Define X509Certificate::intermediate_ca_certs_ as a std::vector of

OSCertHandle so that we can also use it on Windows.

Remove the unused SSLClientSocketMac::intermediate_certs_ member.

R=hawk
BUG=28744
TEST=Can visit good HTTPS sites with no certificate errors.  Clicking
the "Certificate information" button in the page security information
window should show a complete certificate chain (as opposed to just
the server certificate).
Review URL: http://codereview.chromium.org/452042

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34175 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 1 deletions

diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index 5e085eb..ec67afa 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -286,10 +286,14 @@ X509Certificate* GetServerCert(SSLContextRef ssl_context) {
   // Add each of the intermediate certificates in the server's chain to the
   // server's X509Certificate object. This makes them available to
   // X509Certificate::Verify() for chain building.
+  // TODO(wtc): Since X509Certificate::CreateFromHandle may return a cached
+  // X509Certificate object, we may be adding intermediate CA certificates to
+  // it repeatedly!
   CFIndex certs_length = CFArrayGetCount(certs);
   for (CFIndex i = 1; i < certs_length; ++i) {
     SecCertificateRef cert_ref = reinterpret_cast<SecCertificateRef>(
         const_cast<void*>(CFArrayGetValueAtIndex(certs, i)));
+    CFRetain(cert_ref);
     x509_cert->AddIntermediateCertificate(cert_ref);
   }
 
@@ -848,7 +852,7 @@ OSStatus SSLClientSocketMac::SSLReadCallback(SSLConnectionRef connection,
 
   if (rv < 0)
     return OSStatusFromNetError(rv);
-  else if (rv == 0) // stream closed
+  else if (rv == 0)  // stream closed
     return errSSLClosedGraceful;
   else
     return noErr;