Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1184)

Unified Diff: net/base/cert_database_nss.cc

Issue 10160007: Parse an application/x-x509-user-cert response with (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Add back a blank line deleted by accident Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/base/cert_database_nss.cc
===================================================================
--- net/base/cert_database_nss.cc (revision 133822)
+++ net/base/cert_database_nss.cc (working copy)
@@ -38,6 +38,9 @@
}
int CertDatabase::CheckUserCert(X509Certificate* cert_obj) {
+ // TODO(wtc) a null cert_obj means we could not decode the
+ // application/x-x509-user-cert response. Should we check that
+ // here or in the caller?
Ryan Sleevi 2012/04/27 00:55:48 Presuming a CertificateList, I would assume it's t
if (!cert_obj)
return ERR_CERT_INVALID;
if (cert_obj->HasExpired())
@@ -76,6 +79,17 @@
LOG(ERROR) << "Couldn't import user certificate.";
return ERR_ADD_USER_CERT_FAILED;
}
+ const X509Certificate::OSCertHandles& intermediate_certs =
+ cert_obj->GetIntermediateCertificates();
+ for (size_t i = 0; i < intermediate_certs.size(); ++i) {
+ CERTCertificate* intermediate_cert = intermediate_certs[i];
+ // TODO(wtc): skip intermediate_cert if it is a self-signed root cert?
+ // It is not useful to import a root cert without trust settings.
+ char* nickname = CERT_MakeCANickname(intermediate_cert);
+ PK11_ImportCert(slot, intermediate_cert, CK_INVALID_HANDLE, nickname,
Ryan Sleevi 2012/04/27 00:55:48 This is quite dangerous for Linux, in that non-lib
wtc 2012/04/27 21:16:50 We can copy Firefox's behavior. This means if cli
Ryan Sleevi 2012/04/27 21:24:21 What Firefox does is described in my previous comm
+ PR_FALSE);
+ PORT_Free(nickname);
+ }
PK11_FreeSlot(slot);
CertDatabase::NotifyObserversOfUserCertAdded(cert_obj);
return OK;

Powered by Google App Engine
This is Rietveld 408576698