[Mac] Add locking as speculative fix for X509Certificate crashes.

BUG=30001
TEST=none

Review URL: http://codereview.chromium.org/1769010

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45728 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 12 insertions, 0 deletions

diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index 32c16f1..6bccdf3 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -293,6 +293,12 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
   OSCertHandles intermediate_ca_certs_;
 #endif
 
+#if defined(OS_MACOSX)
+  // Blocks multiple threads from verifying the cert simultaneously.
+  // (Marked mutable because it's used in a const method.)
+  mutable Lock verification_lock_;
+#endif
+
   // Where the certificate comes from.
   Source source_;
 
diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc
index a4c37ba..25e2104 100644
--- a/net/base/x509_certificate_mac.cc
+++ b/net/base/x509_certificate_mac.cc
@@ -447,6 +447,12 @@ int X509Certificate::Verify(const std::string& hostname, int flags,
   for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i)
     CFArrayAppendValue(cert_array, intermediate_ca_certs_[i]);
 
+  // From here on, only one thread can be active at a time. We have had a number
+  // of sporadic crashes in the SecTrustEvaluate call below, way down inside
+  // Apple's cert code, which we suspect are caused by a thread-safety issue.
+  // So as a speculative fix allow only one thread to use SecTrust on this cert.
+  AutoLock lock(verification_lock_);
+
   SecTrustRef trust_ref = NULL;
   status = SecTrustCreateWithCertificates(cert_array, ssl_policy, &trust_ref);
   if (status)