Implement SSL certificate error handling on the Mac. If the user gives...

net/http/http_network_transaction.cc

 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include "base/scoped_ptr.h"
 #include "base/compiler_specific.h"
 #include "base/field_trial.h"
 #include "base/string_util.h"
@@ skipping 1360 matching lines @@
 
   if (error != OK) {
     SSLClientSocket* ssl_socket =
         reinterpret_cast<SSLClientSocket*>(connection_.socket());
     ssl_socket->GetSSLInfo(&response_.ssl_info);
 
     // Add the bad certificate to the set of allowed certificates in the
     // SSL info object. This data structure will be consulted after calling
     // RestartIgnoringLastError(). And the user will be asked interactively
     // before RestartIgnoringLastError() is ever called.
-    ssl_config_.allowed_bad_certs_.insert(response_.ssl_info.cert);
+    SSLConfig::CertAndStatus bad_cert;
+    bad_cert.cert = response_.ssl_info.cert;
+    bad_cert.cert_status = response_.ssl_info.cert_status;
+    ssl_config_.allowed_bad_certs.push_back(bad_cert);
   }
   return error;
 }
 
 int HttpNetworkTransaction::HandleCertificateRequest(int error) {
   // Assert that the socket did not send a client certificate.
   // Note: If we got a reused socket, it was created with some other
   // transaction's ssl_config_, so we need to disable this assertion.  We can
   // get a certificate request on a reused socket when the server requested
   // renegotiation (rehandshake).
@@ skipping 435 matching lines @@
     host_and_port = proxy_info_.proxy_server().host_and_port();
   } else {
     DCHECK(target == HttpAuth::AUTH_SERVER);
     host_and_port = GetHostAndPort(request_->url);
   }
   auth_info->host_and_port = ASCIIToWide(host_and_port);
   response_.auth_challenge = auth_info;
 }
 
 }  // namespace net