Bug 1038098: Save intermediate certificates during TLS handshake, r=keeler
authorBrian Smith <brian@briansmith.org>
Mon, 14 Jul 2014 16:43:33 -0700
changeset 215882 a6389627c3a4d841462b60223357bedc5494ebca
parent 215881 2ea91aa53633847fb32c280a079d9a958534f215
child 215883 6b9c96d0f03df82d4ffad9af8d531c667dc1f52a
push id515
push userraliiev@mozilla.com
push dateMon, 06 Oct 2014 12:51:51 +0000
treeherdermozilla-release@267c7a481bef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1038098
milestone33.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1038098: Save intermediate certificates during TLS handshake, r=keeler
security/certverifier/CertVerifier.cpp
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@@ -424,30 +424,35 @@ CertVerifier::VerifySSLServerCert(CERTCe
     *evOidPolicy = SEC_OID_UNKNOWN;
   }
 
   if (!hostname || !hostname[0]) {
     PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
     return SECFailure;
   }
 
+  ScopedCERTCertList builtChainTemp;
   // CreateCertErrorRunnable assumes that CERT_VerifyCertName is only called
   // if VerifyCert succeeded.
   SECStatus rv = VerifyCert(peerCert, certificateUsageSSLServer, time, pinarg,
-                            hostname, 0, stapledOCSPResponse, builtChain,
+                            hostname, 0, stapledOCSPResponse, &builtChainTemp,
                             evOidPolicy);
   if (rv != SECSuccess) {
     return rv;
   }
 
   rv = CERT_VerifyCertName(peerCert, hostname);
   if (rv != SECSuccess) {
     return rv;
   }
 
-  if (saveIntermediatesInPermanentDatabase && builtChain) {
-    SaveIntermediateCerts(*builtChain);
+  if (saveIntermediatesInPermanentDatabase) {
+    SaveIntermediateCerts(builtChainTemp);
+  }
+
+  if (builtChain) {
+    *builtChain = builtChainTemp.forget();
   }
 
   return SECSuccess;
 }
 
 } } // namespace mozilla::psm