Index: net/cert/cert_verify_proc_openssl.cc |
diff --git a/net/cert/cert_verify_proc_openssl.cc b/net/cert/cert_verify_proc_openssl.cc |
index 13a19d8e16322329c01a24395f2f30ddf7c2520f..03c3cffad0158a4b6d095b2727a4fe2c3d234d7a 100644 |
--- a/net/cert/cert_verify_proc_openssl.cc |
+++ b/net/cert/cert_verify_proc_openssl.cc |
@@ -111,6 +111,8 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx, |
if (verified_cert) { |
verify_result->verified_cert = |
X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
+ if (!verify_result->verified_cert) |
+ return false; |
// For OpenSSL builds, only certificates used for unit tests are treated |
// as not issued by known roots. The only way to determine whether a |
@@ -129,6 +131,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx, |
verify_result->is_issued_by_known_root = false; |
} |
} |
+ return true; |
} |
void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, |
@@ -212,7 +215,8 @@ int CertVerifyProcOpenSSL::VerifyInternal( |
verify_result->cert_status |= cert_status; |
} |
- GetCertChainInfo(ctx.get(), verify_result); |
+ if (!GetCertChainInfo(ctx.get(), verify_result)) |
+ return ERR_CERT_INVALID; |
AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); |
if (IsCertStatusError(verify_result->cert_status)) |