Added CreateOriginBound method to x509_certificate.h.

net/base/x509_certificate.h

Index: net/base/x509_certificate.h
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index 8e56098000e62d7727e8dd7b47c2cafcb4763b69..bef87c9c7bf6166b4f67ace1a58c14bdcecb41b9 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -202,6 +202,30 @@ class NET_API X509Certificate
                                            uint32 serial_number,
                                            base::TimeDelta valid_duration);
 
+  // Create an origin bound certificate containing the public key in |key|.
+  // Subject, web origin, serial number and validity period are given as
+  // parameters. The certificate is signed by the private key in |key|.
+  // The hashing algorithm for the signature is SHA-1.
+  //
+  // |subject| is a distinguished name defined in RFC4514.
+  //
+  // An example:
+  // CN=Michael Wong,O=FooBar Corporation,DC=foobar,DC=com
+  //
+  // SECURITY WARNING
+  //
+  // Using self-signed certificates has the following security risks:
+  // 1. Encryption without authentication and thus vulnerable to
+  //    man-in-the-middle attacks.
+  // 2. Self-signed certificates cannot be revoked.
+  //
+  // Use this certificate only after the above risks are acknowledged.

[wtc, 2011/08/04 00:37:53]

Remove the security warning (lines 215-222).  Replace it with
a reference to the origin-bound certificate Internet-Draft.

+  static X509Certificate* CreateOriginBound(crypto::RSAPrivateKey* key,
+                                            const std::string& subject,
+                                            const std::string& origin,
+                                            uint32 serial_number,
+                                            base::TimeDelta valid_duration);
+
   // Appends a representation of this object to the given pickle.
   void Persist(Pickle* pickle);