diff options
| author | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-27 22:28:38 +0000 |
|---|---|---|
| committer | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-27 22:28:38 +0000 |
| commit | 3b6df02b2e61bc50ac3e4969c131616d71f91865 (patch) | |
| tree | 19b00ed29942a536c1f90351331f844fcddce652 /net/socket | |
| parent | 6f3dab611441615e2ac49f8e31701dac4b32d785 (diff) | |
| download | chromium_src-3b6df02b2e61bc50ac3e4969c131616d71f91865.zip chromium_src-3b6df02b2e61bc50ac3e4969c131616d71f91865.tar.gz chromium_src-3b6df02b2e61bc50ac3e4969c131616d71f91865.tar.bz2 | |
Use X509_STORE_CTX::untrusted, not X509_STORE_CTX::chain in CertVerifyCallback.
The latter is always NULL since the certificate chain hasn't been verified yet.
BUG=375821
TEST=Visit https://www.imperialviolet.org/2014/03/03/triplehandshake.html on
Android; image still doesn't load.
TEST=Visit https://scripts.mit.edu:444/__scripts/certerror. Tap 'Cancel' on
the certificate prompt. Hit 'More' on the error page. Should show
ERR_SSL_PROTOCOL_ERROR, not ERR_SSL_SERVER_CERT_CHANGED.
Review URL: https://codereview.chromium.org/300103011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@273055 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 7bf24c6..4ff8d43 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -1370,7 +1370,7 @@ int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) { CHECK(server_cert_.get()); - PeerCertificateChain chain(store_ctx->chain); + PeerCertificateChain chain(store_ctx->untrusted); if (chain.IsValid() && server_cert_->Equals(chain.AsOSChain())) return 1; |