 2012/01/27 02:59:21]

Might be worth adding a comment here that isRoot only compares that subject &
issuer are equal, not that it's self-signed nor that it's a trust anchor. This
seems a tricky piece to get right (as evidenced by the fact that I still missed
it, even with the code pointers you provided)

+        CERTCertListNode* next_node = CERT_LIST_NEXT(node);
+        CERTCertificate* next_cert;
+        if (!CERT_LIST_END(next_node, cert_list)) {
+          next_cert = next_node->cert;
+        } else {
+          next_cert = root_cert;
+        }
+        // This SECITEM_ItemsAreEqual test should be unnecessary, implied
+        // by node->cert->isRoot and the fact that NSS has verified the
+        // signature of node->cert with the public key of next_cert.  But I
+        // added the test to make it easier to prove the code is correct.

[Ryan Sleevi, 2012/01/27 02:59:21]

nit: Drop the last sentence?

Would it be worth explaining why

// Test that |node->cert| is actually a self-signed certificate
// whose key is equal to |next_cert|, and not a cross-signed
// cert whose subject/issuer names match.

+        if (next_cert && SECITEM_ItemsAreEqual(&node->cert->derPublicKey,
+                                               &next_cert->derPublicKey)) {
+          continue;
+        }
+      }
       verified_chain.push_back(node->cert);
     }
+
     SECAlgorithmID& signature = node->cert->signature;
     SECOidTag oid_tag = SECOID_FindOIDTag(&signature.algorithm);
     switch (oid_tag) {
       case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
         verify_result->has_md5 = true;
         if (i != 0)
           verify_result->has_md5_ca = true;
         break;
       case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
         verify_result->has_md2 = true;
@@ skipping 962 matching lines @@
       *type = kPublicKeyTypeECDSA;
       break;
     default:
       *type = kPublicKeyTypeUnknown;
       *size_bits = 0;
       break;
   }
 }
 
 }  // namespace net