Index: net/cert/cert_verify_proc_openssl.cc |
diff --git a/net/cert/cert_verify_proc_openssl.cc b/net/cert/cert_verify_proc_openssl.cc |
index 13a19d8e16322329c01a24395f2f30ddf7c2520f..20c0ad5b1d006387a0431280f46149eac9cef376 100644 |
--- a/net/cert/cert_verify_proc_openssl.cc |
+++ b/net/cert/cert_verify_proc_openssl.cc |
@@ -109,8 +109,12 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx, |
// Set verify_result->verified_cert and |
// verify_result->is_issued_by_known_root. |
if (verified_cert) { |
- verify_result->verified_cert = |
+ scoped_refptr<X509Certificate> verified_cert_with_chain = |
X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
+ if (verified_cert_with_chain) |
+ verify_result->verified_cert = std::move(verified_cert_with_chain); |
+ else |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
// For OpenSSL builds, only certificates used for unit tests are treated |
// as not issued by known roots. The only way to determine whether a |