Do not assume OSCertHandle is OpenSSL's X509 structure.

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <openssl/err.h>
@@ skipping 1484 matching lines @@
   *pkey = EVP_PKEY_dup(ec_private_key->key());
 }
 
 int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) {
   if (!completed_handshake_) {
     // If the first handshake hasn't completed then we accept any certificates
     // because we verify after the handshake.
     return 1;
   }
 
-  if (X509Certificate::IsSameOSCert(server_cert_->os_cert_handle(),
-                                    sk_X509_value(store_ctx->untrusted, 0))) {
+  std::string der_current_cert;
+  if (!X509Certificate::GetDEREncoded(server_cert_->os_cert_handle(),
+                                      &der_current_cert)) {
+    LOG(ERROR) << "Failed to get current certificate in DER form";
+    return 0;
+  }
+
+  X509* leaf_cert = sk_X509_value(store_ctx->chain, 0);
+  int len = i2d_X509(leaf_cert, NULL);
+  if (len < 0) {
+    LOG(ERROR) << "Failed to marshal certificate from renegotiation";
+    return 0;
+  }
+
+  scoped_ptr<uint8[]> der_leaf_cert(new uint8[len]);
+  uint8 *outp = der_leaf_cert.get();
+  len = i2d_X509(leaf_cert, &outp);
+
+  if (static_cast<size_t>(len) == der_current_cert.size() &&
+      memcmp(der_leaf_cert.get(),
+             der_current_cert.data(),
+             der_current_cert.size()) == 0) {
+    // The certificates match so the renegotiation can continue.

[Ryan Sleevi, 2014/03/18 20:47:07]

Why not convert the untrusted cert to an X509Certificate/PeerCertificateChain,
and compare against that? Like NSS?

[haavardm, 2014/03/18 21:36:41]

Not sure I understand. If I get this correctly, NSS is actually comparing the
der strings from two CERTCertificate retrieved from PeerCertificateChain and the
socket. As most of the code here is to turn X509 into der I'm not sure it would
simplify this much. 

But I could certainly extend PeerCertificateChain with a function to take in
store_ctx->chain (which would also be called by Reset(ssl) and then compare new
and old X509Certificate objects.

     return 1;
   }
 
   LOG(ERROR) << "Server certificate changed between handshakes";
   return 0;
 }
 
 // SelectNextProtoCallback is called by OpenSSL during the handshake. If the
 // server supports NPN, selects a protocol from the list that the server
 // provides. According to third_party/openssl/openssl/ssl/ssl_lib.c, the
@@ skipping 45 matching lines @@
 #endif
   return SSL_TLSEXT_ERR_OK;
 }
 
 scoped_refptr<X509Certificate>
 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
   return server_cert_;
 }
 
 }  // namespace net