Index: net/cert/cert_verify_proc_nss.cc |
diff --git a/net/cert/cert_verify_proc_nss.cc b/net/cert/cert_verify_proc_nss.cc |
index 27558f79d36a4a73e1010cf975d53357b083e47f..69da45fcaa7e1903f83bdb0a18b92238e1c1f8c0 100644 |
--- a/net/cert/cert_verify_proc_nss.cc |
+++ b/net/cert/cert_verify_proc_nss.cc |
@@ -152,7 +152,7 @@ CertStatus MapCertErrorToCertStatus(int err) { |
// *verify_result. The caller MUST initialize *verify_result before calling |
// this function. |
// Note that cert_list[0] is the end entity certificate. |
-void GetCertChainInfo(CERTCertList* cert_list, |
+bool GetCertChainInfo(CERTCertList* cert_list, |
CERTCertificate* root_cert, |
CertVerifyResult* verify_result) { |
DCHECK(cert_list); |
@@ -197,6 +197,7 @@ void GetCertChainInfo(CERTCertList* cert_list, |
verified_chain.push_back(root_cert); |
verify_result->verified_cert = |
X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
+ return !!verify_result->verified_cert; |
} |
// IsKnownRoot returns true if the given certificate is one that we believe |
@@ -879,9 +880,10 @@ int CertVerifyProcNSS::VerifyInternalImpl( |
trust_anchors.get(), |
cvout[cvout_trust_anchor_index].value.pointer.cert); |
- GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain, |
- cvout[cvout_trust_anchor_index].value.pointer.cert, |
- verify_result); |
+ if (!GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain, |
+ cvout[cvout_trust_anchor_index].value.pointer.cert, |
+ verify_result)) |
+ return ERR_CERT_INVALID; |
} |
CRLSetResult crl_set_result = kCRLSetUnknown; |