Refactor EnsureOpenSSLInit and openssl_util into base

net/base/x509_certificate.h

Index: net/base/x509_certificate.h
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index 2a7e6d7225ecb2a65697df6974a66c1f7625b85a..22b1ae194985471d929ec4082510dc00af495de5 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -26,6 +26,7 @@
 #elif defined(USE_OPENSSL)
 // Forward declaration; real one in <x509.h>
 struct x509_st;
+typedef struct x509_store_st X509_STORE;
 #elif defined(USE_NSS)
 // Forward declaration; real one in <cert.h>
 struct CERTCertificateStr;
@@ -234,6 +235,12 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
   static HCERTSTORE cert_store();
 #endif
 
+#if defined(USE_OPENSSL)
+  // Returns a handle to a global, in-memory trusted root certificate store. We

[wtc, 2010/11/16 15:35:07]

Nit: is this certificate store for trusted roots only, or
does it also hold test server's certificate?

[joth, 2010/11/16 16:07:19]

The latter, but only after the test code has used this method to access the
store and inject its certs (as per the "e.g.")
Is it incorrect to term this a "root" cert?

[wtc, 2010/11/16 20:20:19]

A test server's cert is not a "root" cert.  "Root" is short
for "root CA", which is the highest CA in the certificate
chain.  A test server's cert is the lowest cert in the
certificate chain.

You should change
    trusted root certificate store
to simply
    certificate store

[joth, 2010/11/17 09:57:13]

Done.

+  // use it for test code, e.g. importing the test server's certificate.
+  static X509_STORE* cert_store();
+#endif
+
   // Verifies the certificate against the given hostname.  Returns OK if
   // successful or an error code upon failure.
   //