Bug 1038098: Save intermediate certificates during TLS handshake, r=keeler

--HG-- extra : rebase_source : 99e2551e78bc8eac91174e5320c15623ede26642 extra : histedit_source : c4af1c24b95b1b3c8a86d06575645b6ffc5308a6
2014-07-14 16:43:33 -07:00 · 2014-07-14 16:43:33 -07:00 · 7cd854102a
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@ -429,10 +429,11 @@ CertVerifier::VerifySSLServerCert(CERTCertificate* peerCert,
    return SECFailure;
  }

+  ScopedCERTCertList builtChainTemp;
  // CreateCertErrorRunnable assumes that CERT_VerifyCertName is only called
  // if VerifyCert succeeded.
  SECStatus rv = VerifyCert(peerCert, certificateUsageSSLServer, time, pinarg,
-                            hostname, 0, stapledOCSPResponse, builtChain,
+                            hostname, 0, stapledOCSPResponse, &builtChainTemp,
                            evOidPolicy);
  if (rv != SECSuccess) {
    return rv;
@ -443,8 +444,12 @@ CertVerifier::VerifySSLServerCert(CERTCertificate* peerCert,
    return rv;
  }

-  if (saveIntermediatesInPermanentDatabase && builtChain) {
-    SaveIntermediateCerts(*builtChain);
+  if (saveIntermediatesInPermanentDatabase) {
+    SaveIntermediateCerts(builtChainTemp);
+  }
+
+  if (builtChain) {
+    *builtChain = builtChainTemp.forget();
  }

  return SECSuccess;