net/ssl/client_cert_store_mac.cc - Issue 2746103003: Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/ssl/client_cert_store_mac.cc

Issue 2746103003: Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types. (Closed)

Patch Set: review changes Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/ssl/client_cert_store_mac.cc

diff --git a/net/ssl/client_cert_store_mac.cc b/net/ssl/client_cert_store_mac.cc

index d94ab1856d04c6ee2a6a15cec9c9607642e65570..a3ef5899155d3a1f3fec7da227c3af7845724fd7 100644

--- a/net/ssl/client_cert_store_mac.cc

+++ b/net/ssl/client_cert_store_mac.cc

@@ -91,9 +91,12 @@ bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers,

DCHECK(cert);

DCHECK(cert->get());

- X509Certificate::OSCertHandle cert_handle = (*cert)->os_cert_handle();

+ base::ScopedCFTypeRef<SecCertificateRef> os_cert(

+ x509_util::CreateSecCertificateFromX509Certificate(cert->get()));

+ if (!os_cert)

+ return false;

CFArrayRef cert_chain = NULL;

- OSStatus result = CopyCertChain(cert_handle, &cert_chain);

+ OSStatus result = CopyCertChain(os_cert.get(), &cert_chain);

if (result) {

OSSTATUS_LOG(ERROR, result) << "CopyCertChain error";

return false;

@@ -102,7 +105,7 @@ bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers,

if (!cert_chain)

return false;

- X509Certificate::OSCertHandles intermediates;

+ std::vector<SecCertificateRef> intermediates;

for (CFIndex i = 1, chain_count = CFArrayGetCount(cert_chain);

i < chain_count; ++i) {

SecCertificateRef cert = reinterpret_cast<SecCertificateRef>(

@@ -110,8 +113,9 @@ bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers,

intermediates.push_back(cert);

}

- scoped_refptr<X509Certificate> new_cert(X509Certificate::CreateFromHandle(

- cert_handle, intermediates));

+ scoped_refptr<X509Certificate> new_cert(

+ x509_util::CreateX509CertificateFromSecCertificate(os_cert.get(),

+ intermediates));

CFRelease(cert_chain); // Also frees |intermediates|.

if (!new_cert || !new_cert->IsIssuedByEncoded(valid_issuers))

@@ -193,7 +197,7 @@ void GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert,

selected_certs->clear();

for (size_t i = 0; i < preliminary_list.size(); ++i) {

scoped_refptr<X509Certificate>& cert = preliminary_list[i];

- if (cert->HasExpired() || !SupportsSSLClientAuth(cert->os_cert_handle()))

+ if (cert->HasExpired())

continue;

// Skip duplicates (a cert may be in multiple keychains).

@@ -287,9 +291,12 @@ void ClientCertStoreMac::GetClientCerts(const SSLCertRequestInfo& request,

continue;

ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle);

+ if (!SupportsSSLClientAuth(cert_handle))

+ continue;

scoped_refptr<X509Certificate> cert(

- X509Certificate::CreateFromHandle(cert_handle,

- X509Certificate::OSCertHandles()));

+ x509_util::CreateX509CertificateFromSecCertificate(

+ cert_handle, std::vector<SecCertificateRef>()));

if (!cert)

continue;

« net/cert/x509_util_mac.h ('K') | « net/socket/ssl_client_socket_impl.cc ('k') | net/ssl/ssl_platform_key_mac.cc » ('j') | no next file with comments »