Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(298)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/client_cert_store_nss.cc

Issue 2760723002: Check X509Certificate::CreateFromHandle result. (Closed)
Patch Set: rebase on updated 2755203002 Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/x509_certificate.cc ('K') | « net/ssl/client_cert_store_mac.cc ('k') | net/ssl/client_cert_store_win.cc » ('j') | net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/client_cert_store_nss.h" 5 #include "net/ssl/client_cert_store_nss.h"
6 6
7 #include <nss.h> 7 #include <nss.h>
8 #include <ssl.h> 8 #include <ssl.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after
92 X509Certificate::OSCertHandles intermediates_raw; 92 X509Certificate::OSCertHandles intermediates_raw;
93 for (const auto& intermediate : intermediates) { 93 for (const auto& intermediate : intermediates) {
94 intermediates_raw.push_back(intermediate.get()); 94 intermediates_raw.push_back(intermediate.get());
95 } 95 }
96 96
97 // Retain a copy of the intermediates. Some deployments expect the client to 97 // Retain a copy of the intermediates. Some deployments expect the client to
98 // supply intermediates out of the local store. See 98 // supply intermediates out of the local store. See
99 // https://crbug.com/548631. 99 // https://crbug.com/548631.
100 filtered_certs->push_back( 100 filtered_certs->push_back(
101 X509Certificate::CreateFromHandle(handle, intermediates_raw)); 101 X509Certificate::CreateFromHandle(handle, intermediates_raw));
102 // |handle| was successfully parsed by |cert|, so this should never fail.
103 DCHECK(filtered_certs->back());
102 } 104 }
103 DVLOG(2) << "num_raw:" << num_raw 105 DVLOG(2) << "num_raw:" << num_raw
104 << " num_filtered:" << filtered_certs->size(); 106 << " num_filtered:" << filtered_certs->size();
105 107
106 std::sort(filtered_certs->begin(), filtered_certs->end(), 108 std::sort(filtered_certs->begin(), filtered_certs->end(),
107 x509_util::ClientCertSorter()); 109 x509_util::ClientCertSorter());
108 } 110 }
109 111
110 void ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread( 112 void ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread(
111 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> 113 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
(...skipping 12 matching lines...) Expand all
124 net::CertificateList* certs) { 126 net::CertificateList* certs) {
125 CERTCertList* found_certs = 127 CERTCertList* found_certs =
126 CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient, 128 CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient,
127 PR_FALSE, PR_FALSE, password_delegate.get()); 129 PR_FALSE, PR_FALSE, password_delegate.get());
128 if (!found_certs) { 130 if (!found_certs) {
129 DVLOG(2) << "No client certs found."; 131 DVLOG(2) << "No client certs found.";
130 return; 132 return;
131 } 133 }
132 for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs); 134 for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs);
133 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { 135 !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) {
134 certs->push_back(X509Certificate::CreateFromHandle( 136 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
135 node->cert, X509Certificate::OSCertHandles())); 137 node->cert, X509Certificate::OSCertHandles());
138 if (!cert) {
139 DVLOG(2) << "X509Certificate::CreateFromHandle failed";
140 continue;
141 }
142 certs->push_back(cert);
eroman 2017/03/22 22:17:52 std::move ?
mattm 2017/03/23 22:59:03 Done.
136 } 143 }
137 CERT_DestroyCertList(found_certs); 144 CERT_DestroyCertList(found_certs);
138 } 145 }
139 146
140 } // namespace net 147 } // namespace net
OLDNEW
« net/cert/x509_certificate.cc ('K') | « net/ssl/client_cert_store_mac.cc ('k') | net/ssl/client_cert_store_win.cc » ('j') | net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698