Change SSL_PeerCertificateChain to return a CERTCertList.

net/third_party/nss/ssl/sslauth.c

Index: net/third_party/nss/ssl/sslauth.c
===================================================================
--- net/third_party/nss/ssl/sslauth.c	(revision 225295)
+++ net/third_party/nss/ssl/sslauth.c	(working copy)
@@ -28,38 +28,42 @@
 }
 
 /* NEED LOCKS IN HERE.  */
-SECStatus
-SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
-			 unsigned int *numCerts, unsigned int maxNumCerts)
+CERTCertList *
+SSL_PeerCertificateChain(PRFileDesc *fd)
 {
     sslSocket *ss;
+    CERTCertList *chain = NULL;
     ssl3CertNode* cur;
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
 	SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
 		 SSL_GETPID(), fd));
-	return SECFailure;
+	return NULL;
     }
-    if (!ss->opt.useSecurity)
-	return SECFailure;
-
-    if (ss->sec.peerCert == NULL) {
-      *numCerts = 0;
-      return SECSuccess;
+    if (!ss->opt.useSecurity || !ss->sec.peerCert) {
+	PORT_SetError(SSL_ERROR_NO_CERTIFICATE);

[wtc, 2013/09/27 23:49:41]

SSL_ERROR_NO_CERTIFICATE seems to be intended for the SSLv3 no_certificate alert
error. I am overloading this error code.

+	return chain;
     }
-
-    *numCerts = 1;  /* for the leaf certificate */
-    if (maxNumCerts > 0)
-	certs[0] = CERT_DupCertificate(ss->sec.peerCert);
-
+    chain = CERT_NewCertList();
+    if (!chain) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return NULL;
+    }
+    if (CERT_AddCertToListTail(chain, ss->sec.peerCert) != SECSuccess) {
+	goto loser;
+    }
     for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
-	if (*numCerts < maxNumCerts)
-	    certs[*numCerts] = CERT_DupCertificate(cur->cert);
-	(*numCerts)++;
+	if (CERT_AddCertToListTail(chain, cur->cert) != SECSuccess) {
+	    goto loser;
+	}
     }
+    return chain;
 
-    return SECSuccess;
+loser:
+    CERT_DestroyCertList(chain);
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+    return NULL;
 }
 
 /* NEED LOCKS IN HERE.  */