Don't use X509Certificate in SSLConfig.

net/base/ssl_config_service.h

Index: net/base/ssl_config_service.h
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 2b2e28a70cf331cf8748820c6c3d5a359426fef8..0ad0e92adb85a00ad252f9df31f6d10af3ce9b19 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -27,6 +27,7 @@ struct NET_API SSLConfig {
   // The expected cert status is written to |cert_status|. |*cert_status| can
   // be NULL if user doesn't care about the cert status.
   bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const;
+  bool IsAllowedBadCert(const std::string& cert_der, int* cert_status) const;

[wtc, 2011/07/19 21:57:01]

Please document the new IsAllowedBadCert variant.

It may be better to use const StringPiece& instead of
const std::string&.  This may allow us to avoid copying
in some cases.

I assume it is fine to use function overloading here even
though the Style Guide recommends against it in general:
http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Overl...

Nit: please name the argument "der_cert".  The full
description is "DER encoded certificate", so "der_cert" is
closer to that than "cert_der".  Please do this renaming
throughout the CL, at least in the files under src/net.

If the renaming requires changing too many files, don't do
it.

[Sergey Ulanov, 2011/07/19 23:50:21]

Done.

 
   bool rev_checking_enabled;  // True if server certificate revocation
                               // checking is enabled.
@@ -67,7 +68,7 @@ struct NET_API SSLConfig {
     CertAndStatus();
     ~CertAndStatus();
 
-    scoped_refptr<X509Certificate> cert;
+    std::string cert_der;
     int cert_status;
   };