Stop caching DER-encoded certificates unnecessarily

net/http/http_stream_factory_impl_job.cc

Index: net/http/http_stream_factory_impl_job.cc
diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc
index 86e3cee52a7437b139e347667b4108d47aee1c8c..38ef78a01683e5d4c1409d9d0cdfe14e7cc7b31a 100644
--- a/net/http/http_stream_factory_impl_job.cc
+++ b/net/http/http_stream_factory_impl_job.cc
@@ -1470,22 +1470,20 @@ int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) {
       static_cast<SSLClientSocket*>(connection_->socket());
   ssl_socket->GetSSLInfo(&ssl_info_);
 
+  if (!ssl_info_.cert) {
+    // If the server's certificate could not be parsed, there is no way
+    // to gracefully recover this, so just pass the error up.
+    return error;
+  }
+
   // Add the bad certificate to the set of allowed certificates in the
   // SSL config object. This data structure will be consulted after calling
   // RestartIgnoringLastError(). And the user will be asked interactively
   // before RestartIgnoringLastError() is ever called.
   SSLConfig::CertAndStatus bad_cert;
-
-  // |ssl_info_.cert| may be NULL if we failed to create
-  // X509Certificate for whatever reason, but normally it shouldn't
-  // happen, unless this code is used inside sandbox.
-  if (ssl_info_.cert.get() == NULL ||
-      !X509Certificate::GetDEREncoded(ssl_info_.cert->os_cert_handle(),
-                                      &bad_cert.der_cert)) {
-    return error;
-  }
+  bad_cert.cert = ssl_info_.cert;
   bad_cert.cert_status = ssl_info_.cert_status;
-  server_ssl_config_.allowed_bad_certs.push_back(bad_cert);
+  server_ssl_config_.allowed_bad_certs.emplace_back(bad_cert);

[davidben, 2016/08/31 19:20:49]

Same comment as Sergey about why emplace_back vs push_back. I think the
emplace_back version would be emplace_back(ssl_info_.cert,
ssl_info.cert_status), but CertAndStatus has no such constructor.

 
   int load_flags = request_info_.load_flags;
   if (session_->params().ignore_certificate_errors)