Work around our not caching the intermediate CA

certificates by passing the source of each OSCertHandle to
CreateFromHandle and the X509Certificate constructor.  If
the OSCertHandle comes from the network layer, we know it
has a complete certificate chain and therefore prefer it to
an OSCertHandle that comes from the HTTP cache, which
doesn't have the intermediate CA certificates.  A
certificate from the network layer can kick out a
certificate from the HTTP cache in our certificate cache.
This workaround seems good enough to fix all the known
symptoms of not caching the intermediate CA certificates.

Move the common code in x509_certificate_<os>.cc to
x509_certificate.cc.

R=eroman
BUG=3154,7065
Review URL: http://codereview.chromium.org/18836

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8864 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 2 insertions, 1 deletions

diff --git a/net/base/ssl_client_socket_win.cc b/net/base/ssl_client_socket_win.cc
index beeaba9..1f4c314 100644
--- a/net/base/ssl_client_socket_win.cc
+++ b/net/base/ssl_client_socket_win.cc
@@ -359,7 +359,8 @@ void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) {
   if (status == SEC_E_OK) {
     DCHECK(server_cert_);
     PCCERT_CONTEXT dup_cert = CertDuplicateCertificateContext(server_cert_);
-    ssl_info->cert = X509Certificate::CreateFromHandle(dup_cert);
+    ssl_info->cert = X509Certificate::CreateFromHandle(
+        dup_cert, X509Certificate::SOURCE_FROM_NETWORK);
   }
   SecPkgContext_ConnectionInfo connection_info;
   status = QueryContextAttributes(&ctxt_,