Don't block the UI thread for OCSP/CRLs when viewing a cert on Mac.

net/base/x509_certificate.h

Index: net/base/x509_certificate.h
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index fde9ae055d2942279349a3b8c1a14c50baf3eaaf..84c54a27d8033213289cf28d56b401261320d0ea 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -257,8 +257,30 @@ class NET_API X509Certificate
   // Do any of the given issuer names appear in this cert's chain of trust?
   bool IsIssuedBy(const std::vector<CertPrincipal>& valid_issuers);
 
-  // Creates a security policy for SSL client certificates.
-  static OSStatus CreateSSLClientPolicy(SecPolicyRef* outPolicy);
+  // Creates a security policy for SSL certificates. If |is_server| is true,
+  // the certificate(s) this policy applies to should be valid as an SSL
+  // server; otherwise, they should be valid as an SSL client certificate.
+  // If |is_server| is true, |hostname| may be optionally supplied to indicate
+  // the hostname that the policy should validate as the server. If empty, or
+  // if |is_server| is false, no name validation will occur.
+  // If a policy is successfully created, it will be stored in |*policy| and
+  // ownership transferred to the caller.
+  static OSStatus CreateSSLPolicy(bool is_server, const std::string& hostname,
+                                  SecPolicyRef* policy);
+
+  // Creates a security policy for basix X.509 validation. If the policy is

[wtc, 2011/06/03 01:58:04]

Typo: basix => basic

+  // successfully created, it will be stored in |*policy| and ownership
+  // transferred to the caller.
+  static OSStatus CreateBasicX509Policy(SecPolicyRef* policy);
+
+  // Creates security policies to control revocation checking (OCSP and CRL).
+  // If |enable_revocation_checking| is false, the policies returned will be
+  // explicitly disabled from accessing the network or the cache. This may be
+  // used to override system settings regarding revocation checking.
+  // If the policies are successfully created, they will be appended to
+  // |policies|.

[wtc, 2011/06/03 01:58:04]

Do we need to mention "and ownership transferred to the caller"?

[Ryan Sleevi, 2011/06/21 03:52:25]

I don't think so. It should be well understood that appending to a CFArray will
cause the value to be CFRetain'd (well, use the Retain callback of the array
invoked, which by default is CFRetain), so ownership transfer is implied,
similar to storing in a scoped_refptr<>*.

+  static OSStatus CreateRevocationPolicies(bool enable_revocation_checking,
+                                           CFMutableArrayRef policies);
 
   // Adds all available SSL client identity certs to the given vector.
   // |server_domain| is a hint for which domain the cert is to be sent to