Chromium Code Reviews Chromium Code Reviews
Issue 173853014:
Make OpenSSL UpdateServerCert() OS independent. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/socket/ssl_client_socket_openssl.cc |
| diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc |
| index b253dfeae50884859e2dceb3657363d2a6834b29..3f34e29cb3904cbc1f50aa8078cc12312c03abb0 100644 |
| --- a/net/socket/ssl_client_socket_openssl.cc |
| +++ b/net/socket/ssl_client_socket_openssl.cc |
| @@ -926,6 +926,7 @@ X509Certificate* SSLClientSocketOpenSSL::UpdateServerCert() { |
| return NULL; |
| } |
| +#if defined(USE_OPENSSL) |
| // Unlike SSL_get_peer_certificate, SSL_get_peer_cert_chain does not |
| // increment the reference so sk_X509_free does not need to be called. |
| STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_); |
| @@ -935,8 +936,39 @@ X509Certificate* SSLClientSocketOpenSSL::UpdateServerCert() { |
| intermediates.push_back(sk_X509_value(chain, i)); |
| } |
| server_cert_ = X509Certificate::CreateFromHandle(cert.get(), intermediates); |
| - DCHECK(server_cert_.get()); |
| +#else |
| + unsigned char* cert_data = NULL; |
| + int cert_data_length = i2d_X509(cert.get(), &cert_data); |
| + if (cert_data_length <= 0 || !cert_data) { |
| + return NULL; |
| + } |
|
Ryan Sleevi
2014/02/21 22:34:38
net/ style: Don't include braces on single-line co
haavardm
2014/03/11 18:43:20
Done.
|
| + std::vector<std::string> cert_chain; |
| + cert_chain.push_back( |
| + std::string(reinterpret_cast<char*>(cert_data), cert_data_length)); |
| + OPENSSL_free(cert_data); |
|
Ryan Sleevi
2014/02/21 22:34:38
Rather than copying all of these to strings, then
haavardm
2014/02/24 18:54:31
Right. Just to clear up one detail: I assume you m
Ryan Sleevi
2014/02/24 19:02:47
I'm not sure I grokked your clarification.
What I
haavardm
2014/02/24 20:47:00
That's how I understood it yes.
haavardm
2014/03/11 18:43:20
Done.
|
| + STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_); |
| + if (chain) { |
| + for (int i = 0; i < sk_X509_num(chain); ++i) { |
| + cert_data = NULL; |
| + cert_data_length = i2d_X509(sk_X509_value(chain, i), &cert_data); |
| + if (cert_data_length <= 0 || !cert_data) { |
| + return NULL; |
| + } |
| + cert_chain.push_back( |
| + std::string(reinterpret_cast<char*>(cert_data), cert_data_length)); |
|
wtc
2014/02/25 01:13:09
If you directly push a base::StringPiece to chain_
haavardm
2014/02/25 16:13:01
For that to work one must actually using C-type ca
haavardm
2014/03/11 18:43:20
Done.
|
| + OPENSSL_free(cert_data); |
| + } |
| + } |
| + |
| + std::vector<base::StringPiece> chain_ref; |
| + for (size_t i = 0; i < cert_chain.size();i++) { |
| + chain_ref.push_back(base::StringPiece(cert_chain[0])); |
|
haavardm
2014/02/24 18:54:31
Ouch, bad typo right there (cert_chain[0]). Will f
Ryan Sleevi
2014/02/24 19:02:47
No. There's no test that covers this. The CertVeri
haavardm
2014/03/11 18:43:20
Done.
|
| + } |
| + server_cert_ = X509Certificate::CreateFromDERCertChain(chain_ref); |
| +#endif // USE_OPENSSL |
| + |
| + DCHECK(server_cert_.get()); |
|
Ryan Sleevi
2014/02/21 22:34:38
This DCHECK is going to have to go when adding !Op
haavardm
2014/02/24 18:54:31
Ok. I'll move it into the USE_OPENSSL code.
Ryan Sleevi
2014/02/24 19:02:47
I was saying to remove it entirely.
haavardm
2014/03/11 18:43:20
Done.
|
| return server_cert_.get(); |
| } |
