diff options
Diffstat (limited to 'chromeos/network')
-rw-r--r-- | chromeos/network/client_cert_resolver.cc | 7 | ||||
-rw-r--r-- | chromeos/network/client_cert_util.cc | 8 |
2 files changed, 9 insertions, 6 deletions
diff --git a/chromeos/network/client_cert_resolver.cc b/chromeos/network/client_cert_resolver.cc index 52c6612a..dd66e94 100644 --- a/chromeos/network/client_cert_resolver.cc +++ b/chromeos/network/client_cert_resolver.cc @@ -30,6 +30,7 @@ #include "chromeos/tpm_token_loader.h" #include "components/onc/onc_constants.h" #include "dbus/object_path.h" +#include "net/cert/scoped_nss_types.h" #include "net/cert/x509_certificate.h" namespace chromeos { @@ -147,15 +148,15 @@ void FindCertificateMatches(const net::CertificateList& certs, !HasPrivateKey(cert)) { continue; } - net::X509Certificate::OSCertHandle issuer_handle = - CERT_FindCertIssuer(cert.os_cert_handle(), PR_Now(), certUsageAnyCA); + net::ScopedCERTCertificate issuer_handle( + CERT_FindCertIssuer(cert.os_cert_handle(), PR_Now(), certUsageAnyCA)); if (!issuer_handle) { LOG(ERROR) << "Couldn't find an issuer."; continue; } scoped_refptr<net::X509Certificate> issuer = net::X509Certificate::CreateFromHandle( - issuer_handle, + issuer_handle.get(), net::X509Certificate::OSCertHandles() /* no intermediate certs */); if (!issuer) { LOG(ERROR) << "Couldn't create issuer cert."; diff --git a/chromeos/network/client_cert_util.cc b/chromeos/network/client_cert_util.cc index a7ece77..c62c9ab 100644 --- a/chromeos/network/client_cert_util.cc +++ b/chromeos/network/client_cert_util.cc @@ -16,6 +16,7 @@ #include "net/base/net_errors.h" #include "net/cert/cert_database.h" #include "net/cert/nss_cert_database.h" +#include "net/cert/scoped_nss_types.h" #include "net/cert/x509_cert_types.h" #include "net/cert/x509_certificate.h" #include "third_party/cros_system_api/dbus/service_constants.h" @@ -71,14 +72,15 @@ class IssuerCaFilter { // Find the certificate issuer for each certificate. // TODO(gspencer): this functionality should be available from // X509Certificate or NSSCertDatabase. - CERTCertificate* issuer_cert = CERT_FindCertIssuer( - cert.get()->os_cert_handle(), PR_Now(), certUsageAnyCA); + net::ScopedCERTCertificate issuer_cert(CERT_FindCertIssuer( + cert.get()->os_cert_handle(), PR_Now(), certUsageAnyCA)); if (!issuer_cert) return true; std::string pem_encoded; - if (!net::X509Certificate::GetPEMEncoded(issuer_cert, &pem_encoded)) { + if (!net::X509Certificate::GetPEMEncoded(issuer_cert.get(), + &pem_encoded)) { LOG(ERROR) << "Couldn't PEM-encode certificate."; return true; } |