| Index: net/cert/cert_verify_proc_openssl.cc
|
| diff --git a/net/cert/cert_verify_proc_openssl.cc b/net/cert/cert_verify_proc_openssl.cc
|
| index 13a19d8e16322329c01a24395f2f30ddf7c2520f..03c3cffad0158a4b6d095b2727a4fe2c3d234d7a 100644
|
| --- a/net/cert/cert_verify_proc_openssl.cc
|
| +++ b/net/cert/cert_verify_proc_openssl.cc
|
| @@ -111,6 +111,8 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
|
| if (verified_cert) {
|
| verify_result->verified_cert =
|
| X509Certificate::CreateFromHandle(verified_cert, verified_chain);
|
| + if (!verify_result->verified_cert)
|
| + return false;
|
|
|
| // For OpenSSL builds, only certificates used for unit tests are treated
|
| // as not issued by known roots. The only way to determine whether a
|
| @@ -129,6 +131,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
|
| verify_result->is_issued_by_known_root = false;
|
| }
|
| }
|
| + return true;
|
| }
|
|
|
| void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx,
|
| @@ -212,7 +215,8 @@ int CertVerifyProcOpenSSL::VerifyInternal(
|
| verify_result->cert_status |= cert_status;
|
| }
|
|
|
| - GetCertChainInfo(ctx.get(), verify_result);
|
| + if (!GetCertChainInfo(ctx.get(), verify_result))
|
| + return ERR_CERT_INVALID;
|
| AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes);
|
|
|
| if (IsCertStatusError(verify_result->cert_status))
|
|
|
Chromium Code Reviews
Issue 2760723002:
Check X509Certificate::CreateFromHandle result. (Closed)
