Do not hash the certificate twice.

Change X509Certificate::chain_fingerprint_ to
X509Certificate::ca_fingerprint_ to exclude the certificate
from this fingerprint.  This fingerprint covers the intermediate
CA certificates only.

This requires identifying an X509Certificate object by two
fingerprints: cert->fingerprint() and cert->ca_fingerprint().

R=agl@chromium.org,rsleevi@chromium.org
BUG=101555
TEST=unit tests updated

Review URL: http://codereview.chromium.org/8449004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108756 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 2 deletions

diff --git a/net/base/cert_verifier.cc b/net/base/cert_verifier.cc
index 2c703eb..4c4fa69 100644
--- a/net/base/cert_verifier.cc
+++ b/net/base/cert_verifier.cc
@@ -372,7 +372,8 @@ int CertVerifier::Verify(X509Certificate* cert,
 
   requests_++;
 
-  const RequestParams key = {cert->chain_fingerprint(), hostname, flags};
+  const RequestParams key(cert->fingerprint(), cert->ca_fingerprint(),
+                          hostname, flags);
   // First check the cache.
   std::map<RequestParams, CachedCertVerifyResult>::iterator i;
   i = cache_.find(key);
@@ -457,7 +458,8 @@ void CertVerifier::HandleResult(X509Certificate* cert,
   uint32 ttl = kTTLSecs;
   cached_result.expiry = current_time + base::TimeDelta::FromSeconds(ttl);
 
-  const RequestParams key = {cert->chain_fingerprint(), hostname, flags};
+  const RequestParams key(cert->fingerprint(), cert->ca_fingerprint(),
+                          hostname, flags);
 
   DCHECK_GE(max_cache_entries_, 1u);
   DCHECK_LE(cache_.size(), max_cache_entries_);