Index: net/cert/cert_verify_proc_ios.cc |
diff --git a/net/cert/cert_verify_proc_ios.cc b/net/cert/cert_verify_proc_ios.cc |
index 84ecd2aea84ba31730c706d83dc16c03ed414667..527326e6bb86bc18c57d18da3ae9dfae84038978 100644 |
--- a/net/cert/cert_verify_proc_ios.cc |
+++ b/net/cert/cert_verify_proc_ios.cc |
@@ -116,12 +116,16 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) { |
} |
std::string der_bytes; |
- if (!X509Certificate::GetDEREncoded(chain_cert, &der_bytes)) |
+ if (!X509Certificate::GetDEREncoded(chain_cert, &der_bytes)) { |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
return; |
+ } |
base::StringPiece spki_bytes; |
- if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) |
- continue; |
+ if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) { |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
+ return; |
+ } |
HashValue sha1(HASH_VALUE_SHA1); |
CC_SHA1(spki_bytes.data(), spki_bytes.size(), sha1.data()); |
@@ -139,11 +143,16 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) { |
} |
if (!verified_cert) { |
NOTREACHED(); |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
eroman
2017/03/24 22:07:23
I don't know about this one, as reaching it means
mattm
2017/03/27 23:24:37
Yeah, on this and the mac one, due to the presence
|
return; |
} |
- verify_result->verified_cert = |
+ scoped_refptr<X509Certificate> verified_cert_with_chain = |
X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
+ if (verified_cert_with_chain) |
+ verify_result->verified_cert = std::move(verified_cert_with_chain); |
+ else |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
} |
} // namespace |