Index: net/cert/x509_certificate.h |
diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h |
index 4fb0b3e4804c273d71b2479f94321c03bccfa440..af5a03a0bfd1a48379714a56fb6ab416766a750b 100644 |
--- a/net/cert/x509_certificate.h |
+++ b/net/cert/x509_certificate.h |
@@ -235,45 +235,6 @@ class NET_EXPORT X509Certificate |
// |valid_issuers| is a list of DER-encoded X.509 DistinguishedNames. |
bool IsIssuedByEncoded(const std::vector<std::string>& valid_issuers); |
-#if defined(OS_WIN) |
- // Returns a new PCCERT_CONTEXT containing this certificate and its |
- // intermediate certificates, or NULL on failure. The returned |
- // PCCERT_CONTEXT *MUST NOT* be stored in an X509Certificate, as this will |
- // cause os_cert_handle() to return incorrect results. This function is only |
- // necessary if the CERT_CONTEXT.hCertStore member will be accessed or |
- // enumerated, which is generally true for any CryptoAPI functions involving |
- // certificate chains, including validation or certificate display. |
- // |
- // Remarks: |
- // Depending on the CryptoAPI function, Windows may need to access the |
- // HCERTSTORE that the passed-in PCCERT_CONTEXT belongs to, such as to |
- // locate additional intermediates. However, all certificate handles are added |
- // to a NULL HCERTSTORE, allowing the system to manage the resources. As a |
- // result, intermediates for |cert_handle_| cannot be located simply via |
- // |cert_handle_->hCertStore|, as it refers to a magic value indicating |
- // "only this certificate". |
- // |
- // To avoid this problems, a new in-memory HCERTSTORE is created containing |
- // just this certificate and its intermediates. The handle to the version of |
- // the current certificate in the new HCERTSTORE is then returned, with the |
- // PCCERT_CONTEXT's HCERTSTORE set to be automatically freed when the returned |
- // certificate handle is freed. |
- // |
- // This function is only needed when the HCERTSTORE of the os_cert_handle() |
- // will be accessed, which is generally only during certificate validation |
- // or display. While the returned PCCERT_CONTEXT and its HCERTSTORE can |
- // safely be used on multiple threads if no further modifications happen, it |
- // is generally preferable for each thread that needs such a context to |
- // obtain its own, rather than risk thread-safety issues by sharing. |
- // |
- // Because of how X509Certificate caching is implemented, attempting to |
- // create an X509Certificate from the returned PCCERT_CONTEXT may result in |
- // the original handle (and thus the originall HCERTSTORE) being returned by |
- // os_cert_handle(). For this reason, the returned PCCERT_CONTEXT *MUST NOT* |
- // be stored in an X509Certificate. |
- PCCERT_CONTEXT CreateOSCertChainForCert() const; |
-#endif |
- |
#if defined(USE_OPENSSL_CERTS) |
// Returns a handle to a global, in-memory certificate store. We |
// use it for test code, e.g. importing the test server's certificate. |