| Index: net/cert/x509_certificate_openssl.cc
|
| diff --git a/net/cert/x509_certificate_openssl.cc b/net/cert/x509_certificate_openssl.cc
|
| index dfbdfa1914c7f3065ab8a1a53d7e7858d7ec12aa..1dd46e0c7452320d2d6ec771399aba7f51bf693f 100644
|
| --- a/net/cert/x509_certificate_openssl.cc
|
| +++ b/net/cert/x509_certificate_openssl.cc
|
| @@ -68,11 +68,11 @@ void ParsePrincipalValues(X509_NAME* name,
|
| }
|
| }
|
|
|
| -void ParsePrincipal(X509Certificate::OSCertHandle cert,
|
| +bool ParsePrincipal(X509Certificate::OSCertHandle cert,
|
| X509_NAME* x509_name,
|
| CertPrincipal* principal) {
|
| if (!x509_name)
|
| - return;
|
| + return false;
|
|
|
| ParsePrincipalValues(x509_name, NID_streetAddress,
|
| &principal->street_addresses);
|
| @@ -91,6 +91,7 @@ void ParsePrincipal(X509Certificate::OSCertHandle cert,
|
| &principal->state_or_province_name);
|
| x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName,
|
| &principal->country_name);
|
| + return true;
|
| }
|
|
|
| bool ParseSubjectAltName(X509Certificate::OSCertHandle cert,
|
| @@ -186,28 +187,31 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
|
| X509_free(cert_handle);
|
| }
|
|
|
| -void X509Certificate::Initialize() {
|
| +bool X509Certificate::Initialize() {
|
| crypto::EnsureOpenSSLInit();
|
|
|
| ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_);
|
| - if (serial_num) {
|
| - // ASN1_INTEGERS represent the decoded number, in a format internal to
|
| - // OpenSSL. Most notably, this may have leading zeroes stripped off for
|
| - // numbers whose first byte is >= 0x80. Thus, it is necessary to
|
| - // re-encoded the integer back into DER, which is what the interface
|
| - // of X509Certificate exposes, to ensure callers get the proper (DER)
|
| - // value.
|
| - int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL);
|
| - unsigned char* buffer = reinterpret_cast<unsigned char*>(
|
| - base::WriteInto(&serial_number_, bytes_required + 1));
|
| - int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
|
| - DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
|
| - }
|
| -
|
| - ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_);
|
| - ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_);
|
| - x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_);
|
| - x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_);
|
| + if (!serial_num)
|
| + return false;
|
| + // ASN1_INTEGERS represent the decoded number, in a format internal to
|
| + // OpenSSL. Most notably, this may have leading zeroes stripped off for
|
| + // numbers whose first byte is >= 0x80. Thus, it is necessary to
|
| + // re-encoded the integer back into DER, which is what the interface
|
| + // of X509Certificate exposes, to ensure callers get the proper (DER)
|
| + // value.
|
| + int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL);
|
| + unsigned char* buffer = reinterpret_cast<unsigned char*>(
|
| + base::WriteInto(&serial_number_, bytes_required + 1));
|
| + int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
|
| + DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
|
| +
|
| + return (
|
| + ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_),
|
| + &subject_) &&
|
| + ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_),
|
| + &issuer_) &&
|
| + x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_) &&
|
| + x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_));
|
| }
|
|
|
| // static
|
|
|
Chromium Code Reviews
Issue 2758803003:
Make X509Certificate creation fail if X509Certificate::Initialize fails. (Closed)
