Add X509Certificate::Verify stubs for Mac and Linux.

They do nothing but return ERR_NOT_IMPLEMENTED. In SSLClientSocketWin, call X509Certificate::CreateFromHandle only once and store the result in the server_cert_ member. Add the CertVerifyResult::Reset method to clear all members. R=eroman BUG=3592 Review URL: http://codereview.chromium.org/21071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9272 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-02-05 23:02:10 +0000
committer: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-02-05 23:02:10 +0000
commit: 0dfee7c217bcefb0cf322a6f87b8a9f866637e2f (patch)
tree: 85361c81826419d97f224bd17ef58dbbda612e6f /net/base/ssl_client_socket_win.cc
parent: 4a4d43b3b71d7dbadd2c9b2f1ef413666c43c006 (diff)
download: chromium_src-0dfee7c217bcefb0cf322a6f87b8a9f866637e2f.zip
chromium_src-0dfee7c217bcefb0cf322a6f87b8a9f866637e2f.tar.gz
chromium_src-0dfee7c217bcefb0cf322a6f87b8a9f866637e2f.tar.bz2
1 files changed, 14 insertions, 27 deletions
diff --git a/net/base/ssl_client_socket_win.cc b/net/base/ssl_client_socket_win.cc
index dc3ccf3..5f73746 100644
--- a/net/base/ssl_client_socket_win.cc
+++ b/net/base/ssl_client_socket_win.cc
@@ -215,7 +215,6 @@ SSLClientSocketWin::SSLClientSocketWin(ClientSocket* transport_socket,
       user_buf_(NULL),
       user_buf_len_(0),
       next_state_(STATE_NONE),
-      server_cert_(NULL),
       creds_(NULL),
       payload_send_buffer_len_(0),
       bytes_sent_(0),
@@ -237,29 +236,20 @@ SSLClientSocketWin::~SSLClientSocketWin() {
 }
 
 void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) {
-  SECURITY_STATUS status = SEC_E_OK;
-  if (server_cert_ == NULL) {
-    status = QueryContextAttributes(&ctxt_,
-                                    SECPKG_ATTR_REMOTE_CERT_CONTEXT,
-                                    &server_cert_);
-  }
-  if (status == SEC_E_OK) {
-    DCHECK(server_cert_);
-    PCCERT_CONTEXT dup_cert = CertDuplicateCertificateContext(server_cert_);
-    ssl_info->cert = X509Certificate::CreateFromHandle(
-        dup_cert, X509Certificate::SOURCE_FROM_NETWORK);
-  }
+  if (!server_cert_)
+    return;
+
+  ssl_info->cert = server_cert_;
+  ssl_info->cert_status = server_cert_verify_result_.cert_status;
   SecPkgContext_ConnectionInfo connection_info;
-  status = QueryContextAttributes(&ctxt_,
-                                  SECPKG_ATTR_CONNECTION_INFO,
-                                  &connection_info);
+  SECURITY_STATUS status = QueryContextAttributes(
+      &ctxt_, SECPKG_ATTR_CONNECTION_INFO, &connection_info);
   if (status == SEC_E_OK) {
     // TODO(wtc): compute the overall security strength, taking into account
     // dwExchStrength and dwHashStrength.  dwExchStrength needs to be
     // normalized.
     ssl_info->security_bits = connection_info.dwCipherStrength;
   }
-  ssl_info->cert_status = server_cert_verify_result_.cert_status;
 }
 
 int SSLClientSocketWin::Connect(CompletionCallback* callback) {
@@ -306,10 +296,8 @@ void SSLClientSocketWin::Disconnect() {
     DeleteSecurityContext(&ctxt_);
     memset(&ctxt_, 0, sizeof(ctxt_));
   }
-  if (server_cert_) {
-    CertFreeCertificateContext(server_cert_);
+  if (server_cert_)
     server_cert_ = NULL;
-  }
 
   // TODO(wtc): reset more members?
   bytes_decrypted_ = 0;
@@ -697,12 +685,8 @@ int SSLClientSocketWin::DoVerifyCert() {
   next_state_ = STATE_VERIFY_CERT_COMPLETE;
 
   DCHECK(server_cert_);
-
-  PCCERT_CONTEXT dup_cert = CertDuplicateCertificateContext(server_cert_);
-  scoped_refptr<X509Certificate> cert =
-      X509Certificate::CreateFromHandle(dup_cert,
-                                        X509Certificate::SOURCE_FROM_NETWORK);
-  return verifier_.Verify(cert, hostname_, ssl_config_.rev_checking_enabled,
+  return verifier_.Verify(server_cert_, hostname_,
+                          ssl_config_.rev_checking_enabled,
                           &server_cert_verify_result_, &io_callback_);
 }
 
@@ -924,12 +908,15 @@ int SSLClientSocketWin::DidCompleteHandshake() {
     return MapSecurityError(status);
   }
   DCHECK(!server_cert_);
+  PCCERT_CONTEXT server_cert_handle = NULL;
   status = QueryContextAttributes(
-      &ctxt_, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &server_cert_);
+      &ctxt_, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &server_cert_handle);
   if (status != SEC_E_OK) {
     DLOG(ERROR) << "QueryContextAttributes failed: " << status;
     return MapSecurityError(status);
   }
+  server_cert_ = X509Certificate::CreateFromHandle(
+      server_cert_handle, X509Certificate::SOURCE_FROM_NETWORK);
 
   completed_handshake_ = true;
   next_state_ = STATE_VERIFY_CERT;
author	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-02-05 23:02:10 +0000
committer	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-02-05 23:02:10 +0000
commit	0dfee7c217bcefb0cf322a6f87b8a9f866637e2f (patch)
tree	85361c81826419d97f224bd17ef58dbbda612e6f /net/base/ssl_client_socket_win.cc
parent	4a4d43b3b71d7dbadd2c9b2f1ef413666c43c006 (diff)
download	chromium_src-0dfee7c217bcefb0cf322a6f87b8a9f866637e2f.zip chromium_src-0dfee7c217bcefb0cf322a6f87b8a9f866637e2f.tar.gz chromium_src-0dfee7c217bcefb0cf322a6f87b8a9f866637e2f.tar.bz2