Index: net/base/x509_certificate_openssl.cc |
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc |
index d3cad616c57b2ce1aca67b8d41d3491f9ca71fa8..5416a76563de3eb5567a757ceafc5dc8069f2776 100644 |
--- a/net/base/x509_certificate_openssl.cc |
+++ b/net/base/x509_certificate_openssl.cc |
@@ -462,8 +462,16 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
return MapCertStatusToNetError(verify_result->cert_status); |
STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx.get()); |
+ X509* verified_cert = NULL; |
+ std::vector<X509*> verified_chain; |
for (int i = 0; i < sk_X509_num(chain); ++i) { |
X509* cert = sk_X509_value(chain, i); |
+ if (i == 0) { |
+ verified_cert = cert; |
+ } else { |
+ verified_chain.push_back(verified_cert); |
+ } |
+ |
DERCache der_cache; |
if (!GetDERAndCacheIfNeeded(cert, &der_cache)) |
continue; |
@@ -480,6 +488,11 @@ int X509Certificate::VerifyInternal(const std::string& hostname, |
verify_result->public_key_hashes.push_back(hash); |
} |
+ if (verified_cert) { |
+ verify_result->verified_cert = CreateFromHandle(verified_cert, |
+ verified_chain); |
+ } |
+ |
// Currently we only ues OpenSSL's default root CA paths, so treat all |
// correctly verified certs as being from a known root. TODO(joth): if the |
// motivations described in http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 |