diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-30 08:47:47 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-30 08:47:47 +0000 |
| commit | eb8414e82812f8847a9eb7ab90fd191632ad3e8a (patch) | |
| tree | 26970431a27bead05c2bbc82ece3a50f78224c74 /net/base/x509_certificate_nss.cc | |
| parent | f4f8ed0a5e96e5020b302d66b6866e9ae97b478b (diff) | |
| download | chromium_src-eb8414e82812f8847a9eb7ab90fd191632ad3e8a.zip chromium_src-eb8414e82812f8847a9eb7ab90fd191632ad3e8a.tar.gz chromium_src-eb8414e82812f8847a9eb7ab90fd191632ad3e8a.tar.bz2 | |
Return the constructed certificate chain in X509Certificate::Verify()
BUG=65540
TEST=net_unittests --gtest_filter=X509CertificateTest.VerifyReturn*
Review URL: http://codereview.chromium.org/6874039
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94832 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate_nss.cc')
| -rw-r--r-- | net/base/x509_certificate_nss.cc | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index 0162663..7224020 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -168,19 +168,27 @@ int MapCertErrorToCertStatus(int err) { // Saves some information about the certificate chain cert_list in // *verify_result. The caller MUST initialize *verify_result before calling // this function. -// Note that cert_list[0] is the end entity certificate and cert_list doesn't -// contain the root CA certificate. +// Note that cert_list[0] is the end entity certificate. void GetCertChainInfo(CERTCertList* cert_list, + CERTCertificate* root_cert, CertVerifyResult* verify_result) { // NOTE: Using a NSS library before 3.12.3.1 will crash below. To see the // NSS version currently in use: // 1. use ldd on the chrome executable for NSS's location (ie. libnss3.so*) // 2. use ident libnss3.so* for the library's version DCHECK(cert_list); + + CERTCertificate* verified_cert = NULL; + std::vector<CERTCertificate*> verified_chain; int i = 0; for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); - node = CERT_LIST_NEXT(node), i++) { + node = CERT_LIST_NEXT(node), ++i) { + if (i == 0) { + verified_cert = node->cert; + } else { + verified_chain.push_back(node->cert); + } SECAlgorithmID& signature = node->cert->signature; SECOidTag oid_tag = SECOID_FindOIDTag(&signature.algorithm); switch (oid_tag) { @@ -201,6 +209,11 @@ void GetCertChainInfo(CERTCertList* cert_list, break; } } + + if (root_cert) + verified_chain.push_back(root_cert); + verify_result->verified_cert = + X509Certificate::CreateFromHandle(verified_cert, verified_chain); } // IsKnownRoot returns true if the given certificate is one that we believe @@ -811,6 +824,7 @@ int X509Certificate::VerifyInternal(const std::string& hostname, } GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain, + cvout[cvout_trust_anchor_index].value.pointer.cert, verify_result); if (IsCertStatusError(verify_result->cert_status)) return MapCertStatusToNetError(verify_result->cert_status); |