Use BoringSSL scopers in //net.

net/cert/cert_verify_proc_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/cert_verify_proc_openssl.h"
 
 #include <openssl/x509v3.h>
 
 #include <string>
 #include <vector>
 
 #include "base/logging.h"
 #include "base/sha1.h"
 #include "crypto/openssl_util.h"
-#include "crypto/scoped_openssl_types.h"
 #include "crypto/sha2.h"
 #include "net/base/net_errors.h"
 #include "net/cert/asn1_util.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/test_root_certs.h"
 #include "net/cert/x509_certificate.h"
 
 namespace net {
@@ skipping 57 matching lines @@
     case X509_V_ERR_NO_EXPLICIT_POLICY:
     case X509_V_ERR_UNNESTED_RESOURCE:
     case X509_V_ERR_APPLICATION_VERIFICATION:
       return CERT_STATUS_INVALID;
     default:
       NOTREACHED() << "Invalid X509 err " << err;
       return CERT_STATUS_INVALID;
   }
 }
 
-// sk_X509_free is a function-style macro, so can't be used as a template
-// param directly.
-void sk_X509_free_fn(STACK_OF(X509)* st) {
-  sk_X509_free(st);
-}
+struct ShallowX509Stack {

[eroman, 2016/10/10 22:45:54]

Can you add "Deleter" in the name?

[davidben, 2016/10/10 23:24:40]

Done.

PS: I'm pretty sure nothing builds this file. :-)

+  void operator()(STACK_OF(X509) * st) const { sk_X509_free(st); }
+};
 
 void GetCertChainInfo(X509_STORE_CTX* store_ctx,
                       CertVerifyResult* verify_result) {
   STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);
   X509* verified_cert = NULL;
   std::vector<X509*> verified_chain;
   for (size_t i = 0; i < sk_X509_num(chain); ++i) {
     X509* cert = sk_X509_value(chain, i);
     if (i == 0) {
       verified_cert = cert;
@@ skipping 96 matching lines @@
     CRLSet* crl_set,
     const CertificateList& additional_trust_anchors,
     CertVerifyResult* verify_result) {
   crypto::EnsureOpenSSLInit();
 
   if (!cert->VerifyNameMatch(hostname,
                              &verify_result->common_name_fallback_used)) {
     verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
   }
 
-  crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx(
-      X509_STORE_CTX_new());
+  bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
 
-  crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates(
+  std::unique_ptr<STACK_OF(X509), ShallowX509Stack> intermediates(
       sk_X509_new_null());
   if (!intermediates.get())
     return ERR_OUT_OF_MEMORY;
 
   const X509Certificate::OSCertHandles& os_intermediates =
       cert->GetIntermediateCertificates();
   for (X509Certificate::OSCertHandles::const_iterator it =
        os_intermediates.begin(); it != os_intermediates.end(); ++it) {
     if (!sk_X509_push(intermediates.get(), *it))
       return ERR_OUT_OF_MEMORY;
@@ skipping 17 matching lines @@
 
   GetCertChainInfo(ctx.get(), verify_result);
   AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes);
   if (IsCertStatusError(verify_result->cert_status))
     return MapCertStatusToNetError(verify_result->cert_status);
 
   return OK;
 }
 
 }  // namespace net