| Index: net/cert/x509_certificate_ios.cc
|
| diff --git a/net/cert/x509_certificate_ios.cc b/net/cert/x509_certificate_ios.cc
|
| index fd1b351e7cf7d9657ece31865c00fd17d9119da4..0c3f162b2053048a044db9b1a5766379f5e245f1 100644
|
| --- a/net/cert/x509_certificate_ios.cc
|
| +++ b/net/cert/x509_certificate_ios.cc
|
| @@ -75,11 +75,11 @@ void ParsePrincipalValues(X509_NAME* name,
|
| }
|
| }
|
|
|
| -void ParsePrincipal(X509Certificate::OSCertHandle os_cert,
|
| +bool ParsePrincipal(X509Certificate::OSCertHandle os_cert,
|
| X509_NAME* x509_name,
|
| CertPrincipal* principal) {
|
| if (!x509_name)
|
| - return;
|
| + return false;
|
|
|
| ParsePrincipalValues(x509_name, NID_streetAddress,
|
| &principal->street_addresses);
|
| @@ -98,6 +98,7 @@ void ParsePrincipal(X509Certificate::OSCertHandle os_cert,
|
| &principal->state_or_province_name);
|
| x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName,
|
| &principal->country_name);
|
| + return true;
|
| }
|
|
|
| bool ParseSubjectAltName(X509Certificate::OSCertHandle os_cert,
|
| @@ -165,31 +166,34 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
|
| CFRelease(cert_handle);
|
| }
|
|
|
| -void X509Certificate::Initialize() {
|
| +bool X509Certificate::Initialize() {
|
| crypto::EnsureOpenSSLInit();
|
| bssl::UniquePtr<X509> x509_cert = OSCertHandleToOpenSSL(cert_handle_);
|
| if (!x509_cert)
|
| - return;
|
| + return false;
|
| ASN1_INTEGER* serial_num = X509_get_serialNumber(x509_cert.get());
|
| - if (serial_num) {
|
| - // ASN1_INTEGERS represent the decoded number, in a format internal to
|
| - // OpenSSL. Most notably, this may have leading zeroes stripped off for
|
| - // numbers whose first byte is >= 0x80. Thus, it is necessary to
|
| - // re-encoded the integer back into DER, which is what the interface
|
| - // of X509Certificate exposes, to ensure callers get the proper (DER)
|
| - // value.
|
| - int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr);
|
| - unsigned char* buffer = reinterpret_cast<unsigned char*>(
|
| - base::WriteInto(&serial_number_, bytes_required + 1));
|
| - int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
|
| - DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
|
| - }
|
| -
|
| - ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()),
|
| - &subject_);
|
| - ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), &issuer_);
|
| - x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), &valid_start_);
|
| - x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_);
|
| + if (!serial_num)
|
| + return false;
|
| + // ASN1_INTEGERS represent the decoded number, in a format internal to
|
| + // OpenSSL. Most notably, this may have leading zeroes stripped off for
|
| + // numbers whose first byte is >= 0x80. Thus, it is necessary to
|
| + // re-encoded the integer back into DER, which is what the interface
|
| + // of X509Certificate exposes, to ensure callers get the proper (DER)
|
| + // value.
|
| + int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr);
|
| + unsigned char* buffer = reinterpret_cast<unsigned char*>(
|
| + base::WriteInto(&serial_number_, bytes_required + 1));
|
| + int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
|
| + DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
|
| +
|
| + return (
|
| + ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()),
|
| + &subject_) &&
|
| + ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()),
|
| + &issuer_) &&
|
| + x509_util::ParseDate(X509_get_notBefore(x509_cert.get()),
|
| + &valid_start_) &&
|
| + x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_));
|
| }
|
|
|
| // static
|
|
|
Chromium Code Reviews
Issue 2758803003:
Make X509Certificate creation fail if X509Certificate::Initialize fails. (Closed)
