From 09a1bd76e3fd08b2ba0035af7ee2f0b60661174b Mon Sep 17 00:00:00 2001 From: "wtc@chromium.org" Date: Thu, 29 Jan 2009 03:25:04 +0000 Subject: Work around our not caching the intermediate CA certificates by passing the source of each OSCertHandle to CreateFromHandle and the X509Certificate constructor. If the OSCertHandle comes from the network layer, we know it has a complete certificate chain and therefore prefer it to an OSCertHandle that comes from the HTTP cache, which doesn't have the intermediate CA certificates. A certificate from the network layer can kick out a certificate from the HTTP cache in our certificate cache. This workaround seems good enough to fix all the known symptoms of not caching the intermediate CA certificates. Move the common code in x509_certificate_.cc to x509_certificate.cc. R=eroman BUG=3154,7065 Review URL: http://codereview.chromium.org/18836 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8864 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/ssl_client_socket_win.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'net/base/ssl_client_socket_win.cc') diff --git a/net/base/ssl_client_socket_win.cc b/net/base/ssl_client_socket_win.cc index beeaba9..1f4c314 100644 --- a/net/base/ssl_client_socket_win.cc +++ b/net/base/ssl_client_socket_win.cc @@ -359,7 +359,8 @@ void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) { if (status == SEC_E_OK) { DCHECK(server_cert_); PCCERT_CONTEXT dup_cert = CertDuplicateCertificateContext(server_cert_); - ssl_info->cert = X509Certificate::CreateFromHandle(dup_cert); + ssl_info->cert = X509Certificate::CreateFromHandle( + dup_cert, X509Certificate::SOURCE_FROM_NETWORK); } SecPkgContext_ConnectionInfo connection_info; status = QueryContextAttributes(&ctxt_, -- cgit v1.1