net: enable CRL sets behind a command line flag.

net/base/x509_certificate.h

Index: net/base/x509_certificate.h
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index 94a6f4a93f5b9b4fa821744b3871c8c5bbddf13b..1c965a619606ce4155db6b080a4d4cacc45a49e9 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -44,6 +44,7 @@ class RSAPrivateKey;
 
 namespace net {
 
+class CRLSet;
 class CertVerifyResult;
 
 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
@@ -320,9 +321,13 @@ class NET_EXPORT X509Certificate
   // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation
   // checking is performed.  If VERIFY_EV_CERT is set in |flags| too,
   // EV certificate verification is performed.
+  //
+  // |crl_set| points to an optional CRLSet structure which can be used to
+  // avoid revocation checks over the network.
   int Verify(const std::string& hostname,
              int flags,
-             CertVerifyResult* verify_result) const;
+             CertVerifyResult* verify_result,
+             CRLSet* crl_set) const;

[wtc, 2011/10/21 23:17:31]

List |crl_set| (an input) before |verify_result| (the output).

Make the same change to VerifyInternal below.

[agl, 2011/10/24 20:44:27]

Done.

 
   // Verifies that |hostname| matches this certificate.
   // Does not verify that the certificate is valid, only that the certificate
@@ -416,7 +421,8 @@ class NET_EXPORT X509Certificate
   // Parameters and return value are as per Verify().
   int VerifyInternal(const std::string& hostname,
                      int flags,
-                     CertVerifyResult* verify_result) const;
+                     CertVerifyResult* verify_result,
+                     CRLSet* crl_set) const;
 
   // The serial number, DER encoded.
   // NOTE: keep this method private, used by IsBlacklisted only.  To simplify