Stop caching DER-encoded certificates unnecessarily

net/socket/ssl_client_socket_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
 #include <errno.h>
 #include <string.h>
 
 #include <utility>
@@ skipping 2122 matching lines @@
       X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(4u, unverified_certs.size());
 
   // We will expect SSLInfo to ultimately contain this chain.
   CertificateList certs =
       CreateCertificateListFromFile(GetTestCertsDirectory(),
                                     "redundant-validated-chain.pem",
                                     X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(3U, certs.size());
 
+  ASSERT_TRUE(certs[0]->Equals(unverified_certs[0].get()));
+
   X509Certificate::OSCertHandles temp_intermediates;
   temp_intermediates.push_back(certs[1]->os_cert_handle());
   temp_intermediates.push_back(certs[2]->os_cert_handle());
 
   CertVerifyResult verify_result;
   verify_result.verified_cert = X509Certificate::CreateFromHandle(
       certs[0]->os_cert_handle(), temp_intermediates);
 
   // Add a rule that maps the server cert (A) to the chain of A->B->C2
   // rather than A->B->C.
@@ skipping 13 matching lines @@
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
   EXPECT_THAT(rv, IsOk());
   EXPECT_TRUE(sock_->IsConnected());
 
   TestNetLogEntry::List entries;
   log_.GetEntries(&entries);
   EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT));
 
   SSLInfo ssl_info;
-  sock_->GetSSLInfo(&ssl_info);
+  ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
 
   // Verify that SSLInfo contains the corrected re-constructed chain A -> B
   // -> C2.
+  ASSERT_TRUE(ssl_info.cert);
   const X509Certificate::OSCertHandles& intermediates =
       ssl_info.cert->GetIntermediateCertificates();
   ASSERT_EQ(2U, intermediates.size());
   EXPECT_TRUE(X509Certificate::IsSameOSCert(ssl_info.cert->os_cert_handle(),
                                             certs[0]->os_cert_handle()));
   EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[0],
                                             certs[1]->os_cert_handle()));
   EXPECT_TRUE(X509Certificate::IsSameOSCert(intermediates[1],
                                             certs[2]->os_cert_handle()));
 
   // Verify that SSLInfo also contains the chain as received from the server.
+  ASSERT_TRUE(ssl_info.unverified_cert);
   const X509Certificate::OSCertHandles& served_intermediates =
       ssl_info.unverified_cert->GetIntermediateCertificates();
   ASSERT_EQ(3U, served_intermediates.size());
   EXPECT_TRUE(X509Certificate::IsSameOSCert(
       ssl_info.cert->os_cert_handle(), unverified_certs[0]->os_cert_handle()));
   EXPECT_TRUE(X509Certificate::IsSameOSCert(
       served_intermediates[0], unverified_certs[1]->os_cert_handle()));
   EXPECT_TRUE(X509Certificate::IsSameOSCert(
       served_intermediates[1], unverified_certs[2]->os_cert_handle()));
   EXPECT_TRUE(X509Certificate::IsSameOSCert(
@@ skipping 1265 matching lines @@
   ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
 
   EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
   EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
   EXPECT_TRUE(ssl_info.cert_status &
               CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
   EXPECT_TRUE(sock_->IsConnected());
 }
 
 }  // namespace net