Revert my last commit 'cause it breaks net unit tests on OS X 10.6 :(

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40743 0039d316-1c4b-4281-b951-d872f2087c98
author: snej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-03-05 17:17:57 +0000
committer: snej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-03-05 17:17:57 +0000
commit: 207c678c4692c9dfec3e34c0d206f2ee1b2fbb6a (patch)
tree: a2017eddab0bbb8713ddfd9c1473dd81e557ec4f /net/socket/ssl_client_socket_nss.cc
parent: 76964955a0fc995d7a0c95feaeaa17891eab2205 (diff)
download: chromium_src-207c678c4692c9dfec3e34c0d206f2ee1b2fbb6a.zip
chromium_src-207c678c4692c9dfec3e34c0d206f2ee1b2fbb6a.tar.gz
chromium_src-207c678c4692c9dfec3e34c0d206f2ee1b2fbb6a.tar.bz2
1 files changed, 21 insertions, 26 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 30566b3..52dc09e 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -595,11 +595,24 @@ X509Certificate *SSLClientSocketNSS::UpdateServerCert() {
       if (!cert_store_)
         cert_store_ = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, 0, NULL);
 
-      // Get each of the intermediate certificates in the server's chain.
-      // These will be added to the server's X509Certificate object, making
-      // them available to X509Certificate::Verify() for chain building.
-      X509Certificate::OSCertHandles intermediate_ca_certs;
       PCCERT_CONTEXT cert_context = NULL;
+      BOOL ok = CertAddEncodedCertificateToStore(
+          cert_store_,
+          X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+          server_cert_nss_->derCert.data,
+          server_cert_nss_->derCert.len,
+          CERT_STORE_ADD_USE_EXISTING,
+          &cert_context);
+      DCHECK(ok);
+      server_cert_ = X509Certificate::CreateFromHandle(
+          cert_context, X509Certificate::SOURCE_FROM_NETWORK);
+
+      // Add each of the intermediate certificates in the server's chain to
+      // the server's X509Certificate object. This makes them available to
+      // X509Certificate::Verify() for chain building.
+      // TODO(wtc): Since X509Certificate::CreateFromHandle may return a
+      // cached X509Certificate object, we may be adding intermediate CA
+      // certificates to it repeatedly!
       CERTCertList* cert_list = CERT_GetCertChainFromCert(
           server_cert_nss_, PR_Now(), certUsageSSLCA);
       if (cert_list) {
@@ -607,7 +620,7 @@ X509Certificate *SSLClientSocketNSS::UpdateServerCert() {
              !CERT_LIST_END(node, cert_list);
              node = CERT_LIST_NEXT(node)) {
           cert_context = NULL;
-          BOOL ok = CertAddEncodedCertificateToStore(
+          ok = CertAddEncodedCertificateToStore(
               cert_store_,
               X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
               node->cert->derCert.data,
@@ -616,31 +629,14 @@ X509Certificate *SSLClientSocketNSS::UpdateServerCert() {
               &cert_context);
           DCHECK(ok);
           if (node->cert != server_cert_nss_)
-            intermediate_ca_certs.push_back(cert_context);
+            server_cert_->AddIntermediateCertificate(cert_context);
         }
         CERT_DestroyCertList(cert_list);
       }
-
-      // Finally create the X509Certificate object.
-      BOOL ok = CertAddEncodedCertificateToStore(
-          cert_store_,
-          X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-          server_cert_nss_->derCert.data,
-          server_cert_nss_->derCert.len,
-          CERT_STORE_ADD_USE_EXISTING,
-          &cert_context);
-      DCHECK(ok);
-      server_cert_ = X509Certificate::CreateFromHandle(
-          cert_context,
-          X509Certificate::SOURCE_FROM_NETWORK,
-          intermediate_ca_certs);
-      for (size_t i = 0; i < intermediate_ca_certs.size(); ++i)
-        CertFreeCertificateContext(intermediate_ca_certs[i]);
 #else
       server_cert_ = X509Certificate::CreateFromHandle(
           CERT_DupCertificate(server_cert_nss_),
-          X509Certificate::SOURCE_FROM_NETWORK,
-          X509Certificate::OSCertHandles());
+          X509Certificate::SOURCE_FROM_NETWORK);
 #endif
     }
   }
@@ -1143,8 +1139,7 @@ SECStatus SSLClientSocketNSS::ClientAuthHandler(
         privkey = PK11_FindKeyByAnyCert(cert, wincx);
         if (privkey) {
           X509Certificate* x509_cert = X509Certificate::CreateFromHandle(
-              cert, X509Certificate::SOURCE_LONE_CERT_IMPORT,
-              net::X509Certificate::OSCertHandles());
+              cert, X509Certificate::SOURCE_LONE_CERT_IMPORT);
           that->client_certs_.push_back(x509_cert);
           SECKEY_DestroyPrivateKey(privkey);
           continue;
author	snej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-03-05 17:17:57 +0000
committer	snej@chromium.org <snej@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-03-05 17:17:57 +0000
commit	207c678c4692c9dfec3e34c0d206f2ee1b2fbb6a (patch)
tree	a2017eddab0bbb8713ddfd9c1473dd81e557ec4f /net/socket/ssl_client_socket_nss.cc
parent	76964955a0fc995d7a0c95feaeaa17891eab2205 (diff)
download	chromium_src-207c678c4692c9dfec3e34c0d206f2ee1b2fbb6a.zip chromium_src-207c678c4692c9dfec3e34c0d206f2ee1b2fbb6a.tar.gz chromium_src-207c678c4692c9dfec3e34c0d206f2ee1b2fbb6a.tar.bz2