From 7cd854102a9d16cb63645f4bc13c78887f83ff9b Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@briansmith.org>
Date: Mon, 14 Jul 2014 16:43:33 -0700
Subject: [PATCH] Bug 1038098: Save intermediate certificates during TLS
 handshake, r=keeler

--HG--
extra : rebase_source : 99e2551e78bc8eac91174e5320c15623ede26642
extra : histedit_source : c4af1c24b95b1b3c8a86d06575645b6ffc5308a6
---
 security/certverifier/CertVerifier.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/security/certverifier/CertVerifier.cpp b/security/certverifier/CertVerifier.cpp
index e7290884b5b3..3068ef51a834 100644
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@@ -429,10 +429,11 @@ CertVerifier::VerifySSLServerCert(CERTCertificate* peerCert,
     return SECFailure;
   }
 
+  ScopedCERTCertList builtChainTemp;
   // CreateCertErrorRunnable assumes that CERT_VerifyCertName is only called
   // if VerifyCert succeeded.
   SECStatus rv = VerifyCert(peerCert, certificateUsageSSLServer, time, pinarg,
-                            hostname, 0, stapledOCSPResponse, builtChain,
+                            hostname, 0, stapledOCSPResponse, &builtChainTemp,
                             evOidPolicy);
   if (rv != SECSuccess) {
     return rv;
@@ -443,8 +444,12 @@ CertVerifier::VerifySSLServerCert(CERTCertificate* peerCert,
     return rv;
   }
 
-  if (saveIntermediatesInPermanentDatabase && builtChain) {
-    SaveIntermediateCerts(*builtChain);
+  if (saveIntermediatesInPermanentDatabase) {
+    SaveIntermediateCerts(builtChainTemp);
+  }
+
+  if (builtChain) {
+    *builtChain = builtChainTemp.forget();
   }
 
   return SECSuccess;