Make OpenSSL UpdateServerCert() OS independent.
UpdateServerCert currently creates the server cert chain
directly from the openssl struct X509. This works since
OSCertHandle currently is an OpenSSL X509 struct when
OpenSSL is used on Android and Linux.
This patch makes the UpdateServerCert() OS independent by creating
the X509Certificate from DER data instead of OSCertHandle to make
it compile on the other platforms when USE_OPENSSL is off.
Keep the USE_OPENSSL code to avoid converting back and forth
between X509 and DER twice and OsCertHandle is X509.
I see that there is a DER cache in x509_certificate_openssl.cc
which could have simplified the patch a bit. However, if I understand
a comment correctly, it shouldn't be mixed with certificates that comes
from network, which is the case here. Also, that API is not exposed.
Also remove some unused NSS code from x509_certificate_mac.cc.
Review URL: https://codereview.chromium.org/173853014
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257449 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
index 0fc9cbe2..8952fef 100644
--- a/net/socket/ssl_client_socket_openssl.h
+++ b/net/socket/ssl_client_socket_openssl.h
@@ -92,7 +92,13 @@
virtual bool SetReceiveBufferSize(int32 size) OVERRIDE;
virtual bool SetSendBufferSize(int32 size) OVERRIDE;
+ protected:
+ // SSLClientSocket implementation.
+ virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain()
+ const OVERRIDE;
+
private:
+ class PeerCertificateChain;
class SSLContext;
friend class SSLClientSocket;
friend class SSLContext;
@@ -176,6 +182,7 @@
int transport_write_error_;
// Set when handshake finishes.
+ scoped_ptr<PeerCertificateChain> server_cert_chain_;
scoped_refptr<X509Certificate> server_cert_;
CertVerifyResult server_cert_verify_result_;
bool completed_handshake_;
