| Index: net/cert/x509_certificate.h
|
| diff --git a/net/cert/x509_certificate.h b/net/cert/x509_certificate.h
|
| index 4fb0b3e4804c273d71b2479f94321c03bccfa440..af5a03a0bfd1a48379714a56fb6ab416766a750b 100644
|
| --- a/net/cert/x509_certificate.h
|
| +++ b/net/cert/x509_certificate.h
|
| @@ -235,45 +235,6 @@ class NET_EXPORT X509Certificate
|
| // |valid_issuers| is a list of DER-encoded X.509 DistinguishedNames.
|
| bool IsIssuedByEncoded(const std::vector<std::string>& valid_issuers);
|
|
|
| -#if defined(OS_WIN)
|
| - // Returns a new PCCERT_CONTEXT containing this certificate and its
|
| - // intermediate certificates, or NULL on failure. The returned
|
| - // PCCERT_CONTEXT *MUST NOT* be stored in an X509Certificate, as this will
|
| - // cause os_cert_handle() to return incorrect results. This function is only
|
| - // necessary if the CERT_CONTEXT.hCertStore member will be accessed or
|
| - // enumerated, which is generally true for any CryptoAPI functions involving
|
| - // certificate chains, including validation or certificate display.
|
| - //
|
| - // Remarks:
|
| - // Depending on the CryptoAPI function, Windows may need to access the
|
| - // HCERTSTORE that the passed-in PCCERT_CONTEXT belongs to, such as to
|
| - // locate additional intermediates. However, all certificate handles are added
|
| - // to a NULL HCERTSTORE, allowing the system to manage the resources. As a
|
| - // result, intermediates for |cert_handle_| cannot be located simply via
|
| - // |cert_handle_->hCertStore|, as it refers to a magic value indicating
|
| - // "only this certificate".
|
| - //
|
| - // To avoid this problems, a new in-memory HCERTSTORE is created containing
|
| - // just this certificate and its intermediates. The handle to the version of
|
| - // the current certificate in the new HCERTSTORE is then returned, with the
|
| - // PCCERT_CONTEXT's HCERTSTORE set to be automatically freed when the returned
|
| - // certificate handle is freed.
|
| - //
|
| - // This function is only needed when the HCERTSTORE of the os_cert_handle()
|
| - // will be accessed, which is generally only during certificate validation
|
| - // or display. While the returned PCCERT_CONTEXT and its HCERTSTORE can
|
| - // safely be used on multiple threads if no further modifications happen, it
|
| - // is generally preferable for each thread that needs such a context to
|
| - // obtain its own, rather than risk thread-safety issues by sharing.
|
| - //
|
| - // Because of how X509Certificate caching is implemented, attempting to
|
| - // create an X509Certificate from the returned PCCERT_CONTEXT may result in
|
| - // the original handle (and thus the originall HCERTSTORE) being returned by
|
| - // os_cert_handle(). For this reason, the returned PCCERT_CONTEXT *MUST NOT*
|
| - // be stored in an X509Certificate.
|
| - PCCERT_CONTEXT CreateOSCertChainForCert() const;
|
| -#endif
|
| -
|
| #if defined(USE_OPENSSL_CERTS)
|
| // Returns a handle to a global, in-memory certificate store. We
|
| // use it for test code, e.g. importing the test server's certificate.
|
|
|
Chromium Code Reviews
Issue 2913253003:
Convert Windows to use X509CertificateBytes. (Closed)
