Instantiate OriginBoundCertService in relevant places and do plumbing to pass it down to HttpNetw...

chrome/browser/profiles/off_the_record_profile_io_data.cc

Index: chrome/browser/profiles/off_the_record_profile_io_data.cc
===================================================================
--- chrome/browser/profiles/off_the_record_profile_io_data.cc	(revision 94628)
+++ chrome/browser/profiles/off_the_record_profile_io_data.cc	(working copy)
@@ -19,6 +19,8 @@
 #include "chrome/common/url_constants.h"
 #include "content/browser/browser_thread.h"
 #include "content/browser/resource_context.h"
+#include "net/base/default_origin_bound_cert_store.h"
+#include "net/base/origin_bound_cert_service.h"
 #include "net/ftp/ftp_network_layer.h"
 #include "net/http/http_cache.h"
 #include "webkit/database/database_tracker.h"
@@ -161,6 +163,11 @@
   main_context->set_dns_cert_checker(dns_cert_checker());
   main_context->set_proxy_service(proxy_service());
 
+  // For incognito, we use a non-persistent origin bound cert store.
+  main_context->set_origin_bound_cert_service(
+      new net::OriginBoundCertService(
+          new net::DefaultOriginBoundCertStore(NULL)));

[wtc, 2011/08/08 22:49:20]

BUG: I believe this origin-bound cert service (for incognito)
is leaked because it is not owned by anything.

I think the fix is to let OffTheRecordProfileIOData own this
origin-bound cert service.

+
   main_context->set_cookie_store(
       new net::CookieMonster(NULL, profile_params->cookie_monster_delegate));
   // All we care about for extensions is the cookie store. For incognito, we
@@ -179,6 +186,7 @@
   net::HttpCache* cache =
       new net::HttpCache(main_context->host_resolver(),
                          main_context->cert_verifier(),
+                         main_context->origin_bound_cert_service(),
                          main_context->dnsrr_resolver(),
                          main_context->dns_cert_checker(),
                          main_context->proxy_service(),