net: enable CRL sets behind a command line flag.

net/base/cert_verifier.h

Index: net/base/cert_verifier.h
diff --git a/net/base/cert_verifier.h b/net/base/cert_verifier.h
index 5ad64b03c21e38ed6e124bb5fab82b4c81397a0d..ca1d33c44363ff488bb3ef22c704b168bea91af0 100644
--- a/net/base/cert_verifier.h
+++ b/net/base/cert_verifier.h
@@ -24,6 +24,7 @@ namespace net {
 class BoundNetLog;
 class CertVerifierJob;
 class CertVerifierWorker;
+class CRLSet;
 class X509Certificate;
 
 // CachedCertVerifyResult contains the result of a certificate verification.
@@ -87,6 +88,9 @@ class NET_EXPORT CertVerifier : NON_EXPORTED_BASE(public base::NonThreadSafe),
   // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation
   // checking is performed.
   //
+  // |crl_set| points to an optional CRLSet structure which can be used to
+  // avoid revocation checks over the network.

[wtc, 2011/10/25 01:25:35]

Move this paragraph after the next paragraph because the
next paragraph is still describing |flags|.

[agl, 2011/10/25 14:55:58]

Done.

+  //
   // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is
   // performed.  If |flags| is VERIFY_EV_CERT (that is,
   // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will
@@ -102,6 +106,7 @@ class NET_EXPORT CertVerifier : NON_EXPORTED_BASE(public base::NonThreadSafe),
   int Verify(X509Certificate* cert,
              const std::string& hostname,
              int flags,
+             CRLSet* crl_set,
              CertVerifyResult* verify_result,
              const CompletionCallback& callback,
              RequestHandle* out_req,
@@ -202,6 +207,7 @@ class SingleRequestCertVerifier {
   int Verify(X509Certificate* cert,
              const std::string& hostname,
              int flags,
+             CRLSet* crl_set,
              CertVerifyResult* verify_result,
              const CompletionCallback& callback,
              const BoundNetLog& net_log);