Work around our not caching the intermediate CA

certificates by passing the source of each OSCertHandle to
CreateFromHandle and the X509Certificate constructor.  If
the OSCertHandle comes from the network layer, we know it
has a complete certificate chain and therefore prefer it to
an OSCertHandle that comes from the HTTP cache, which
doesn't have the intermediate CA certificates.  A
certificate from the network layer can kick out a
certificate from the HTTP cache in our certificate cache.
This workaround seems good enough to fix all the known
symptoms of not caching the intermediate CA certificates.

Move the common code in x509_certificate_<os>.cc to
x509_certificate.cc.

R=eroman
BUG=3154,7065
Review URL: http://codereview.chromium.org/18836

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8864 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 2 insertions, 0 deletions

diff --git a/net/http/http_cache.cc b/net/http/http_cache.cc
index fe0a130..accd7da 100644
--- a/net/http/http_cache.cc
+++ b/net/http/http_cache.cc
@@ -855,6 +855,8 @@ void HttpCache::Transaction::OnNetworkInfoAvailable(int result) {
       if (mode_ == READ_WRITE) {
         if (new_response->headers->response_code() == 304) {
           // Update cached response based on headers in new_response
+          // TODO(wtc): should we update cached certificate
+          // (response_.ssl_info), too?
           response_.headers->Update(*new_response->headers);
           if (response_.headers->HasHeaderValue("cache-control", "no-store")) {
             cache_->DoomEntry(cache_key_);