Add X509Certificate::CloneWithDifferentIntermediates method
In certificate verification and client cert matching we need to create a new X509Certificate object for the same leaf cert but with a different intermediate list. Change from re-parsing the leaf cert into a new X509Certificate object to cloning the existing X509Certificate object just with a different intermediates list. This is a bit more efficient and avoids any concern over whether re-parsing the leaf could fail (if different UnsafeCreateOptions were used when reparsing). In the case of CertVerifyProcBuiltin, the certificate was being reparsed without specifying UnsafeCreateOptions, which means it could fail if the certificate that was passed into the verifier was itself parsed with UnsafeCreateOptions. Hopefully this should never actually happen (they're only supposed to be used with client certs), but switching this avoids having to consider whether or not that can fail. Bug: 1439776 Change-Id: I01a3604c13645f64ec7d7c2caeb18a6c3effa8ca Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4546017 Reviewed-by:David Benjamin <davidben@chromium.org> Commit-Queue: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/main@{#1147342}
Loading
Please register or sign in to comment