Don't use crypto/x509 in SSLClientSocketImpl.

net/cert/x509_certificate_openssl.cc

Index: net/cert/x509_certificate_openssl.cc
diff --git a/net/cert/x509_certificate_openssl.cc b/net/cert/x509_certificate_openssl.cc
index 730eef0d6acf3f65bdd4c01f46beb8ed826d79e8..c33e2232d9608ca9640fe6cc6cb2b3e13ac84961 100644
--- a/net/cert/x509_certificate_openssl.cc
+++ b/net/cert/x509_certificate_openssl.cc
@@ -15,6 +15,7 @@
 #include "crypto/openssl_util.h"
 #include "net/base/ip_address.h"
 #include "net/base/net_errors.h"
+#include "net/cert/x509_util.h"
 #include "net/cert/x509_util_openssl.h"
 #include "third_party/boringssl/src/include/openssl/asn1.h"
 #include "third_party/boringssl/src/include/openssl/bytestring.h"
@@ -245,12 +246,9 @@ X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
     const char* data,
     size_t length) {
   crypto::EnsureOpenSSLInit();
-  const unsigned char* d2i_data =
-      reinterpret_cast<const unsigned char*>(data);
-  // Don't cache this data for x509_util::GetDER as this wire format
-  // may be not be identical from the i2d_X509 roundtrip.
-  X509* cert = d2i_X509(NULL, &d2i_data, base::checked_cast<long>(length));
-  return cert;
+  bssl::UniquePtr<CRYPTO_BUFFER> buffer = x509_util::CreateCryptoBuffer(
+      reinterpret_cast<const uint8_t*>(data), length);
+  return X509_parse_from_buffer(buffer.get());
 }
 
 // static