Don't use X509Certificate in SSLConfig.

X509Certificate class depends in OS-dependant APIs and hense cannot
be created inside of sandbox. This change allows specifying
allow_bed_certs when running inside of sandbox.

BUG=80587
TEST=Unittests

Review URL: http://codereview.chromium.org/7401003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93153 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 1 deletions

diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc
index 417857b..dcbf114 100644
--- a/net/http/http_stream_factory_impl_job.cc
+++ b/net/http/http_stream_factory_impl_job.cc
@@ -1013,7 +1013,13 @@ int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) {
   // RestartIgnoringLastError(). And the user will be asked interactively
   // before RestartIgnoringLastError() is ever called.
   SSLConfig::CertAndStatus bad_cert;
-  bad_cert.cert = ssl_info_.cert;
+
+  // |ssl_info_.cert| may be NULL if we failed to create
+  // X509Certificate for whatever reason, but normally it shouldn't
+  // happen, unless this code is used inside sandbox.
+  if (ssl_info_.cert == NULL ||
+      !ssl_info_.cert->GetDEREncoded(&bad_cert.der_cert))
+    return error;
   bad_cert.cert_status = ssl_info_.cert_status;
   ssl_config_.allowed_bad_certs.push_back(bad_cert);