net: enable CRL sets behind a command line flag.

net/base/cert_verifier.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_CERT_VERIFIER_H_
 #define NET_BASE_CERT_VERIFIER_H_
 #pragma once
 
 #include <map>
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time.h"
 #include "net/base/cert_database.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/completion_callback.h"
 #include "net/base/net_export.h"
 #include "net/base/x509_cert_types.h"
 
 namespace net {
 
 class BoundNetLog;
 class CertVerifierJob;
 class CertVerifierWorker;
+class CRLSet;
 class X509Certificate;
 
 // CachedCertVerifyResult contains the result of a certificate verification.
 struct CachedCertVerifyResult {
   CachedCertVerifyResult();
   ~CachedCertVerifyResult();
 
   // Returns true if |current_time| is greater than or equal to |expiry|.
   bool HasExpired(base::Time current_time) const;
 
@@ skipping 58 matching lines @@
   // |callback| must not be null.  ERR_IO_PENDING is returned if the operation
   // could not be completed synchronously, in which case the result code will
   // be passed to the callback when available.
   //
   // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to
   // the async request. This handle is not valid after the request has
   // completed.
   int Verify(X509Certificate* cert,
              const std::string& hostname,
              int flags,
+             CRLSet* crl_set,

[wtc, 2011/10/21 23:17:31]

Please document the new |crl_set| parameter.  You can just copy
the comment from x509_certificate.h.

[agl, 2011/10/24 20:44:27]

Done.

              CertVerifyResult* verify_result,
              const CompletionCallback& callback,
              RequestHandle* out_req,
              const BoundNetLog& net_log);
 
   // Cancels the specified request. |req| is the handle returned by Verify().
   // After a request is canceled, its completion callback will not be called.
   void CancelRequest(RequestHandle req);
 
   // Clears the verification result cache.
@@ skipping 80 matching lines @@
   // If a completion callback is pending when the verifier is destroyed, the
   // certificate verification is canceled, and the completion callback will
   // not be called.
   ~SingleRequestCertVerifier();
 
   // Verifies the given certificate, filling out the |verify_result| object
   // upon success. See CertVerifier::Verify() for details.
   int Verify(X509Certificate* cert,
              const std::string& hostname,
              int flags,
+             CRLSet* crl_set,
              CertVerifyResult* verify_result,
              const CompletionCallback& callback,
              const BoundNetLog& net_log);
 
  private:
   // Callback for when the request to |cert_verifier_| completes, so we
   // dispatch to the user's callback.
   void OnVerifyCompletion(int result);
 
   // The actual certificate verifier that will handle the request.
   CertVerifier* const cert_verifier_;
 
   // The current request (if any).
   CertVerifier::RequestHandle cur_request_;
   CompletionCallback cur_request_callback_;
 
   DISALLOW_COPY_AND_ASSIGN(SingleRequestCertVerifier);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_CERT_VERIFIER_H_